BGP and (Selective)Prepends

mbellears2 · ‎04-02-2004

Firstly, apologies for the rather long post!

Background info:

We have 2 sites - Site A has 2 upstreams, Site B has 1 upstream - Sites are connected via fibre.

We have a /20 allocated to us

Site A is currently using the following /24's:

xxx.xxx.64.0

xxx.xxx.65.0

xxx.xxx.66.0

xxx.xxx.67.0

xxx.xxx.68.0

xxx.xxx.69.0

xxx.xxx.70.0

xxx.xxx.71.0

xxx.xxx.72.0

Site B is currently using the following /24's:

xxx.xxx.73.0

xxx.xxx.74.0

xxx.xxx.75.0

Site A is advertising the following to Upstream A (Pay fo use)

Aggregate (/20).

And the following to Upstream B (Open Pipe)

Aggregate (/20) - If Upstream A ever goes down, rest of the world can still get to our entire

/20 via Upstream B

Specific /24 (4 of) advertisements to ensure that traffic destined for them will only come in via

Upstream B (Unless down)

Site B is advertising the following to its Upstream:

Specific /24's:

xxx.xxx.73.0

xxx.xxx.74.0

xxx.xxx.75.0

To ensure traffic destined for those subnets only comes in Via Site B's Upstream (Unless down,

then rest of the world will still be able to reach those subnets via Site A's Upstreams(Due to Aggregate adv.))

We are in the process of setting up OSPF between the two sites to advertise respective networks, and to also

advertise a default route(But make this def. route less attractive than the def. routes advertised by each

Sites respective upstreams.)

This is what I would like to do:

Site A's advertisements remain unchanged.

Site B's advertisement stays the same (I want traffic destined for these subnets to come in via Site B's Upstream) - but -

Also have an aggregate advertisement (/20) that is much less attractive than Site A's aggregate.

I only want traffic destined for Site A or Site B's /24's to come in via there respective Upstreams - Unless there is an

outage that takes out the Internet feed(s) from Site A or Site B - Reason being that our Intersite link would not handle

the traffic, and I would only want to use it in case of major upstream outage.

Example:

Site A's Upstreams both go down.

Site A has no def. routes from Upstreams (There down), but has def. route from Site B (OSPF) - therefore traffic goes

out via 2Mb fibre to Site B.

Site B has aggregate advertisement (/20), so the rest of the world know that they can still get to this range via Site B.

I know I can use prepends to make Site B's advertisement less attractive than Site A - but this will also affect Site B's

/24 advertisements? Is what I'm trying to do possible?

Any comments/suggestions are greatly appreciated!

Regards,

MB

ruwhite · ‎04-03-2004

You can apply as path prepend to only one route using a route map:

route-map addstuffhere permit 10

match ip address 10

set as-path prepend xx xx xx

And set up access list 10 to permit only the /20 that both sites are advertising.

This URL:

http://www.cisco.com/en/US/tech/tk365/tk80/technologies_configuration_example09186a00800945bf.shtml

might help explain the process better.

Another option would be conditional advertisement, which would be a more solid way of making certain no-one uses the /20 from site a. You could set it up using route maps so the only time the /20 is advertised from site a is when the link between site b and the ISP is removed from the routing table on the site a edge router.

http://www.cisco.com/en/US/tech/tk365/tk80/technologies_configuration_example09186a0080094309.shtml

Explains the conditional advertisment feature.

Hope that helps.

:-)

Russ.W

mbellears2 · ‎04-09-2004

Sorry for the delay in responding - Been away!

On your first option - If I only include the /20 in acl 10, I wont be also advertising the /24's that need to come in via the respective sites? (The /20 will encompass them, but it wont gaurantee that traffic destined for them will come in via the links that I wont them too)

And on option b - This looks much more elegant! - But how am I going to determine from Site A, that Site B's Upstream link is there or not?

Regards,

MB

ruwhite · ‎04-09-2004

For the first option: You'd want to have a second line in the route map that permits anything, and doesn't change anything:

route map addstuffhere permit 20

That way, the /24's will be permitted, but their as path won't be changed by the route map. The as path prepend will only affect the /20's on the side you want to be less preferred.

For the second option, what I normally see done here is this:

ISPA--10.1.1.0/24--R1---R2---10.1.2.0/24--ISPB

On R1:

-- filter 10.1.2.0/24 from coming in through ISPA

-- include 10.1.2.0/24 in your IGP, so R1 knows about the route through R2

-- set up the non exist map so when 10.1.2.0/24 leaves the routing table, R1 starts advertising the /20

I don't know what sorts of failover times you're looking for, but note that conditional advertisement can take 30 seconds to a minute to actually advertise the route through the backup link.

:-)

Russ.W

samsam_wang · ‎04-09-2004

Hi, Ruwhite

It seems that you read and understood all articles on cisco.com and you know everything.

In my opinion, if i could do that, I would pass the ccie exam, but maybe it will takes me about more than 5 years or more.

Would you like to give me some advice about how to study the ccie, it is so difficult. Thank you very much.

When I got more and more knowledge, I feel that I knew less and less.

meanwhile, the OSPF/ISIS redistribute problem, I have post the configuration, I am still confused about that.

Thanks again.

ruwhite · ‎04-16-2004

My best advice for passing the CCIE: Study. :-) IP is about 50% of any test you take there, so have IP and IP routing down cold.

I didn't see your configs posed (?)...

:-)

Russ.W