Solved: Re: BGP filtering - best method?

darren.g · ‎11-04-2012

Learned colleagues.

I have recently upgraded my company's network significantly, and in the process removed our Cisco edge routers and firewalls (gasp!), and replaced them with another vendor who gave a better price point for the router.

However, i was only able to get ONE edge router, whereas before I had two, so I want to recycle one of my old 2921's as a cold standby (in case the brown sticky stuff hits the rotating air distribution blades, and $other-vendor router dies).

Trouble is, the 2921 does not, I believe, have sufficient system resources to take the full routing table we're getting from our two ISP's.

What I would like to ask is people's thoughts on the best method for me to configure the BGP setup on the 2921 to do the following

1) Accept the default route from each ISP and discard *everything* else in the route table

2) Modify our advertisement (ad prepend) out the "secondary" ISP to reduce the priority of traffic coming in over this link

3) Configure the OUTBOUND priorities so that the "primary" link is used by preference for outgoing traffic (which will effectively shut down the secondary link for outbound traffic

Now, it's funny that BGP is the one area where I have more experience on $other_vvendor than I do on Cisco - so pointers on how best I could do this (configuration examples, maybe?) would be aprpeciated.

Thanks

Cheers.

blau grana · ‎11-05-2012

Hi darren

this config should do what you need, ISP will be preffered because of weight and AS prepending via route maps

interface FastEthernet0/0

description ISP1

ip address 10.0.13.3 255.255.255.0

interface FastEthernet0/1

description ISP2

ip address 10.0.23.3 255.255.255.0

router bgp 300

no synchronization

bgp log-neighbor-changes

network 130.0.0.0 mask 255.0.0.0

neighbor 10.0.13.1 remote-as 100

neighbor 10.0.13.1 weight 65500

neighbor 10.0.13.1 route-map BGP-policy-IN in

neighbor 10.0.23.2 remote-as 200

neighbor 10.0.23.2 route-map BGP-policy-IN in

neighbor 10.0.23.2 route-map BGP-prepend-OUT out

ip prefix-list local-prefix seq 5 permit 130.0.0.0/8

ip prefix-list only-default seq 5 permit 0.0.0.0/0

route-map BGP-policy-IN permit 10

match ip address prefix-list only-default

route-map BGP-prepend-OUT permit 10

match ip address prefix-list local-prefix

set as-path prepend 300 300 300

Best Regards Please rate all helpful posts and close solved questions

View solution in original post

Syed Siraj Uddin · ‎11-06-2012

Hi
Routes with a higher weight value have preference when multiple routes to the same destination exist.

Sent from Cisco Technical Support iPhone App

View solution in original post

varununiyal · ‎11-04-2012

For the above you need to perform the following:

a) Apply route-map in on both the primary and secondary and on the default-route accepted by the primary increase the local-preference

On Primary:

router bgp 100

neighbor route-map ACCEPT_DEF in

route-map ACCEPT_DEF

match ip address 99

set local-preference 200

access-list 99 permit 0.0.0.0 0.0.0.0

On Secondary:

router bgp 100

neighbor route-map ACCEPT_DEF in

route-map ACCEPT_DEF

match ip address 99

access-list 99 permit 0.0.0.0 0.0.0.0

b) for the Secondary router to be less preferred for incoming traffic, apply outbound route-map with AS prepend on secondary router:

router bgp 100

neighbor route-map PREP out

route-map PREP

set as-path prepend 100 100 100....(your local AS as many times as you'd like to prepend)

darren.g · ‎11-04-2012

Varun.

Thanks for the input, but that's not quite what I meant I was doing.

$other_vendor router is active, and my primary. It carries both links, and both full BGP tables. The Cisco is going to be ONLY a cold spare, but it will have *both* my internet links in it if it has to be turned on (layer 2 switch will connect it to the physical links, but the ports will be shutdown - if the primary router fails, I simply enable the ports for the secondary router.

You have given me what I need to make the Cisco filter and accept the default route only - could I apply the same route-map to two BGP peers to make it filter them both?

EG

router bgp 100

neighbor x.x.x.x remote-as XXXX

neighbor x.x.x.x route-map ACCEPT_DEF in

neighbor y.y.y.y remote-as YYYY

neighbor y.y.y.y route-map ACCEPT_DEF in

Would that give me just two default routes to each peer? If so, how do i tell the 2921 that x.x.x.x is the higher preference for outbound?

Cheers

blau grana · ‎11-05-2012

Hi darren

this config should do what you need, ISP will be preffered because of weight and AS prepending via route maps

interface FastEthernet0/0

description ISP1

ip address 10.0.13.3 255.255.255.0

interface FastEthernet0/1

description ISP2

ip address 10.0.23.3 255.255.255.0

router bgp 300

no synchronization

bgp log-neighbor-changes

network 130.0.0.0 mask 255.0.0.0

neighbor 10.0.13.1 remote-as 100

neighbor 10.0.13.1 weight 65500

neighbor 10.0.13.1 route-map BGP-policy-IN in

neighbor 10.0.23.2 remote-as 200

neighbor 10.0.23.2 route-map BGP-policy-IN in

neighbor 10.0.23.2 route-map BGP-prepend-OUT out

ip prefix-list local-prefix seq 5 permit 130.0.0.0/8

ip prefix-list only-default seq 5 permit 0.0.0.0/0

route-map BGP-policy-IN permit 10

match ip address prefix-list only-default

route-map BGP-prepend-OUT permit 10

match ip address prefix-list local-prefix

set as-path prepend 300 300 300

Best Regards Please rate all helpful posts and close solved questions

darren.g · ‎11-06-2012

Thanks for that - exactly what I needed to know. I reckon I can configure this thing properly now (not that I'm likely to need it, but backsides must be covered!)

Only one additional question, and one that always confuses me with Cisco priorities - is the "weight" of 65500 more preferred or less preferred? Is the higher number better or worse?

Cheers, and thanks again!

Syed Siraj Uddin · ‎11-06-2012

Hi
Routes with a higher weight value have preference when multiple routes to the same destination exist.

Sent from Cisco Technical Support iPhone App

darren.g · ‎11-06-2012

Sweet, thanks! Think I've got everything I need now!