07-16-2012 07:42 AM - edited 03-04-2019 04:58 PM
We are an ISP and we are trying to give internet access to a client via BGP. The client already has a primary connection with AT&T and is using our service as a backup. We have a complete routing table in our router and we are only giving the client 4 networks which they desire via a route-map. For discussion sake lets say our ASN number is 40000 the client ASN number is 27000. Our router ip is 10.156.130.91 and the client is 10.156.130.81. Ping is working fine and the BGP state is established but when the client brings down their primary internet connection with AT&T they are unable to route outside and get a message expired in transit from the 130.91 ip address. Our config is as follows:
router bgp 40000
bgp log-neighbor-changes
neighbor 10.156.130.81 remote-as 27309
neighbor 10.156.130.81 route-map rm_peer_3_in in
neighbor 10.156.130.81 route-map rm_peer_3_out out
neighbor 10.156.130.100 remote-as 40725
!
ip prefix-list pl_peer_3_in seq 5 permit 12.132.104.0/24
ip prefix-list pl_peer_3_in seq 10 permit 12.208.151.0/24
ip prefix-list pl_peer_3_in seq 15 permit 76.233.231.0/24
ip prefix-list pl_peer_3_in seq 20 permit 69.0.104.0/24
ip prefix-list pl_peer_3_in seq 21 permit 0.0.0.0/32
ip prefix-list pl_peer_3_in seq 25 deny any
ip prefix-list pl_peer_3_out seq 5 permit 12.132.104.0/24
ip prefix-list pl_peer_3_out seq 10 permit 12.208.151.0/24
ip prefix-list pl_peer_3_out seq 15 permit 76.233.231.0/24
ip prefix-list pl_peer_3_out seq 20 permit 69.0.104.0/24
ip prefix-list pl_peer_3_out seq 21 permit 0.0.0.0/32
ip prefix-list pl_peer_3_out seq 25 deny any
!
route-map rm_peer_3_out permit 5
match ip address prefix-list pl_peer_3_out
!
route-map rm_peer_3_in permit 5
match ip address prefix-list pl_peer_3_in
The client configuration is:
interface FastEthernet0/0/0
ip address 10.156.130.81 255.255.255.192
duplex auto
speed auto
router bgp 27000
no synchronization
bgp log-neighbor-changes
bgp inject-map ORIGINATE exist-map LEARNED_ROUTE
network 12.132.104.0 mask 255.255.255.0
network 12.132.104.0 mask 255.255.255.128
network 12.208.151.0 mask 255.255.255.128
network 69.0.104.0 mask 255.255.255.0
network 76.233.231.0 mask 255.255.255.0
aggregate-address 69.0.104.0 255.255.255.0 summary-only
aggregate-address 12.208.151.0 255.255.255.0 summary-only
aggregate-address 12.132.104.0 255.255.255.0 summary-only
neighbor 12.91.XX.YYY remote-as 7000
neighbor 12.91.XX.YYY weight 10
neighbor 12.91.XX.YYY route-map ATT_NO_EXPORT in
neighbor 10.156.130.91 remote-as 40000
neighbor 10.156.130.91 send-community
neighbor 10.156.130.91 distribute-list 6 out
neighbor 10.156.130.91 route-map Backup in
neighbor 10.156.130.91 route-map Comcast-Community out
neighbor 10.156.130.91 advertise-map ADV non-exist-map NONEXIST
neighbor 10.156.130.91 ebgp-multihop 255
no auto-summary
!
no ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 10.156.130.91 30
ip route 192.168.40.0 255.255.255.0 76.233.231.3 permanent
no ip http server
no ip http secure-server
!
ip bgp-community new-format
!
ip prefix-list ROUTE seq 5 permit 0.0.0.0/0
!
ip prefix-list ROUTE_SOURCE seq 5 permit 12.91.XX.YYY/32
!
ip prefix-list UNAGGREGATED_ROUTES seq 5 permit 1.1.1.1/32
!
access-list 1 permit any
access-list 2 deny any
access-list 3 permit any
access-list 5 permit 1.1.1.1
access-list 6 permit 12.132.104.0 0.0.0.255
access-list 6 permit 69.0.104.0 0.0.0.255
access-list 6 permit 12.208.151.0 0.0.0.255
access-list 6 permit 76.233.231.0 0.0.0.255
!
!
!
!
route-map NONEXIST permit 10
match ip address 5
!
route-map Backup permit 10
match ip address 1
set community no-export
!
route-map Comcast-Community permit 10
match ip address 3
set community 7922:100
!
route-map ATT_NO_EXPORT permit 10
match ip address 1
set community no-export
!
route-map ORIGINATE permit 10
set ip address prefix-list UNAGGREGATED_ROUTES
!
route-map LEARNED_ROUTE permit 10
match ip address prefix-list ROUTE
match ip route-source prefix-list ROUTE_SOURCE
!
route-map ADV permit 10
match ip address 6
!
route-map AS-PREPEND permit 10
match ip address 1
set as-path prepend 27000 27000 27000 27000
Solved! Go to Solution.
07-16-2012 10:24 AM
Hello Faze1sari,
they (the customer) have to advertise to you their public IP networks, how can routing on the return path work when the primary ISP is failed?
This is the basic idea of BGP multihoming
the prefix list in 'in' direction should list different IP subnets then the other one as far as I can understand. However, I can miss something.
Hope to help
Giuseppe
07-16-2012 10:00 AM
Hello Faze1sari,
there are some basic notes about your configuration
a) a default route should be represented as 0.0.0.0/0 not as 0.0.0.0/32
b) why the route filters applied to the customer are equal? this doesn't make sense the two prefix-list pl_peer_3_out and pl_peer_3_in permit the same IP prefixes I would expect you to provide a default route and some routes not to receive a default route from customer and the same set of routes.
c) what is the use of the inject-map on customer router? if the customer router receives a default route from expected route source it generates a route for 1.1.1.1/32 that is not sent to your router ( there is the distribute-list 6 towards your router and that prefix is not included) so what is its use?
Hope to help
Giuseppe
07-16-2012 10:10 AM
Giuseppe,
Thanks for your response I have made the following changes on my side:
ip prefix-list pl_peer_3_in seq 5 permit 12.132.104.0/24
ip prefix-list pl_peer_3_in seq 10 permit 12.208.151.0/24
ip prefix-list pl_peer_3_in seq 15 permit 76.233.231.0/24
ip prefix-list pl_peer_3_in seq 20 permit 69.0.104.0/24
ip prefix-list pl_peer_3_in seq 25 deny any
ip prefix-list pl_peer_3_out seq 5 permit 12.132.104.0/24
ip prefix-list pl_peer_3_out seq 10 permit 12.208.151.0/24
ip prefix-list pl_peer_3_out seq 15 permit 76.233.231.0/24
ip prefix-list pl_peer_3_out seq 20 permit 69.0.104.0/24
ip prefix-list pl_peer_3_out seq 21 permit 0.0.0.0/0
ip prefix-list pl_peer_3_out seq 25 deny any
Also we are not supposed to receive any routes from the client we are providing them with routes not the other way around.
07-16-2012 10:24 AM
Hello Faze1sari,
they (the customer) have to advertise to you their public IP networks, how can routing on the return path work when the primary ISP is failed?
This is the basic idea of BGP multihoming
the prefix list in 'in' direction should list different IP subnets then the other one as far as I can understand. However, I can miss something.
Hope to help
Giuseppe
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: