ā08-21-2011 10:58 AM - edited ā03-04-2019 01:20 PM
Hello everyone,
This is my first post in this community. I have read everywhere that outbound BGP path is easy to manipulate than inbound BGP path but in may case ( must be my lack of knowledge) I am having difficulties selecting proper outbound path and this is resulting in asymmetric routing. I am looking forward for knowledge and a solution for my problem here.
I have /22 provider independent network and three upstream provider ISPs with separate physical connection.
I am using 7200 series router and below is my sample config (I have changed IP addresses and AS number ):
router bgp 100
no synchronization
no bgp enforce-first-as
bgp log-neighbor-changes
network 10.10.1.0 mask 255.255.252.0
network 10.10.1.0 mask 255.255.254.0
network 10.10.1.0
network 10.10.2.0
network 10.10.3.0 mask 255.255.254.0
network 10.10.3.0
network 10.10.4.0
neighbor 192.168.1.1 remote-as 11
neighbor 192.168.1.1 description A
neighbor 192.168.1.1 next-hop-self
neighbor 192.168.1.1 soft-reconfiguration inbound
neighbor 192.168.1.1 route-map rm_A_in in
neighbor 192.168.1.1 route-map rm_A_out out
neighbor 192.168.2.1 remote-as 12
neighbor 192.168.2.1 description B
neighbor 192.168.2.1 next-hop-self
neighbor 192.168.2.1 soft-reconfiguration inbound
neighbor 192.168.2.1 route-map rm_B_in in
neighbor 192.168.2.1 route-map rm_B_out out
neighbor 192.168.3.1 remote-as 13
neighbor 192.168.3.1 description C
neighbor 192.168.3.1 next-hop-self
neighbor 192.168.3.1 soft-reconfiguration inbound
neighbor 192.168.3.1 route-map rm_C_in in
neighbor 192.168.3.1 route-map rm_C_out out
no auto-summary
ip classless
ip route 10.10.1.0 255.255.252.0 172.16.1.2
ip route 10.10.1.0 255.255.254.0 172.16.1.2
ip route 10.10.1.0 255.255.255.0 172.16.1.2
ip route 10.10.2.0 255.255.255.0 172.16.1.2
ip route 10.10.3.0 255.255.254.0 172.16.1.2
ip route 10.10.3.0 255.255.255.0 172.16.1.2
ip route 10.10.4.0 255.255.255.0 172.16.1.2
ip prefix-list pl_BOGUS_in seq 5 deny 10.0.0.0/8
ip prefix-list pl_BOGUS_in seq 10 deny 172.16.0.0/12
ip prefix-list pl_BOGUS_in seq 15 deny 192.168.0.0/16
ip prefix-list pl_BOGUS_in seq 20 deny 169.254.0.0/16
ip prefix-list pl_BOGUS_in seq 25 deny 0.0.0.0/8
ip prefix-list pl_BOGUS_in seq 30 deny 127.0.0.0/8
ip prefix-list pl_BOGUS_in seq 35 deny 198.18.0.0/15
ip prefix-list pl_BOGUS_in seq 40 deny 192.0.2.0/24
ip prefix-list pl_BOGUS_in seq 45 deny 198.51.100.0/24
ip prefix-list pl_BOGUS_in seq 50 deny 203.0.113.0/24
ip prefix-list pl_BOGUS_in seq 55 permit 0.0.0.0/0 le 32
!
ip prefix-list pl_A_out seq 5 permit 10.10.3.0/24
ip prefix-list pl_A_out seq 10 permit 10.10.1.0/23
ip prefix-list pl_A_out seq 15 permit 10.10.3.0/23
ip prefix-list pl_A_out seq 25 deny 0.0.0.0/0 le 32
ip prefix-list pl_B_out seq 5 permit 10.10.1.0/24
ip prefix-list pl_B_out seq 10 permit 10.10.2.0/24
ip prefix-list pl_B_out seq 15 permit 10.10.3.0/23
ip prefix-list pl_B_out seq 25 deny 0.0.0.0/0 le 32
ip prefix-list pl_C_out seq 5 permit 10.10.4.0/24
ip prefix-list pl_C_out seq 10 permit 10.10.1.0/23
ip prefix-list pl_C_out seq 15 permit 10.10.3.0/23
ip prefix-list pl_C_out seq 25 deny 0.0.0.0/0 le
route-map rm_A_in permit 5
match ip address prefix-list pl_BOGUS_in
route-map rm_A_out permit 5
match ip address prefix-list pl_A_out
route-map rm_B_in permit 5
match ip address prefix-list pl_BOGUS_in
route-map rm_B_out permit 5
match ip address prefix-list pl_B_out
route-map rm_C_in permit 5
match ip address prefix-list pl_BOGUS_in
route-map rm_C_out permit 5
match ip address prefix-list pl_C_out
I am getting the desired result for inbound traffic, ie
Traffic from internet for 10.10.1.0/24 and 10.10.2.0/24 are coming via ISP A
Traffic from internet for10.10.3.0/24 are coming via ISP B
Traffic from internet for10.10.4.0/24 are coming via ISP C
But the problem is all traffic from My ASN to internet is going via single ISP (ISP B). If i change the weight or local-preference it will select another single ISP. This is causing the asymmetric routing.
Is their any way so that I can achieve symmetric traffic flow, ie:
Traffic from 10.10.1.0/24 and 10.10.2.0/24 to internet leave through ISP A
Traffic from 10.10.3.0/24 to internet leave through ISP A
Traffic from 10.10.4.0/24 to internet leave through ISP A
Any help will be highly appreciated. Thanks in advance.
ā08-21-2011 11:41 AM
Hello,
This is a correct behaviour of BGP, BGP always select a single best path for its destination.
if you require to have some Networks leaves another path using BGP, then I would suggest you to use (POlicy Based routing) PBR.
Traffic from Network 10.10.1.0/24/10.10.2.0/24/10.10.3.0/24 and 10.10.4.0/24 should be policy based routed to use ISP A instead.
ie:
interface x/y
ip policy route-map BGP
route-map bgp per 10
match ip address 10
set ip next-hop x.x.x.x (ISP A next hop)
access-list 10 permit 10.10.1.0 0.0.0.255
access-list 10 permit 10.10.2.0 0.0.0.255
access-list 10 permit 10.10.3.0 0.0.0.255
access-list 10 permit 10.10.4.0 0.0.0.255
Regards,
Mohamed
ā08-22-2011 01:26 AM
Thanks a lot Mohamed
Actyually it was :
Is their any way so that I can achieve symmetric traffic flow, ie:
Traffic from 10.10.1.0/24 and 10.10.2.0/24 to internet leave through ISP A
Traffic from 10.10.3.0/24 to internet leave through ISP B
Traffic from 10.10.4.0/24 to internet leave through ISP C
However it worked with little changes.
There is a new problem now:
Now for example:
If I trace from 10.10.1.0/24 and 10.10.2.0/24 to 192.168.2.1 (Peer IP of ISP B), it will go through ISP A.
Also I have a connection with local IX to save bandwidth. Now the traffic to IX peers will also go through hard coded next-hop. Any way to overcome this?
ā08-22-2011 01:50 AM
Hi,
You will not be able to achive the same unless you land all the ISP on indivdual routers and have a fall back with each other with ibgp. The easy way to get desired result is to do policy based routing as sugested by Mohamed.
Rgds
Rama
ā08-22-2011 03:21 AM
Is it possible for certain prefix lists, the next hop to be decided by BGP ?
I have a connection with local IX to save bandwidth. Now the traffic to IX peers will also go through hard coded next-hop. Any way to overcome this?
If I trace from 10.10.1.0/24 and 10.10.2.0/24 to 192.168.2.1 (Peer IP of ISP B), it will go through ISP A.
Any possibilities?
ā08-22-2011 03:53 AM
If you are using PBR and want to use the routing table then simply use a deny in the PBR acl ie.
access-list 101 deny ip 10.10.1.0 0.0.0.255 host 192.168.2.1
access-list 101 deny ip 10.10.2.0 0.0.0.255 host 192.168.2.1
access-list 101 permit ip 10.10.1.0 0.0.0.255 any
access-list 101 permit ip 10.10.2.0 0.0.0.255 any
route-map PBR permit 10
match ip address 101
set ip next-hop x.x.x.x <---- ISP A next-hop
int
ip policy route-map PBR
so the above would send traffic from 10.10.1.x & 10.10.2.x to any address to ISP A except traffic to host 192.168.2.1 which would not be policy routed ie. it would use the routing table.
Jon
ā08-22-2011 05:56 AM
Thanks Jon... it will work but the problem is IX peer has so many prefixes announced... putting them all in ACL will be better idea?
ā08-22-2011 06:02 AM
Well that is the only way to do PBR for some networks and not for others. There is no magic solution simply because you have a lot of prefixes
Can you not summarise ?
Jon
ā08-22-2011 06:05 AM
Summarise? How to? any hints?
ā08-22-2011 06:10 AM
Well it depends on your addressing. What are the prefixes that go via IX ?
For example if all the prefixes that went via IX were using 192.168.x.x addressing then you could simply use 192.168.0.0 0.0.255.255 in your deny acl line. But if 192.168.x.x was also meant to be reachable via ISP then it's a no go.
So it depends on which networks are reachable via the IX link and which by the ISP.
Jon
ā08-22-2011 06:22 AM
Really thanks for your interest and time on my problem.
All 10.10.0.1.0/24, 10.10.2.0/24, 10.10.3.0/24 and 10.10.4.0/24 are announced to ISP and IX both.
In case of IX, 192.168.0.0/24 is for peering only that is each peer is assigned an IP from this network and they announce their different IP blocks to each other.
any possibilities?
ā08-22-2011 06:34 AM
It's not the addressing you advertise that is important. It's the networks that are reachable via each link that is important ie.
you are advertising 10.10.1/10.10.2/10.10.3 to ISP but that is not important. What networks do you want to route to via IX and ISP ?
Jon
ā08-22-2011 07:53 AM
That is a big list even if I summerize to /22
ā08-22-2011 08:13 AM
Not sure what else i can say. If you want to use PBR then you are going to have create that list for traffic you do not want to have policy routed.
Jon
ā08-22-2011 04:21 AM
Hi
Yes, you need to modifiy the attributes ( Local preference or weight) for IX peers updates and this will force router to send retrun traffic to IX peer next hop..
neighbor 1.1.1.1 weight 1000 ( the ip address IX Peer)
Rgds
Rama
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide