Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
533
Views
15
Helpful
9
Replies

Basic two-provider BGP configuration?

CiscoUserSince98
Level 1
Level 1

‎08-12-2022 06:12 AM - last edited on ‎08-17-2022 02:51 AM by Community Manager

Hi all, I'll post what my take is, but can I get assistance with coming up with a basic BGP configuration for an ASR1001-X that meets these criteria?

*Two different providers with different ASN's.

*We have our own ARIN-assigned /24 block and ASN.  For this discussion, I'll call this block "192.168.1.1/24".

*Advertise the 192.168.1.1/24 to the outside world, and only this block - not advertise any other block or act as a transit route

*Favor Provider "A" over Provider "B", unless Provider "A" goes down, both for inbound and outbound traffic

*Accept default route from both carriers, rather than the entire BGP routing table.

 

interface GigabitEthernet0/0/0
description Provider A - Prefer this connection
ip address 1.1.1.1 255.255.255.0
!
interface GigabitEthernet0/0/1
description Provider B
ip address 2.2.2.2 255.255.255.0
!
interface GigabitEthernet0/0/2
description ARIN_/24
ip address 192.168.1.1 255.255.255.0
!
router bgp 12345
bgp log-neighbor-changes
network 192.168.1.0
neighbor 1.1.1.10 remote-as 1111
neighbor 1.1.1.10 prefix-list PreferOut out
neighbor 1.1.1.10 route-map PreferIN in
neighbor 2.2.2.10 remote-as 2222
neighbor 2.2.2.10 route-map PrependOUT out
!
ip prefix-list PreferIn seq 5 permit 0.0.0.0/0 le 32
!
ip prefix-list PreferOut seq 10 permit 192.168.1.0/24
!
route-map PrependOUT permit 10
match ip address prefix-list PreferOut
set as-path prepend 12345 12345 12345 12345 12345
!
route-map PreferIN permit 10
match ip address prefix-list PreferIn
set weight 100

 

TIA everyone,

Brian

 

Labels:
9 Replies 9

Harold Ritter
Cisco Employee
Cisco Employee

‎08-12-2022 07:09 AM

Hi @CiscoUserSince98 ,

 

AS-path prepend will influence inbound traffic, but will not ensure that 100% of the inbound traffic uses provider A. This is because service providers will normally use the following local preference, which will take precedence over AS PATH length.

- Customer learnt paths have higher local preference than Peering learnt paths.

- Peering learnt paths have higher local preference than Transit learnt paths.

One way you could make sure all inbound traffic uses provider A is to use conditional advertisement, which would consist of advertising your local block to provider B only if you stop receiving the default route from provider A.

Please refer to the following document to learn more about BGP Conditional Advertisement:

https://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/16137-cond-adv.html

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

MHM Cisco World
VIP
VIP
In response to Harold Ritter

‎08-12-2022 07:27 AM

@Harold Ritter 

I think he use ios and he ask same command in ios xr.

0 Helpful

CiscoUserSince98
Level 1
Level 1
In response to Harold Ritter

‎08-12-2022 07:44 AM - last edited on ‎08-17-2022 02:53 AM by Community Manager

Thank you for the input.

Does the snippet below accomplish the goals of controlling which way we advertise our netblock and influence which way our outbound traffic goes?

interface GigabitEthernet0/0/0
description Provider A - Prefer this connection
ip address 1.1.1.1 255.255.255.0
!
interface GigabitEthernet0/0/1
description Provider B
ip address 2.2.2.2 255.255.255.0
!
interface GigabitEthernet0/0/2
description ARIN_/24
ip address 192.168.1.1 255.255.255.0
!
router bgp 12345
bgp log-neighbor-changes
network 192.168.1.0
neighbor 1.1.1.10 remote-as 1111
neighbor 1.1.1.10 prefix-list PreferOut out
!
neighbor 2.2.2.10 remote-as 2222
neighbor 2.2.2.10 advertise-map ADVERTISE non-exist-map NON-EXIST
!
ip prefix-list PreferOut seq 10 permit 192.168.1.0/24
!
access-list 60 permit 192.168.1.0 0.0.0.255
access-list 65 permit 0.0.0.0
!
route-map ADVERTISE permit 10
match ip address 60
route-map NON-EXIST permit 10
match ip address 65
0 Helpful

MHM Cisco World
VIP
VIP
In response to CiscoUserSince98

‎08-12-2022 08:39 AM - last edited on ‎08-17-2022 02:55 AM by Community Manager

My concern here is

0.0.0.0 always found but it next hop is change from

isp-a isp-b

So non exit map match to criteria

One prefix 0.0.0.0

Other is next hop which is isp-a

@Harold Ritter can you check my point,

Is it right? 

0 Helpful

Harold Ritter
Cisco Employee
Cisco Employee
In response to MHM Cisco World

‎08-12-2022 08:52 AM - last edited on ‎08-17-2022 02:56 AM by Community Manager

Hi @MHM Cisco World ,

 

That is correct. That is why I suggested the following in my last post.

 

route-map NON-EXIST permit 10 
match ip address 65
match as-path 2

 !

ip as-path access-list 2 permit 1111


Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Harold Ritter
Cisco Employee
Cisco Employee
In response to CiscoUserSince98

‎08-12-2022 08:41 AM - last edited on ‎08-17-2022 02:58 AM by Community Manager

Hi @CiscoUserSince98 ,

 

Since you receive the default route from both ISPs, you need to modify the

route-map

to check the default route you receive from ISP A specifically. Otherwise, BGP conditional advertisement would consider the default coming from ISP B to be valid and would not advertise the local block to ISP B.

 

route-map NON-EXIST permit 10 
match ip address 65
match as-path 2

 !

ip as-path access-list 2 permit 1111

You also need to add the following egress policy to ISP B as well to make sure you do not propagate the default received from ISP A to ISP B.

router bgp 12345

neighbor 2.2.2.10 prefix-list PreferOut out

Regards,

 

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
0 Helpful

CiscoUserSince98
Level 1
Level 1
In response to Harold Ritter

‎08-16-2022 10:49 AM - last edited on ‎08-17-2022 02:59 AM by Community Manager

Thank you all so much for the input.  Taking your changes and putting them all together, does this look workable?

 

interface GigabitEthernet0/0/0
description Provider A - Prefer this connection
ip address 1.1.1.1 255.255.255.0
!
interface GigabitEthernet0/0/1
description Provider B
ip address 2.2.2.2 255.255.255.0
!
interface GigabitEthernet0/0/2
description ARIN_/24
ip address 192.168.1.1 255.255.255.0
!
router bgp 12345
bgp log-neighbor-changes
network 192.168.1.0
neighbor 1.1.1.10 remote-as 1111
neighbor 1.1.1.10 prefix-list PreferOut out
!
neighbor 2.2.2.10 remote-as 2222
neighbor 2.2.2.10 advertise-map ADVERTISE non-exist-map NON-EXIST
neighbor 2.2.2.10 prefix-list PreferOut out
!
ip prefix-list PreferOut seq 10 permit 192.168.1.0/24
!
access-list 60 permit 192.168.1.0 0.0.0.255
access-list 65 permit 0.0.0.0
!
route-map ADVERTISE permit 10
match ip address 60
route-map NON-EXIST permit 10
match ip address 65
match as-path 2

ip as-path access-list 2 permit 1111

0 Helpful

CiscoUserSince98
Level 1
Level 1
In response to Harold Ritter

‎08-24-2022 08:03 AM

Just a final bump on this topic - wanted to verify that this config will also accomplish influencing the outbound path choice for internal hosts?

0 Helpful

MHM Cisco World
VIP
VIP

‎08-24-2022 08:18 AM

If you receive only defualt route then 

Config PBR in ingress interface and set interface or next hop for control the outbound traffic 

Or 

Config max -path under bgp

This will give load sharing between two isp but here you may face asymmetric traffic 

So i prefer first solution 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card