cancel
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
3964
Views
0
Helpful
16
Replies

Asymmetric Path in BGP

colombus1
Level 1
Level 1

Hello everyone,

This is my first post in this community. I have read everywhere that outbound BGP path is easy to manipulate than inbound BGP path but in may case ( must be my lack of knowledge) I am having difficulties selecting proper outbound path and this is resulting in asymmetric routing. I am looking forward for knowledge and a solution for my problem here.

I have /22 provider independent network and three upstream provider ISPs with separate physical connection.

I am using 7200 series router and below is my sample config (I have changed IP addresses and AS number ):

router bgp 100
no synchronization
no bgp enforce-first-as
bgp log-neighbor-changes
network 10.10.1.0 mask 255.255.252.0
network 10.10.1.0 mask 255.255.254.0
network 10.10.1.0
network 10.10.2.0
network 10.10.3.0 mask 255.255.254.0
network 10.10.3.0
network 10.10.4.0
neighbor 192.168.1.1 remote-as 11
neighbor 192.168.1.1 description A
neighbor 192.168.1.1 next-hop-self
neighbor 192.168.1.1 soft-reconfiguration inbound
neighbor 192.168.1.1 route-map rm_A_in in
neighbor 192.168.1.1 route-map rm_A_out out

neighbor 192.168.2.1 remote-as 12

neighbor 192.168.2.1 description B
neighbor 192.168.2.1 next-hop-self
neighbor 192.168.2.1 soft-reconfiguration inbound
neighbor 192.168.2.1 route-map rm_B_in in
neighbor 192.168.2.1 route-map rm_B_out out

neighbor 192.168.3.1 remote-as 13
neighbor 192.168.3.1 description C
neighbor 192.168.3.1 next-hop-self
neighbor 192.168.3.1 soft-reconfiguration inbound
neighbor 192.168.3.1 route-map rm_C_in in
neighbor 192.168.3.1 route-map rm_C_out out

no auto-summary
       
ip classless

ip route 10.10.1.0 255.255.252.0 172.16.1.2
ip route 10.10.1.0 255.255.254.0 172.16.1.2
ip route 10.10.1.0 255.255.255.0 172.16.1.2
ip route 10.10.2.0 255.255.255.0 172.16.1.2
ip route 10.10.3.0 255.255.254.0 172.16.1.2
ip route 10.10.3.0 255.255.255.0 172.16.1.2
ip route 10.10.4.0 255.255.255.0 172.16.1.2

ip prefix-list pl_BOGUS_in seq 5 deny 10.0.0.0/8
ip prefix-list pl_BOGUS_in seq 10 deny 172.16.0.0/12
ip prefix-list pl_BOGUS_in seq 15 deny 192.168.0.0/16
ip prefix-list pl_BOGUS_in seq 20 deny 169.254.0.0/16
ip prefix-list pl_BOGUS_in seq 25 deny 0.0.0.0/8
ip prefix-list pl_BOGUS_in seq 30 deny 127.0.0.0/8
ip prefix-list pl_BOGUS_in seq 35 deny 198.18.0.0/15
ip prefix-list pl_BOGUS_in seq 40 deny 192.0.2.0/24
ip prefix-list pl_BOGUS_in seq 45 deny 198.51.100.0/24
ip prefix-list pl_BOGUS_in seq 50 deny 203.0.113.0/24
ip prefix-list pl_BOGUS_in seq 55 permit 0.0.0.0/0 le 32
!        
ip prefix-list pl_A_out seq 5 permit 10.10.3.0/24
ip prefix-list pl_A_out seq 10 permit 10.10.1.0/23
ip prefix-list pl_A_out seq 15 permit 10.10.3.0/23
ip prefix-list pl_A_out seq 25 deny 0.0.0.0/0 le 32

ip prefix-list pl_B_out seq 5 permit 10.10.1.0/24
ip prefix-list pl_B_out seq 10 permit 10.10.2.0/24
ip prefix-list pl_B_out seq 15 permit 10.10.3.0/23
ip prefix-list pl_B_out seq 25 deny 0.0.0.0/0 le 32


ip prefix-list pl_C_out seq 5 permit 10.10.4.0/24
ip prefix-list pl_C_out seq 10 permit 10.10.1.0/23
ip prefix-list pl_C_out seq 15 permit 10.10.3.0/23
ip prefix-list pl_C_out seq 25 deny 0.0.0.0/0 le

route-map rm_A_in permit 5
match ip address prefix-list pl_BOGUS_in


route-map rm_A_out permit 5
match ip address prefix-list pl_A_out
     
route-map rm_B_in permit 5
match ip address prefix-list pl_BOGUS_in


route-map rm_B_out permit 5
match ip address prefix-list pl_B_out
     

route-map rm_C_in permit 5
match ip address prefix-list pl_BOGUS_in


route-map rm_C_out permit 5
match ip address prefix-list pl_C_out

I am getting the desired result for inbound traffic, ie

Traffic from internet for 10.10.1.0/24 and 10.10.2.0/24 are coming via ISP A

Traffic from internet for10.10.3.0/24 are coming via ISP B

Traffic from internet for10.10.4.0/24 are coming via ISP C

But the problem is all traffic from My ASN to  internet is going via single ISP (ISP B). If i change the weight or local-preference it will select another single ISP. This is causing the asymmetric routing.

Is their any way so that I can achieve symmetric traffic flow, ie:

Traffic from 10.10.1.0/24 and 10.10.2.0/24 to internet leave through ISP A

Traffic from 10.10.3.0/24 to internet leave through ISP A

Traffic from 10.10.4.0/24  to internet leave through ISP A

Any help will be highly appreciated. Thanks in advance.

16 Replies 16

Mohamed Sobair
Level 7
Level 7

Hello,

This is a correct behaviour of BGP, BGP always select a single best path for its destination.

if you require to have some Networks leaves another path using BGP, then I would suggest you to use (POlicy Based routing) PBR.

Traffic from Network 10.10.1.0/24/10.10.2.0/24/10.10.3.0/24 and 10.10.4.0/24 should be policy based routed to use ISP A instead.

ie:

interface x/y

ip policy route-map BGP

route-map bgp per 10

match ip address 10

set ip next-hop x.x.x.x (ISP A next hop)

access-list 10 permit 10.10.1.0 0.0.0.255

access-list 10 permit 10.10.2.0 0.0.0.255

access-list 10 permit 10.10.3.0 0.0.0.255

access-list 10 permit 10.10.4.0 0.0.0.255

Regards,

Mohamed

Thanks a lot Mohamed

Actyually it was :

Is their any way so that I can achieve symmetric traffic flow, ie:

Traffic from 10.10.1.0/24 and 10.10.2.0/24 to internet leave through ISP A

Traffic from 10.10.3.0/24 to internet leave through ISP B

Traffic from 10.10.4.0/24 to internet leave through ISP C

However it worked with little changes.

There is a new problem now:

Now for example:

If I trace from 10.10.1.0/24 and 10.10.2.0/24 to 192.168.2.1 (Peer IP of ISP B), it will go through ISP A.

Also I have a connection with local IX to save bandwidth. Now the traffic to IX peers will also go through hard coded next-hop. Any way to overcome this?

Hi,

You will not be able to achive the same unless you land all the ISP on indivdual routers and have a fall back with each other with ibgp. The easy way to get desired result is to do policy based routing as sugested by Mohamed.

Rgds

Rama

Is it possible for certain  prefix lists, the next hop to be decided by BGP ?

I have a connection with local IX to save bandwidth. Now the traffic to IX peers will also go through hard coded next-hop. Any way to overcome this?

If I trace from 10.10.1.0/24 and 10.10.2.0/24 to 192.168.2.1 (Peer IP of ISP B), it will go through ISP A.

Any possibilities?

If you are using PBR and want to use the routing table then simply use a deny in the PBR acl ie.

access-list 101 deny ip 10.10.1.0 0.0.0.255 host 192.168.2.1

access-list 101 deny ip 10.10.2.0 0.0.0.255 host 192.168.2.1

access-list 101 permit ip 10.10.1.0 0.0.0.255 any

access-list 101 permit ip 10.10.2.0 0.0.0.255 any

route-map PBR permit 10

match ip address 101

set ip next-hop x.x.x.x <---- ISP A next-hop

int

ip policy route-map PBR

so the above would send traffic from 10.10.1.x & 10.10.2.x to any address to ISP A except traffic to host 192.168.2.1 which would not be policy routed ie. it would use the routing table.

Jon

Thanks Jon... it will work but the problem is IX peer  has so many prefixes announced... putting them all in ACL will be better idea?

Well that is the only way to do PBR for some networks and not for others. There is no magic solution simply because you have a lot of prefixes

Can you not summarise ?

Jon

Summarise? How to? any hints?

Well it depends on your addressing. What are the prefixes that go via IX ?

For example if all the prefixes that went via IX were using 192.168.x.x addressing then you could simply use 192.168.0.0 0.0.255.255 in your deny acl line. But if 192.168.x.x was also meant to be reachable via ISP then it's a no go.

So it depends on which networks are reachable via the IX link and which by the ISP.

Jon

Really thanks for your interest and time on my problem.

All 10.10.0.1.0/24, 10.10.2.0/24, 10.10.3.0/24 and 10.10.4.0/24 are announced to ISP and IX both.

In case of IX, 192.168.0.0/24 is for peering only that is each peer is assigned an IP from this network and they announce their different IP blocks to each other.

any possibilities?

It's not the addressing you advertise that is important. It's the networks that are reachable via each link that is important ie.

you are advertising 10.10.1/10.10.2/10.10.3 to ISP but that is not important. What networks do you want to route to via IX and ISP ?

Jon

That is a big list even if I summerize to /22

Not sure what else i can say. If you want to use PBR then you are going to have create that list for traffic you do not want to have policy routed.

Jon

Hi

Yes, you need to modifiy the attributes ( Local preference or weight) for IX peers updates and this will force router to send retrun traffic to IX peer next hop..

neighbor 1.1.1.1 weight 1000 ( the ip address IX Peer)

Rgds

Rama