12-08-2011 08:58 AM - edited 03-04-2019 02:33 PM
Need help with final step in BGP config.
ISP1 ISP2 ISP3
\ / |
\ / |
ISP4 .........customer
(me) (199.x.x.0/24)
I am ISP4 and I peer with ISP1/ISP2 for my IPs. My customer is peered with ISP3. I will be failover ISP for my customer. ISP1/ISP2 have agreed to accept my customers IPs if I advertise them.
My current working config (ISP4):
router bgp ISP4
no synchronization
bgp log-neighbor-changes
network 67.x.x.0 mask 255.255.248.0
neighbor 12.x.x.x remote-as ISP1
neighbor 12.x.x.x version 4
neighbor 12.x.x.x soft-reconfiguration inbound
neighbor 12.x.x.x route-map ISP1 out
neighbor 208.x.x.x remote-as ISP2
neighbor 208.x.x.x version 4
neighbor 208.x.x.x soft-reconfiguration inbound
neighbor 208.x.x.x advertise-map ISP2 non-exist-map ISP1
no auto-summary
ip as-path access-list 1 permit ^$
access-list 1 permit 67.x.x.0 0.0.7.255
route-map ISP2 permit 30
match ip address 1
route-map ISP2 permit 40
match as-path 1
route-map ISP1 permit 10
match ip address 1
route-map ISP1 permit 20
match as-path 1
----------------------------------------------------
current working customer config:
router bgp CUST
bgp log-neighbor-changes
network 199.x.x.0
neighbor 173.x.x.x remote-as ISP3
neighbor 173.x.x.x version 4
neighbor 173.x.x.x soft-reconfiguration inbound
neighbor 173.x.x.x route-map ISP3 out
ip as-path access-list 1 permit ^$
access-list 1 permit 199.x.x.0 0.0.0.255
route-map ISP3 permit 10
match ip address 1
route-map ISP3 permit 20
match as-path 1
-----------------------------------------------------
I will add customer as a neighbor in my router using a prefix-list in:
neighbor 199.x.x.0 remote-as CUST
neighbor 199.x.x.0 version 4
neighbor 199.x.x.0 prefix-list CUST
ip prefix-list CUST seq 5 permit 199.x.x.0/24
I will add me as a neighbor to customer router as failover:
neighbor 67.x.x.x remote-as ISP4
neighbor 67.x.x.x version 4
neighbor 67.x.x.x soft-reconfiguration inbound
neighbor 67.x.x.x advertise-map ISP4 non-exist-map ISP3
route-map ISP4 permit 30
match ip address 1
route-map ISP4 permit 40
match as-path 1
The question I have (provided the above is correct to start with!), is will I need to add the customers subnet to MY access list or will my session advertise his IPs if he is advertising them to me? I obviously don't want his IPs routed to me if his primary is up.
Thanks in advance.
Solved! Go to Solution.
12-08-2011 09:33 AM
Hi,
a) to your question:
You are advertising to your ISP1 and ISP2 those prefixes which:
either match access-list 1 (i.e., 67.x.x.0 0.0.7.255)
or match ip as-path access-list 1 (i.e., ^$).
As your customer prefix will be
199.x.x.0 0.0.0.255 coming with an AS_PATH ^CUST$, none of the above conditions will be fulfilled, so the prefix will NOT be advertised to ISP1 nor ISP2.
So you would need to modify your outbound route-maps.
b) I'm afraid your
neighbor 67.x.x.x advertise-map ISP4 non-exist-map ISP3
configuration will not work the way you'd like to.
As the
non-exist-map ISP3
matches
ip as-path access-list 1 (i.e., permit ^$) or access-list 1 (i.e., 199.x.x.0 0.0.0.255),
there will probably always exist a matching prefix and the customer would never advertise his prefix to you.
So IMHO, you should match some prefix received from ISP3 in the non-exist-map.
See
http://www.cisco.com/en/US/docs/ios/12_1/iproute/command/reference/1rdbgp.html#wp1150201
for details.
HTH,
Milan
12-08-2011 09:33 AM
Hi,
a) to your question:
You are advertising to your ISP1 and ISP2 those prefixes which:
either match access-list 1 (i.e., 67.x.x.0 0.0.7.255)
or match ip as-path access-list 1 (i.e., ^$).
As your customer prefix will be
199.x.x.0 0.0.0.255 coming with an AS_PATH ^CUST$, none of the above conditions will be fulfilled, so the prefix will NOT be advertised to ISP1 nor ISP2.
So you would need to modify your outbound route-maps.
b) I'm afraid your
neighbor 67.x.x.x advertise-map ISP4 non-exist-map ISP3
configuration will not work the way you'd like to.
As the
non-exist-map ISP3
matches
ip as-path access-list 1 (i.e., permit ^$) or access-list 1 (i.e., 199.x.x.0 0.0.0.255),
there will probably always exist a matching prefix and the customer would never advertise his prefix to you.
So IMHO, you should match some prefix received from ISP3 in the non-exist-map.
See
http://www.cisco.com/en/US/docs/ios/12_1/iproute/command/reference/1rdbgp.html#wp1150201
for details.
HTH,
Milan
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide