Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2646
Views
0
Helpful
25
Replies

BGP Default route for two different ISP

Go to solution
satish.txt1
Level 3
Level 3

‎01-13-2025 07:35 PM - edited ‎01-13-2025 07:35 PM

Folks, 

I have two ISP terminated on my two distinct edge routers (Its Cisco Nexus 93180 Switch) from here its connected to Border Leaf switch which is connected to EVPN fabric. This is new setup so my question is can I connect both border lead switches to two different ISP for redundancy and take default BGP route? Reason I am asking because my Edge routers are L3 switches and they can't take full BGP table. (Because of budget issue we can't replace them over night). 

All I want to know are there any major issue with this approach? I am only looking for redundancy if just incase ISP-A or B down so I have backup route.

Screenshot 2025-01-13 at 10.27.50 PM.png

 

0 Helpful
25 Replies 25

Go to solution
M02@rt37
VIP
VIP
In response to satish.txt1

‎04-15-2025 02:05 PM

@satish.txt1 

AS-path prepend only affects prefixes you advertise to your upstream ISP. If you are receiving a default route from your ISP, and not advertising anything back, then you cannot prepend AS path for inbound traffic manipulation — because you're not advertising anything...

On the other hand, as conerned local-preference, the direction is inbound to the Border Leaf, because it is a non-transitive attribute used within your AS (65001) to select the best path outbound to the internet.

 

 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.
0 Helpful

Go to solution
satish.txt1
Level 3
Level 3
In response to M02@rt37

‎04-15-2025 02:16 PM

I am getting default routes from ISP and Advertising my EVPN public IP in /32 form and I will use aggregate-address summary-only to suppress them. In that case as-path prepend should work right? 

Question do I need network statement in edge to send route to ISP?  Example following 

router bgp 3500
log-neighbor-changes
neighbor 1.1.1.1
  remote-as 1500
  network 100.100.100.0/24        <----------- something like this? 
  description ** eBGP peer with ISP-1 **
  address-family ipv4 unicast
    send-community
    send-community extended

 

0 Helpful

Go to solution
satish.txt1
Level 3
Level 3
In response to satish.txt1

‎04-25-2025 07:33 AM

M02@rt37  Finally I have deploy entire configuration in production and as you said I found traffic was asynchronous. Coming Ingress from ISP-1 and Egress from ISP-2 and I fixed that setting Local Pref  to 150  on EDGE-1 but now I want to shift traffic to EDGE-2 and trying to do AS-PATH prepending but that doesn't work. 

I have added following on ISP-1 peer but that has no impact at all still traffic was Ingress on ISP-1. I have a feeling that how does PREPEND work in default route if its just default to you. is it possible BGP default route doesn't support PREPEND to ISP? 

route-map PREPEND-TO-ISP-1 out 

 

0 Helpful

Go to solution
paul driver
VIP
VIP

‎04-26-2025 11:28 AM - edited ‎04-28-2025 02:53 PM

Hello
Regards your ISP<>Edge-BGW ebgp peering, I would say there would be no requirement to use Local-AS peering here, you can simply use remove-private-as on the Edge rtr towards the ISPs, the isps will then only see any fabric routes originating from the Edge ASN 3500 thus you private ASN will be hidden.

As for those edge rtrs I would suggest to have IBGP peering between each of them so to provide the sharing routing information, path preference( ie: local preference) and resilience between the ISP and the BGWs

BGWs - can you confirm if these are separate vteps or clusters such as vPC as this can have an impact on how you advertise those default routes into the fabric and how you want to route externally, in either case you would need to route leak between the external and customer vrfs (route-target export/ imports)


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Go to solution
satish.txt1
Level 3
Level 3
In response to paul driver

‎04-26-2025 06:53 PM

I like your idea but still its not going to solve the problem of ingress traffic from ISP. I don't think using iBGP vs eBGP will make big different here for traffic engineering at ISP level. 

Also my border-leaf switches independent and they are not running any vPC. I believe somehow my ISP not accepting AS-PATH prepending. I have already open case with them to fix this issue. 

0 Helpful

Go to solution
paul driver
VIP
VIP
In response to satish.txt1

‎04-27-2025 01:12 PM - edited ‎04-28-2025 02:52 PM

Hello

@satish.txt1 wrote:

 I don't think using iBGP vs eBGP will make big different here for traffic engineering at ISP level. 

FYI - I  did not state use iBGP instead of eBGP, I meant to use iBGP between your edge rtrs in such a case it would help with traffic engineering in/out of your fabric and ISP

With a iBGP peering between the edge rtrs and with hiding your private as (remove-private-as) you then have control on egress traffic using LP and ingress via as-path prepending or even MED if you wish, as such when traffic enters either edge rtr from the fabric traffic should flow the direction you desire it .


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Go to solution
satish.txt1
Level 3
Level 3
In response to paul driver

‎04-27-2025 08:28 PM - edited ‎04-27-2025 08:29 PM

Thank you! but as I mentioned earlier AS-PATH prepend doesn't working with my ISP. (I believe its because they don't allow it or may be policy restriction). How does iBGP help in AS-PATH prepend if ISP doesn't support?  

My problem is I am taking bgp default route. If I take full table then I may have more control on ingress traffic on edge. 

0 Helpful

Go to solution
paul driver
VIP
VIP
In response to satish.txt1

‎04-28-2025 02:13 AM

Hello

@satish.txt1 wrote:

How does iBGP help in AS-PATH prepend if ISP doesn't support? 

TLocal Pref  to 150  on EDGE-1 but now I want to shift traffic to EDGE-2 and trying to do AS-PATH prepending but that doesn't work. 

The edge rtrs have no way of seeing each other via bgp, So due to the discretionary nature of LP (update messages) it isn't really adequate here but it would be IF you had iBGP between the Edge rtrs as that LP would be shared.
Also those edge rtrs would be able to receive each others default routes that are being advertised by the ISPs as such would have resiliency incase either lost its own peering with the ISP - so traffic coming in from the fabric should be able to continue to route to its own BGW without re-routing over the vxlan, as it will hit the edge rtrs and then traverse over the Ibgp interconnect and out towards the active ISP

Can you confirm from the edge rtrs that you ARE pre-pending on ASN 3500 and not any other ASN ?



Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Go to solution
satish.txt1
Level 3
Level 3
In response to paul driver

‎04-28-2025 08:26 AM

I talked to my ISP and they said, we are seeing private ASN in routes 65535 and 65001 and they are saying please remove private ASN advertisement. As per my diagram you can see I am running private ASN in my EVPN fabric and between Edge and border-leaf. 

After google I found remove-private-as command to remove private ASN to send to your ISP but does this going to break my routing connectivity?  what is the impact if I apply this command in production? 

0 Helpful

Go to solution
paul driver
VIP
VIP
In response to satish.txt1

‎04-28-2025 02:58 PM

Hello @satish.txt1 
My bad,  sincere apologies i was getting the replace-as and  remove-private -as  commands mixed up  i was stating one and thinking of the other.

So to confirm -  remove-private -as  WILL hide the private AS from being seen with in the AS-PATH sequence  by either ISP, as such they will see the fabric routes as originating from AS 3500 ( the edge routers)

Apply that command towards either ISP peering on the edge rtrs:

neighbour <ispX > remove-private-as

Note: the  remove-private-as all  is only required is you have a mixture of private-public ASNs  in the AS-PATH sequence received from either fabric rtr


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Go to solution
satish.txt1
Level 3
Level 3
In response to paul driver

‎04-28-2025 05:24 PM

Finally after applying remove-private-as all command fixed my issue. Now I can see traffic ingress on ISP-B. Also I can see both route in BGP looking glass routing tables. Thank you so much for the help folks. multiple people help me here with all sort of help. Not sure whose answer i should be accepting. 

0 Helpful
Customers Also Viewed These Support Documents