BGP traffic

pmandelbaum · ‎07-10-2003

We are multihomed to two different ISP's with one router. When I look at the traffic going out and coming in it looks to me that it is going in one big loop. Outbound traffic is going out one ISP and in bound traffic is coming in the other. I have set up route-maps for load sharing and have prepend statements and our fail over works great but can't seem to get the traffic to load share. Is it possible that the ISP with the traffic going out on is directing traffic to the other for inbound traffic.

Any thoughts or help would be much appreciated.

Thanks

Phil

ruwhite · ‎07-10-2003

One ISP is probably advertising a longer prefix verison of your ip address space than the other is.... You'll have to contact the isp you've gotten the ip address space from, and get them to punch a hole in their aggregation to let your longer prefix through.

What's the address block that you're using towards both service providers? We could verify this is what's happening by looking at one of the route view servers.

Russ.W

hbaerten · ‎07-10-2003

Regarding the outbound traffic, are you receiving a full routing table from both ISPs, only from one and a default (or partial table) from the other, or only default from both?

E.g. what is the result of the command

show ip bgp 198.133.219.25

(or any other ip address that should be reachable)?

Regarding inbound traffic, are you saying that all traffic still comes in over the link where you announce with a prepend? Have you tried a longer prepend?

Maybe post your bgp config part and the routemaps here? Or give us your ASN and a prefix that you announce so we can check what is received elsewhere in the world...

regards,

Herbert

pmandelbaum · ‎07-11-2003

Thanks for all the help with this. I have been trying different things with out route maps and prepends but nothing seems to work. At this time I am recieveing partial routes from UUNET and have a default route from SBC. 90% of trffic is going out SBC and 99.9% of traffic is coming UUNET. When I go to use one of the route view servers the best routes all ways show that AS 701 is the route chosen for inbound to us. Our CIDR block is a /16 and the IP space that we are advertising is 66.209.144.0 and 66.209.152.0. Our AS number is 27427 hope all this helps and thaks again for all of the help.

router bgp 27427

no synchronization

bgp always-compare-med

bgp log-neighbor-changes

bgp deterministic-med

bgp dampening

network 66.209.144.0 mask 255.255.248.0

network 66.209.152.0 mask 255.255.248.0

neighbor 67.114.99.1 remote-as 7132

neighbor 67.114.99.1 description Peer to SBC Internet Services IAF#1010088 email

: bgp@pbi.net

neighbor 67.114.99.1 version 4

neighbor 67.114.99.1 send-community

neighbor 67.114.99.1 route-map SBC-IN in

neighbor 67.114.99.1 route-map SBC-OUT out

neighbor 157.130.198.105 remote-as 701

neighbor 157.130.198.105 description Peer to UUNET

neighbor 157.130.198.105 version 4

neighbor 157.130.198.105 route-map MCI-IN in

neighbor 157.130.198.105 route-map UUNET-OUT out

no auto-summary

route-map SBC-OUT permit 10

match ip address 1

set community 7132:70

!

route-map SBC-OUT permit 20

match ip address 2

match as-path 20

set community 7132:70

!

route-map UUNET-OUT permit 10

match ip address 1

match as-path 20

set as-path prepend 27427 27427 27427

!

route-map UUNET-OUT permit 20

match ip address 2

match as-path 20

set as-path prepend 27427 27427 27427

Report Inappropriate Content · ‎07-11-2003

Another alternative may be to use conditional advertisement. This would apply if you wanted to use one ISP link as the primary for both outbound and inbound traffic, with the other ISP link as the secondary/failover.

Essentially, you would use the advertise-map and non-exist map functionality, which goes on BGP neighbor statements, to advertise your networks to one ISP only, then if that ISP link fails, use some condition in the non-exist map, such as the loss of the primary ISP route, to trigger the advertise map for the second ISP on it's neighbor statement, conditionally advertising out the other ISP link. Then you don't have to worry about prepends and changing conditions out in the Internet.

t.baranski · ‎07-12-2003

If you have partial routes from MCI in the routing table and 90% of outbound traffic is going out the SBC link, that means that 90% of your outbound traffic isn't destined to MCI customers. What I'd probably do in your case is 1 of 2 things: 1) get partial routes and a default from both MCI and SBC, or 2) get just a default from MCI and SBC. With CEF enabled you'll get per-destination load balancing because you'll have 2 default routes, 1 to each provider. Getting the partial routes as well will give you the benefit of always choosing the optimal link when the traffic is destined to either an MCI or SBC customer.

Regarding inbound traffic, it appears that your AS-PATH prepending isn't working per a looking glass that I checked. All your routes have an AS-PATH of "...xxxx...701 27427". So probably either your access lists or AS-PATH lists aren't right. But in any case, load balancing inbound traffic via BGP isn't easy. One thing you could do is try to force everyone to prefer 1 of your /21's via MCI and the other via SBC. For example, you could prepend the AS-PATH of 66.209.144.0/21 when advertising it to MCI and prepend the AS-PATH of 66.209.152.0/21 when advertising it to SBC. In both cases you could also lower the local preference via communities as a fail-safe. This will enable inbound load sharing to whatever extent that traffic is distributed across these two address ranges.

hbaerten · ‎07-17-2003

As another poster already pointed out, your prepend isn't working, so that is why you see the route via 701 as best in all the looking glasses, and why all traffic is coming in via UUnet.

If you haven't solved it yet, post the config that defines acl 1 and 2 and as-path acl 20.

BTW, you should also consider if you really want load balanced incoming traffic since the traffic via SBC will take a longer path...

With regard to outgoing traffic, if you are not receiving full routing and not receiving a default from UUnet, you don't have full redundancy: if the link to SBC fails you have no way out. You could solve this by adding a floating static default route to UUnet, which would kick in when you don't receive the default from SBC anymore. But better would be to ask UUnet to advertise a default as well since this would give you the outgoing loadbalancing you want.

hth

Herbert