10-27-2022 08:20 PM - edited 10-27-2022 08:29 PM
Hello guys, looking for some advice for manipulating inbound traffic
Currently my network have 2 different ISP with 3 different AS
topology :
The goal is all traffic is going through AS 4761 and 17922 since it has higher bandwidth while AS 141125 only standby for backup if main connection fails.
as we can see from the weathermap there are traffic coming from INIX AS141125, but i already set locpref on the outbound and prepend on the inbound traffic.
Really appreciate for all input, thanks!
here is the configuration for reference :
router bgp 149176
bgp log-neighbor-changes
timers bgp 10 30
neighbor 103.158.98.145 remote-as 141125
neighbor 103.158.98.149 remote-as 141125
neighbor 114.5.179.149 remote-as 4761
neighbor 114.5.179.149 timers 10 30
neighbor 124.195.38.1 remote-as 17922
neighbor 124.195.38.1 timers 10 30
neighbor 124.195.39.1 remote-as 17922
neighbor 124.195.39.1 timers 10 30
!
address-family ipv4
network 103.158.98.144 mask 255.255.255.252
network 103.158.98.148 mask 255.255.255.252
network 114.5.179.148 mask 255.255.255.252
network 124.195.38.0 mask 255.255.254.0
network 198.51.101.0
redistribute static
neighbor 103.158.98.145 activate
neighbor 103.158.98.145 soft-reconfiguration inbound
neighbor 103.158.98.145 route-map RADM-INIX-TO-ITB-AJW in
neighbor 103.158.98.145 route-map RADM-INIX-PREPEND-ITB-AJW-OUT out
neighbor 103.158.98.149 activate
neighbor 103.158.98.149 soft-reconfiguration inbound
neighbor 103.158.98.149 route-map RADM-INP-TO-ITB-AJW in
neighbor 103.158.98.149 route-map RADM-INP-ITB-AJW-OUT out
neighbor 114.5.179.149 activate
neighbor 114.5.179.149 soft-reconfiguration inbound
neighbor 114.5.179.149 route-map INP-TO-ITB-AJW in
neighbor 114.5.179.149 route-map INP-ITB-AJW-OUT out
neighbor 124.195.38.1 activate
neighbor 124.195.38.1 soft-reconfiguration inbound
neighbor 124.195.38.1 route-map INIX-TO-ITB-AJW in
neighbor 124.195.38.1 route-map INIX-PREPEND-ITB-AJW-OUT out
neighbor 124.195.39.1 activate
neighbor 124.195.39.1 soft-reconfiguration inbound
neighbor 124.195.39.1 route-map INIX-TO-ITB-AJW in
neighbor 124.195.39.1 route-map INIX-PREPEND-ITB-AJW-OUT out
exit-address-family
!
ip forward-protocol nd
no ip http server
no ip http secure-server
ip tftp source-interface GigabitEthernet0
ip route 0.0.0.0 0.0.0.0 103.158.98.145 50
ip route 10.200.0.0 255.255.0.0 10.200.0.2
ip route 198.51.101.0 255.255.255.0 10.200.0.2
ip tacacs source-interface Loopback1
!
ip ssh version 2
ip ssh client algorithm encryption aes256-cbc
!
!
ip prefix-list DEFAULT-ROUTE seq 5 permit 0.0.0.0/0
!
ip prefix-list DENY-ALL seq 5 deny 0.0.0.0/0 le 32
!
ip prefix-list ITB-AJW-ROUTE seq 10 permit 198.51.101.0/24
access-list 1 permit 167.205.23.29
access-list 1 permit 167.205.23.19
access-list 1 permit 167.205.1.247
!
!
route-map RADM-INP-ITB-AJW-OUT permit 10
match ip address prefix-list ITB-AJW-ROUTE
set as-path prepend 149176 149176 149176 149176 149176 149176
!
route-map INIX-PREPEND-ITB-AJW-OUT permit 10
match ip address prefix-list ITB-AJW-ROUTE
set as-path prepend 149176 149176
!
route-map RADM-INIX-TO-ITB-AJW permit 10
set local-preference 300
!
route-map INIX-TO-ITB-AJW permit 10
set local-preference 500
!
route-map RADM-INIX-PREPEND-ITB-AJW-OUT permit 10
match ip address prefix-list ITB-AJW-ROUTE
set as-path prepend 149176 149176 149176 149176 149176 149176 149176 149176
!
route-map INP-ITB-AJW-OUT permit 10
match ip address prefix-list ITB-AJW-ROUTE
!
route-map RADM-INP-TO-ITB-AJW permit 10
set local-preference 300
!
route-map INP-TO-ITB-AJW permit 10
match ip address prefix-list DEFAULT-ROUTE
set local-preference 500
!
10-28-2022 01:26 AM
Hello,
which traffic is coming in through the 'undesired' link ?
10-30-2022 02:18 AM
Hello @Georg Pauwen ,
as we can see in the weather map,
there are inbound traffic coming from INIX AS 141125 while it supposed coming from either AS 4761 or AS 17922
10-28-2022 01:46 AM
show ip bgp
share the output here
10-30-2022 02:21 AM
Hi @MHM Cisco World ,
do you mean this ?
BGP router identifier 198.51.101.240, local AS number 149176
BGP table version is 16432096, main routing table version 16432096
245212 network entries using 60812576 bytes of memory
1006008 path entries using 136817088 bytes of memory
84088/41056 BGP path/bestpath attribute entries using 23544640 bytes of memory
34833 BGP AS-PATH entries using 1976632 bytes of memory
4688 BGP community entries using 555496 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 223706432 total bytes of memory
503001 received paths for inbound soft reconfiguration
BGP activity 3703172/3457955 prefixes, 15528103/14522095 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
103.158.98.145 4 141125 18514 19444 16432096 0 0 2d03h 2
103.158.98.149 4 141125 33202 24166 16432096 0 0 2d15h 13050
114.5.179.149 4 4761 52148 54784 16432096 0 0 6d00h 1
124.195.38.1 4 17922 769103 54774 16432096 0 0 6d00h 244974
124.195.39.1 4 17922 744353 54760 16432096 0 0 6d00h 244974
10-30-2022 02:59 AM
no I need output of show ip bgp like above
I need to see if you receive same prefix from multipath and need to see attribute for each path
10-30-2022 05:21 AM
10-30-2022 06:22 AM
1-who is 124.195.38.8 ?? I dont see as any peer
2- why you advertise the prefix between two peer in BGP, this job of IGP not BGP,
this make LOOP remove any network use to connect to peer under BGP config
network 103.158.98.144 mask 255.255.255.252 network 103.158.98.148 mask 255.255.255.252 network 114.5.179.148 mask 255.255.255.252 network 124.195.38.0 mask 255.255.254.0
10-30-2022 07:52 AM
ok, but i believe it got filtered anyway. since i dont see my network advertised those network
Border-ITB-AJW#show ip bgp neighbor 114.5.179.149 advertised-routes
BGP table version is 16547823, local router ID is 198.51.101.240
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 198.51.101.0 10.200.0.2 0 32768 i
Total number of prefixes 1
Border-ITB-AJW#show ip bgp neighbor 124.195.38.1 advertised-routes
BGP table version is 16547823, local router ID is 198.51.101.240
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 198.51.101.0 10.200.0.2 0 32768 i
Total number of prefixes 1
Border-ITB-AJW#show ip bgp neighbor 103.158.98.145 advertised-routes
BGP table version is 16547842, local router ID is 198.51.101.240
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 198.51.101.0 10.200.0.2 0 32768 i
Total number of prefixes 1
Border-ITB-AJW#show ip bgp neighbor 103.158.98.149 advertised-routes
BGP table version is 16547842, local router ID is 198.51.101.240
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 198.51.101.0 10.200.0.2 0 32768 i
Total number of prefixes 1
124.195.38.8 is igp i think, since my peer 124.195.38.1 is/23
10-30-2022 08:46 AM
""124.195.38.8 is igp i think, since my peer 124.195.38.1 is/23""
iBGP keep next-hop same so it can be IGP
but I see AS is different so it eBGP and in eBGP next-hop is peer IP not IGP.
so are you sure what we see is boarder Router BGP or other router behind it??
10-30-2022 08:10 AM
Hello
your route-maps are very convoluted to read, however it seems you have mixed traffic engineering which is providing the results you are seeing, suggest you make some changes to correct this, also as you only have a single router to 5 ebgp peers using the weight attribute would be a better alternative to local preference
As-apath sequence order for ingress traffic (longest first)
* both share the same (all being equal choose next bgp path selection)
neighbor 103.158.98.145 ASN141125
neighbor 103.158.98.149 ASN141125
neighbor 124.195.38.1 * ASN17922
neighbor 124.195.39.1 * ASN17922
neighbor 114.5.179.149 ASN4761 (most preferred by ISP if based on as-path)
Local-Preference sequence order for egress traffic: (lowest first)
* both share the same (all being equal choose next bgp path selection)
# both share the same (all being equal choose next bgp path selection)
neighbor 103.158.98.145 * ASN141125
neighbor 103.158.98.149 * ASN141125
neighbor 114.5.179.149 * ASN4761
neighbor 124.195.38.1 # ASN17922
neighbor 124.195.39.1# ASN17922
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide