Re: BGP and as-path prepend to influence inbound traffic

gasparmenendez · ‎02-07-2018

Hi folks,

I ruuning Multihoming BGP with 2 ISPs since a while ago, a very simple configuration. Here are the relevant parts:

interface TenGigabitEthernet0/0/0
description *** ISP Level3 ***
ip address 208.X.X.182 255.255.255.252
!
interface TenGigabitEthernet0/0/1
description *** ISP Metrocarrier ***
ip address 187.Y.Y.113 255.255.255.254
shutdown
!
router bgp 2???25
bgp log-neighbor-changes
network Z.Z.240.0 mask 255.255.252.0
network Z.Z.240.0 mask 255.255.254.0
network Z.Z.242.0 mask 255.255.254.0
neighbor 187.Y.Y.112 remote-as 13999
neighbor 187.Y.Y.112 password 7 ********************
neighbor 187.Y.Y.112 route-map MC out
neighbor 208.X.X.181 remote-as 3549
neighbor 208.X.X.181 password 7 ********************
neighbor 208.X.X.181 route-map L3 out
!

ip route Z.Z.240.0 255.255.252.0 Null0
ip route Z.Z.240.0 255.255.254.0 Null0
!
ip prefix-list L3 seq 10 permit Z.Z.240.0/22
ip prefix-list L3 seq 15 deny 0.0.0.0/0
!
ip prefix-list MC seq 10 permit Z.Z.240.0/23 le 27
ip prefix-list MC seq 20 permit Z.Z.242.0/23 le 27
ip prefix-list MC seq 30 deny 0.0.0.0/0
!
route-map MC permit 10
match ip address prefix-list MC
!
route-map L3 permit 10
match ip address prefix-list L3
!

so far so good. As you can see I have interface TenGigabitEthernet0/0/1 shut down in order to force inbound traffic to come through ISP connected to interface TenGigabitEthernet0/0/0. Obviously automatic failover is not working. When ISP Level3 goes down I need to manually turn interface TenGigabitEthernet0/0/1 up. In order to solve this I've been reading the BGP Documentation and I think I can use the as-path prepend command to influence the inbound traffic but I understand that I can not use two route-map on the same neighbor, is that correct?? how can I achieve my gold, can anybody help me please ?? or the best way is to ask to my ISP to AS prepend my block to the other ISPs ???

Thanks. BR.

chrihussey · ‎02-07-2018

Hello,

1- It is unclear to me why the prefix lists don't match. I do not believe you are properly advertising your routes to L3 with the one you have configured. Check with "show ip bgp nei 208.X.X.182 advertised-routes".

2- Instead of using a route map to apply the prefix list for advertising to both neighbors, simply use the "neighbor x.x.x.x prefix-list (name) out"

3- Once you have done this you can prepend to the ISPs using a route-map.

Hope this helps

gasparmenendez · ‎02-07-2018

I'm getting this:

Contencion1001-X#sh ip bgp neighbors 208.Z.Z.181 advertised-routes
BGP table version is 23562466, local router ID is 208.Z.Z.182
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network              Next Hop            Metric LocPrf Weight Path
*> Z.Z.240.0/22     0.0.0.0                  0         32768 i

Total number of prefixes 1
Contencion1001-X#

don't know if that helps. I'll try what you suggest. I forgot to mention that this equipment is in production so, is there any chance of an outage???

thanks.

willwetherman · ‎02-07-2018

Hi,

Try the following. Note that you will need to advertise the /22 prefix out of both links otherwise the longer /23 prefixes advertised out of TenGig0/0/1 will be preferred regardless of the configured as-path length.

router bgp 2???25
bgp log-neighbor-changes
network Z.Z.240.0 mask 255.255.252.0
neighbor 187.Y.Y.112 remote-as 13999
neighbor 187.Y.Y.112 password 7 ********************
neighbor 187.Y.Y.112 route-map MC out
neighbor 208.X.X.181 remote-as 3549
neighbor 208.X.X.181 password 7 ********************

neighbor 208.X.X.181 route-map L3 out

!

ip prefix-list PREFIX1 seq 10 permit Z.Z.240.0/22

!
route-map MC permit 10

match ip address prefix-list PREFIX1
set as-path prepend 2???25 2???25 2???25

!

route-map L3 permit 10

match ip address prefix-list PREFIX1

gasparmenendez · ‎03-17-2018

hello @willwetherman, sorry for the delay...just today I had chance to apply what you suggested me in a safely way, but guess what ?? it half worked...now with both interfaces up, some amonunt of traffic is coming through Tgi0/0/0 and the rest through Tgi0/0/1, don´t know based on what criteria??? Any idea why??

Thanks a lot in advance.

gasparmenendez · ‎03-20-2018

sorry for asking, but maybe I should open a new thread cause this one is too old???

chrihussey · ‎03-20-2018

Where are you seeing the traffic irregularity, inbound or outbound. Can you post your configs?

Thanks

gasparmenendez · ‎03-20-2018

irregularity is in inbound traffic...one funny thing (or that I don't understand why is happening) is that my inbound traffic is 3.5 Gbps aprox. total, and of that amount, 2 Gbps aprox are comming through Tgig0/0/1 and the rest (1.5 Gbps aprox.) are comming through Tgig0/0/0....my configs are:

router bgp 2???25
bgp log-neighbor-changes
network Z.Z.240.0 mask 255.255.252.0
neighbor 187.Y.Y.112 remote-as 13999
neighbor 187.Y.Y.112 password 7 ********************
neighbor 187.Y.Y.112 route-map MC out
neighbor 208.X.X.181 remote-as 3549
neighbor 208.X.X.181 password 7 ********************

neighbor 208.X.X.181 route-map L3 out

!

ip prefix-list PREFIX1 seq 10 permit Z.Z.240.0/22

!
route-map MC permit 10

match ip address prefix-list PREFIX1
set as-path prepend 2???25 2???25 2???25

!

route-map L3 permit 10

match ip address prefix-list PREFIX1

thanks!!

chrihussey · ‎03-20-2018

Can you check some looking glass sites to see if you are advertising with the as-path prepending?

https://us.ntt.net/support/looking-glass/

http://lookingglass.level3.net/

http://lg.evolink.net/

https://www.sprint.net/lg/lg_start.php

gasparmenendez · ‎03-20-2018

I think I'm because before using the as-path prepending my whole inbound traffic were coming through Tgig0/0/1, at least now it's splitted...let me check with looking glass and get back here.

gasparmenendez · ‎03-20-2018

here it is:

chrihussey · ‎03-20-2018

Well that's good. And if you do "show ip bgp neighbor advertised-routes" the advertisements are identical and just the /22?

gasparmenendez · ‎03-20-2018

yes they are....look here:;

chrihussey · ‎03-20-2018

Well it certainly looks like you are doing everything right. Tough to say why you are seeing what you are.

1- Slight chance there are users on or behind AS13999 that still prefer that path. You could try prepending an additional 2 or three more times.

2- Perform trace routes from various looking glass sites to see if any choose AS13999 as opposed to L3. That may help identify what is happening.

3- Check some of the larger ISP looking glass sites (Sprint, Time Warner, Cogent, etc) to see which AS they are preferring. It may be filtered to larger providers.

Like I said, it looks like you are doing everything right. It might be the result of other providers.

gasparmenendez · ‎03-20-2018

ok I'm going to prepend 3 more times to see what happens...if nothing change then I'm going to explore the other options, just to be sure that is a thing with my providers. Anyway I think at the end I can advertise two /23 to L3 and all my inbound traffic should come through it, right??