Solved: Re: BGP as-path prepend for specific destination - Page 2

mirage · ‎06-07-2023

Dear all,

I have a following topology in my lab:

R1 (as 208097) -- > R2 ISP (as16010)  -- R3 (as 35805)

                                                |

                                      R4 (as 10101)

I want to

prepend

my announce for AS35805 only with

as-path access-list

and

route-map

like this:

R1

interface FastEthernet0/0
ip address 2.2.2.1 netmask 255.255.255.252
duplex auto
speed auto

router bgp 20809
no synchronization
bgp router-id 1.1.1.254
bgp log-neighbor-changes
network 1.1.1.0 netmask 255.255.255.0
neighbor 2.2.2.2 remote-as 16010
neighbor 2.2.2.2 route-map BGP_OUT_RMAP out

ip as-path access-list 50 permit ^20809 16010 35805$
ip as-path access-list 50 deny .*

ip prefix-list MM seq 10 permit 1.1.1.0/24

route-map BGP_OUT_RMAP permit 10

match ip address prefix-list MM
match as-path 50
set as-path prepend 20809 20809

But it doesn't work

Does it possible?

mirage · ‎06-07-2023

Okay,

I'm waiting with great interest.. It's only possible to manipulate with R1 and R5-PRIMARY, and issue only with inbound traffic.

With outbound all is done via

route-map

, local preference and

 as-path acl

mirage · ‎06-07-2023

R5-Primary - to R5-ISP1 is primary (AS20809 - AS 34797)

R1 to R1 (AS20809 - AS16010) is backup.

When both links are active, I want to use R1 only for incomming traffic from AS 16010 and

prepend

path from all AS, connected next to AS16010, but as I understand it is not possible...

MHM Cisco World · ‎06-07-2023

No I can done, it easy If there is BGP between ISP primary and AS10101/AS35805,
in R5 primary router did you receive any

prefix

from AS10101/AS35805 via ISP primary ??

mirage · ‎06-07-2023

Yes,

prefixes

from 35805 and 10101 come from AS 34797.

M02@rt37 · ‎06-07-2023

Hello @mirage,

try instead of

ip as-path access-list 50 permit ^20809 16010 35805$

ip as-path access-list 50 permit ^20809_16010_35805$

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

mirage · ‎06-07-2023

Thanks for reply,

but it does not work..

M02@rt37 · ‎06-07-2023

Ok @mirage,

From R1 you have one RM in OUT - Then you work on the Outbound - You want to adjust the subnet [1.1.1.0/24] announced from R1 to R2 ISP and because you wanna play with

 AS-PREPEND

you want to play with the flow in entrance to R1 towards subnet 1.1.1.0/24 ---

Why you do not just

prepending

without the

AS-PATH ACL ?

What is your final goal ?

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

mirage · ‎06-07-2023

I've uploaded full topology image.

R5 to ISP has a 1gig channel, and R1 to ISP has 500 meg, so I want to use backup ISP channel for only AS16010 when primary link is active, any other AS must forward traffic to AS20809 via PRIMARY ISP and R5-PRIMARY.

When it fails, R1-to-R2(Backup isp) makes active for all incomming traffic.

Edson A. Hernandez · ‎06-07-2023

after perform the change you should clear

clear bgp ipv4 un neighbor 2.2.2.2 soft out

Giuseppe Larosa · ‎06-07-2023

Hello @mirage ,

you would like to perform

AS path prepend

only towards AS 35805 that is not directly connected to you ?

This is not possible.

You can decide to perform

As path prepending for prefix 1.1.1.0/24

toward your only eBGP peer in AS 16010

the

prefix

is locally injected in BGP in R1

>> network 1.1.1.0 netmask 255.255.255.0

so from the point of view of R1 the

AS path

attribute is empty, you can check this

with

show ip bgp 1.1.1.0

on R1

attempting to match on

As path ^20809 16010 35805$

would mean to be on R3 not on R1. It is R3 that sees that

AS path on the prefix 1.1.1.0/24

not R1.

Hope to help

Giuseppe

mirage · ‎06-07-2023

Thanks for answer,

To prepend full path for AS16010 is not a solution for me. If not possible, I think that all my best is done. Many thanks for your attention.

mirage · ‎06-07-2023

Many Thanks for all for your time an attention!!

mirage · ‎06-07-2023

But as I know, link between 16010 and 35805 and between 10101 and 16010 is better, then 34797 and 35808

MHM Cisco World · ‎06-07-2023

Using the

AS-PATH

I can change the path from R2 instead of go direct it go through the R1 and R3 AS300
what I do in R2 (backup)

R2#show running-config
Building configuration...

Current configuration : 2114 bytes
!
upgrade fpd auto
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
!
!
ip source-route
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
redundancy
!
!
ip tcp synwait-time 5
!
!
!
!
!
!
!
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
!
interface FastEthernet0/0
ip address 10.0.0.2 255.255.255.0
duplex half
!
!
interface Serial1/0
no ip address
shutdown
serial restart-delay 0
!
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
!
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
!
interface FastEthernet2/0
ip address 100.0.0.2 255.255.255.0
duplex auto
speed auto
!
!
interface FastEthernet2/1
no ip address
shutdown
duplex auto
speed auto
!
!
interface FastEthernet3/0
no ip address
shutdown
duplex auto
speed auto
!
!
interface FastEthernet3/1
no ip address
shutdown
duplex auto
speed auto
!
!
router bgp 100
no synchronization
bgp log-neighbor-changes
network 2.2.2.2 mask 255.255.255.255
neighbor 10.0.0.1 remote-as 100
neighbor 10.0.0.1 next-hop-self
neighbor 10.0.0.1 route-map MHM in
neighbor 100.0.0.4 remote-as 400
neighbor 100.0.0.4 route-map MHMb in
no auto-summary
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip as-path access-list 100 permit ^300_600$
ip as-path access-list 100 permit ^300_500$
!
!
no cdp log mismatch duplex
!
!
!
!
route-map MHMb permit 10
set weight 500
!
route-map MHM permit 10
match as-path 100
set weight 1000
!
route-map MHM permit 20
!
!
!
control-plane
!
!
!
mgcp fax t38 ecm
mgcp behavior g729-variants static-pt
!
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
!

mirage · ‎06-07-2023

Thanks for reply, I will try and write results..