Buy or Renew
Buy or Renew
COMING SOON: Umbrella and Secure Access release notes are coming to Cisco Community. The community will be in read-only August 16 – 19. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
484
Views
0
Helpful
1
Replies

BGP advertise question

Go to solution
cuchara61
Level 1
Level 1

‎12-08-2011 08:58 AM - edited ‎03-04-2019 02:33 PM

Need help with final step in BGP config.

ISP1       ISP2      ISP3

    \         /              |

     \       /               |

      ISP4 .........customer 

      (me)        (199.x.x.0/24)

I am ISP4 and I peer with ISP1/ISP2 for my IPs. My customer is peered with ISP3. I will be failover ISP for my customer. ISP1/ISP2 have agreed to accept my customers IPs if I advertise them.

My current working config (ISP4):

router bgp ISP4

no synchronization

bgp log-neighbor-changes

network 67.x.x.0 mask 255.255.248.0

neighbor 12.x.x.x remote-as ISP1

neighbor 12.x.x.x version 4

neighbor 12.x.x.x soft-reconfiguration inbound

neighbor 12.x.x.x route-map ISP1 out

neighbor 208.x.x.x remote-as ISP2

neighbor 208.x.x.x version 4

neighbor 208.x.x.x soft-reconfiguration inbound

neighbor 208.x.x.x advertise-map ISP2 non-exist-map ISP1

no auto-summary

ip as-path access-list 1 permit ^$

access-list 1 permit 67.x.x.0 0.0.7.255

route-map ISP2 permit 30

match ip address 1

route-map ISP2 permit 40

match as-path 1

route-map ISP1 permit 10

match ip address 1

route-map ISP1 permit 20

match as-path 1

----------------------------------------------------

current working customer config:

router bgp CUST

bgp log-neighbor-changes

network 199.x.x.0

neighbor 173.x.x.x remote-as ISP3

neighbor 173.x.x.x version 4

neighbor 173.x.x.x soft-reconfiguration inbound

neighbor 173.x.x.x route-map ISP3 out

ip as-path access-list 1 permit ^$

access-list 1 permit 199.x.x.0 0.0.0.255

route-map ISP3 permit 10

match ip address 1

route-map ISP3 permit 20

match as-path 1

-----------------------------------------------------

I will add customer as a neighbor in my router using a prefix-list in:

neighbor 199.x.x.0 remote-as CUST

neighbor 199.x.x.0 version 4

neighbor 199.x.x.0 prefix-list CUST

ip prefix-list CUST seq 5 permit 199.x.x.0/24

I will add me as a neighbor to customer router as failover:

neighbor 67.x.x.x remote-as ISP4

neighbor 67.x.x.x version 4

neighbor 67.x.x.x soft-reconfiguration inbound

neighbor 67.x.x.x advertise-map ISP4 non-exist-map ISP3

route-map ISP4 permit 30

match ip address 1

route-map ISP4 permit 40

match as-path 1

The question I have (provided the above is correct to start with!), is will I need to add the customers subnet to MY access list or will my session advertise his IPs if he is advertising them to me? I obviously don't want his IPs routed to me if his primary is up.

Thanks in advance.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
milan.kulik
Level 10
Level 10

‎12-08-2011 09:33 AM

Hi,

a) to your question:

You are advertising to your ISP1 and ISP2 those prefixes which:

either  match access-list 1 (i.e., 67.x.x.0 0.0.7.255)

or match  ip as-path access-list 1 (i.e., ^$).

As your customer prefix will be

199.x.x.0 0.0.0.255 coming with an AS_PATH ^CUST$, none of the above conditions will be fulfilled, so the prefix will NOT be advertised to ISP1 nor ISP2.

So you would need to modify your outbound route-maps.

b) I'm afraid your

neighbor 67.x.x.x advertise-map ISP4 non-exist-map ISP3

configuration will not work the way you'd like to.

As the

non-exist-map ISP3

matches

ip as-path access-list 1 (i.e., permit ^$) or  access-list 1 (i.e., 199.x.x.0 0.0.0.255),

there will probably always exist a matching prefix and the customer would never advertise his prefix to you.

So IMHO, you should match some prefix received from ISP3 in the non-exist-map.

See

http://www.cisco.com/en/US/docs/ios/12_1/iproute/command/reference/1rdbgp.html#wp1150201

for details.

HTH,

Milan

View solution in original post

0 Helpful
1 Reply 1

Go to solution
milan.kulik
Level 10
Level 10

‎12-08-2011 09:33 AM

Hi,

a) to your question:

You are advertising to your ISP1 and ISP2 those prefixes which:

either  match access-list 1 (i.e., 67.x.x.0 0.0.7.255)

or match  ip as-path access-list 1 (i.e., ^$).

As your customer prefix will be

199.x.x.0 0.0.0.255 coming with an AS_PATH ^CUST$, none of the above conditions will be fulfilled, so the prefix will NOT be advertised to ISP1 nor ISP2.

So you would need to modify your outbound route-maps.

b) I'm afraid your

neighbor 67.x.x.x advertise-map ISP4 non-exist-map ISP3

configuration will not work the way you'd like to.

As the

non-exist-map ISP3

matches

ip as-path access-list 1 (i.e., permit ^$) or  access-list 1 (i.e., 199.x.x.0 0.0.0.255),

there will probably always exist a matching prefix and the customer would never advertise his prefix to you.

So IMHO, you should match some prefix received from ISP3 in the non-exist-map.

See

http://www.cisco.com/en/US/docs/ios/12_1/iproute/command/reference/1rdbgp.html#wp1150201

for details.

HTH,

Milan

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card