08-12-2022 06:12 AM - last edited on 08-17-2022 02:51 AM by Translator
Hi all, I'll post what my take is, but can I get assistance with coming up with a basic BGP configuration for an ASR1001-X that meets these criteria?
*Two different providers with different ASN's.
*We have our own ARIN-assigned /24 block and ASN. For this discussion, I'll call this block "192.168.1.1/24".
*Advertise the 192.168.1.1/24 to the outside world, and only this block - not advertise any other block or act as a transit route
*Favor Provider "A" over Provider "B", unless Provider "A" goes down, both for inbound and outbound traffic
*Accept default route from both carriers, rather than the entire BGP routing table.
interface GigabitEthernet0/0/0
description Provider A - Prefer this connection
ip address 1.1.1.1 255.255.255.0
!
interface GigabitEthernet0/0/1
description Provider B
ip address 2.2.2.2 255.255.255.0
!
interface GigabitEthernet0/0/2
description ARIN_/24
ip address 192.168.1.1 255.255.255.0
!
router bgp 12345
bgp log-neighbor-changes
network 192.168.1.0
neighbor 1.1.1.10 remote-as 1111
neighbor 1.1.1.10 prefix-list PreferOut out
neighbor 1.1.1.10 route-map PreferIN in
neighbor 2.2.2.10 remote-as 2222
neighbor 2.2.2.10 route-map PrependOUT out
!
ip prefix-list PreferIn seq 5 permit 0.0.0.0/0 le 32
!
ip prefix-list PreferOut seq 10 permit 192.168.1.0/24
!
route-map PrependOUT permit 10
match ip address prefix-list PreferOut
set as-path prepend 12345 12345 12345 12345 12345
!
route-map PreferIN permit 10
match ip address prefix-list PreferIn
set weight 100
TIA everyone,
Brian
08-12-2022 07:09 AM
Hi @CiscoUserSince98 ,
AS-path prepend will influence inbound traffic, but will not ensure that 100% of the inbound traffic uses provider A. This is because service providers will normally use the following local preference, which will take precedence over AS PATH length.
- Customer learnt paths have higher local preference than Peering learnt paths.
- Peering learnt paths have higher local preference than Transit learnt paths.
One way you could make sure all inbound traffic uses provider A is to use conditional advertisement, which would consist of advertising your local block to provider B only if you stop receiving the default route from provider A.
Please refer to the following document to learn more about BGP Conditional Advertisement:
https://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/16137-cond-adv.html
Regards,
08-12-2022 07:27 AM
I think he use ios and he ask same command in ios xr.
08-12-2022 07:44 AM - last edited on 08-17-2022 02:53 AM by Translator
Thank you for the input.
Does the snippet below accomplish the goals of controlling which way we advertise our netblock and influence which way our outbound traffic goes?
interface GigabitEthernet0/0/0
description Provider A - Prefer this connection
ip address 1.1.1.1 255.255.255.0
!
interface GigabitEthernet0/0/1
description Provider B
ip address 2.2.2.2 255.255.255.0
!
interface GigabitEthernet0/0/2
description ARIN_/24
ip address 192.168.1.1 255.255.255.0
!
router bgp 12345
bgp log-neighbor-changes
network 192.168.1.0
neighbor 1.1.1.10 remote-as 1111
neighbor 1.1.1.10 prefix-list PreferOut out
!
neighbor 2.2.2.10 remote-as 2222
neighbor 2.2.2.10 advertise-map ADVERTISE non-exist-map NON-EXIST
!
ip prefix-list PreferOut seq 10 permit 192.168.1.0/24
!
access-list 60 permit 192.168.1.0 0.0.0.255
access-list 65 permit 0.0.0.0
!
route-map ADVERTISE permit 10
match ip address 60
route-map NON-EXIST permit 10
match ip address 65
08-12-2022 08:39 AM - last edited on 08-17-2022 02:55 AM by Translator
My concern here is
0.0.0.0 always found but it next hop is change from
isp-a isp-b
So non exit map match to criteria
One prefix 0.0.0.0
Other is next hop which is isp-a
@Harold Ritter can you check my point,
Is it right?
08-12-2022 08:52 AM - last edited on 08-17-2022 02:56 AM by Translator
Hi @MHM Cisco World ,
That is correct. That is why I suggested the following in my last post.
route-map NON-EXIST permit 10
match ip address 65
match as-path 2
!
ip as-path access-list 2 permit 1111
Regards,
08-12-2022 08:41 AM - last edited on 08-17-2022 02:58 AM by Translator
Hi @CiscoUserSince98 ,
Since you receive the default route from both ISPs, you need to modify the
route-map
to check the default route you receive from ISP A specifically. Otherwise, BGP conditional advertisement would consider the default coming from ISP B to be valid and would not advertise the local block to ISP B.
route-map NON-EXIST permit 10
match ip address 65
match as-path 2
!
ip as-path access-list 2 permit 1111
You also need to add the following egress policy to ISP B as well to make sure you do not propagate the default received from ISP A to ISP B.
router bgp 12345
neighbor 2.2.2.10 prefix-list PreferOut out
Regards,
08-16-2022 10:49 AM - last edited on 08-17-2022 02:59 AM by Translator
Thank you all so much for the input. Taking your changes and putting them all together, does this look workable?
interface GigabitEthernet0/0/0
description Provider A - Prefer this connection
ip address 1.1.1.1 255.255.255.0
!
interface GigabitEthernet0/0/1
description Provider B
ip address 2.2.2.2 255.255.255.0
!
interface GigabitEthernet0/0/2
description ARIN_/24
ip address 192.168.1.1 255.255.255.0
!
router bgp 12345
bgp log-neighbor-changes
network 192.168.1.0
neighbor 1.1.1.10 remote-as 1111
neighbor 1.1.1.10 prefix-list PreferOut out
!
neighbor 2.2.2.10 remote-as 2222
neighbor 2.2.2.10 advertise-map ADVERTISE non-exist-map NON-EXIST
neighbor 2.2.2.10 prefix-list PreferOut out
!
ip prefix-list PreferOut seq 10 permit 192.168.1.0/24
!
access-list 60 permit 192.168.1.0 0.0.0.255
access-list 65 permit 0.0.0.0
!
route-map ADVERTISE permit 10
match ip address 60
route-map NON-EXIST permit 10
match ip address 65
match as-path 2
ip as-path access-list 2 permit 1111
08-24-2022 08:03 AM
Just a final bump on this topic - wanted to verify that this config will also accomplish influencing the outbound path choice for internal hosts?
08-24-2022 08:18 AM
If you receive only defualt route then
Config PBR in ingress interface and set interface or next hop for control the outbound traffic
Or
Config max -path under bgp
This will give load sharing between two isp but here you may face asymmetric traffic
So i prefer first solution
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide