Re: bgp inbound traffic manipulation

ucha arifki · ‎10-27-2022

Hello guys, looking for some advice for manipulating inbound traffic

Currently my network have 2 different ISP with 3 different AS

topology :

The goal is all traffic is going through AS 4761 and 17922 since it has higher bandwidth while AS 141125 only standby for backup if main connection fails.
as we can see from the weathermap there are traffic coming from INIX AS141125, but i already set locpref on the outbound and prepend on the inbound traffic.

Really appreciate for all input, thanks!

here is the configuration for reference :

router bgp 149176
 bgp log-neighbor-changes
 timers bgp 10 30
 neighbor 103.158.98.145 remote-as 141125
 neighbor 103.158.98.149 remote-as 141125
 neighbor 114.5.179.149 remote-as 4761
 neighbor 114.5.179.149 timers 10 30
 neighbor 124.195.38.1 remote-as 17922
 neighbor 124.195.38.1 timers 10 30
 neighbor 124.195.39.1 remote-as 17922
 neighbor 124.195.39.1 timers 10 30
 !
 address-family ipv4
  network 103.158.98.144 mask 255.255.255.252
  network 103.158.98.148 mask 255.255.255.252
  network 114.5.179.148 mask 255.255.255.252
  network 124.195.38.0 mask 255.255.254.0
  network 198.51.101.0
  redistribute static
  neighbor 103.158.98.145 activate
  neighbor 103.158.98.145 soft-reconfiguration inbound
  neighbor 103.158.98.145 route-map RADM-INIX-TO-ITB-AJW in
  neighbor 103.158.98.145 route-map RADM-INIX-PREPEND-ITB-AJW-OUT out
  neighbor 103.158.98.149 activate
  neighbor 103.158.98.149 soft-reconfiguration inbound
  neighbor 103.158.98.149 route-map RADM-INP-TO-ITB-AJW in
  neighbor 103.158.98.149 route-map RADM-INP-ITB-AJW-OUT out
  neighbor 114.5.179.149 activate
  neighbor 114.5.179.149 soft-reconfiguration inbound
  neighbor 114.5.179.149 route-map INP-TO-ITB-AJW in
  neighbor 114.5.179.149 route-map INP-ITB-AJW-OUT out
  neighbor 124.195.38.1 activate
  neighbor 124.195.38.1 soft-reconfiguration inbound
  neighbor 124.195.38.1 route-map INIX-TO-ITB-AJW in
  neighbor 124.195.38.1 route-map INIX-PREPEND-ITB-AJW-OUT out
  neighbor 124.195.39.1 activate
  neighbor 124.195.39.1 soft-reconfiguration inbound
  neighbor 124.195.39.1 route-map INIX-TO-ITB-AJW in
  neighbor 124.195.39.1 route-map INIX-PREPEND-ITB-AJW-OUT out
 exit-address-family
!
ip forward-protocol nd
no ip http server
no ip http secure-server
ip tftp source-interface GigabitEthernet0
ip route 0.0.0.0 0.0.0.0 103.158.98.145 50
ip route 10.200.0.0 255.255.0.0 10.200.0.2
ip route 198.51.101.0 255.255.255.0 10.200.0.2
ip tacacs source-interface Loopback1
!
ip ssh version 2
ip ssh client algorithm encryption aes256-cbc
!
!
ip prefix-list DEFAULT-ROUTE seq 5 permit 0.0.0.0/0
!
ip prefix-list DENY-ALL seq 5 deny 0.0.0.0/0 le 32
!
ip prefix-list ITB-AJW-ROUTE seq 10 permit 198.51.101.0/24
access-list 1 permit 167.205.23.29
access-list 1 permit 167.205.23.19
access-list 1 permit 167.205.1.247
!
!
route-map RADM-INP-ITB-AJW-OUT permit 10
 match ip address prefix-list ITB-AJW-ROUTE
 set as-path prepend 149176 149176 149176 149176 149176 149176
!
route-map INIX-PREPEND-ITB-AJW-OUT permit 10
 match ip address prefix-list ITB-AJW-ROUTE
 set as-path prepend 149176 149176
!
route-map RADM-INIX-TO-ITB-AJW permit 10
 set local-preference 300
!
route-map INIX-TO-ITB-AJW permit 10
 set local-preference 500
!
route-map RADM-INIX-PREPEND-ITB-AJW-OUT permit 10
 match ip address prefix-list ITB-AJW-ROUTE
 set as-path prepend 149176 149176 149176 149176 149176 149176 149176 149176
!
route-map INP-ITB-AJW-OUT permit 10
 match ip address prefix-list ITB-AJW-ROUTE
!
route-map RADM-INP-TO-ITB-AJW permit 10
 set local-preference 300
!
route-map INP-TO-ITB-AJW permit 10
 match ip address prefix-list DEFAULT-ROUTE
 set local-preference 500
!

Georg Pauwen · ‎10-28-2022

Hello,

which traffic is coming in through the 'undesired' link ?

ucha arifki · ‎10-30-2022

Hello @Georg Pauwen ,
as we can see in the weather map,

there are inbound traffic coming from INIX AS 141125 while it supposed coming from either AS 4761 or AS 17922

MHM Cisco World · ‎10-28-2022

show ip bgp
share the output here

ucha arifki · ‎10-30-2022

Hi @MHM Cisco World ,
do you mean this ?

BGP router identifier 198.51.101.240, local AS number 149176
BGP table version is 16432096, main routing table version 16432096
245212 network entries using 60812576 bytes of memory
1006008 path entries using 136817088 bytes of memory
84088/41056 BGP path/bestpath attribute entries using 23544640 bytes of memory
34833 BGP AS-PATH entries using 1976632 bytes of memory
4688 BGP community entries using 555496 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 223706432 total bytes of memory
503001 received paths for inbound soft reconfiguration
BGP activity 3703172/3457955 prefixes, 15528103/14522095 paths, scan interval 60 secs

Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
103.158.98.145  4       141125   18514   19444 16432096    0    0 2d03h           2
103.158.98.149  4       141125   33202   24166 16432096    0    0 2d15h       13050
114.5.179.149   4         4761   52148   54784 16432096    0    0 6d00h           1
124.195.38.1    4        17922  769103   54774 16432096    0    0 6d00h      244974
124.195.39.1    4        17922  744353   54760 16432096    0    0 6d00h      244974

MHM Cisco World · ‎10-30-2022

no I need output of show ip bgp like above
I need to see if you receive same prefix from multipath and need to see attribute for each path

ucha arifki · ‎10-30-2022

Hi @MHM Cisco World

MHM Cisco World · ‎10-30-2022

1-who is 124.195.38.8 ?? I dont see as any peer

2- why you advertise the prefix between two peer in BGP, this job of IGP not BGP,

this make LOOP remove any network use to connect to peer under BGP config

network 103.158.98.144 mask 255.255.255.252
  network 103.158.98.148 mask 255.255.255.252
  network 114.5.179.148 mask 255.255.255.252
  network 124.195.38.0 mask 255.255.254.0

ucha arifki · ‎10-30-2022

ok, but i believe it got filtered anyway. since i dont see my network advertised those network

Border-ITB-AJW#show ip bgp neighbor 114.5.179.149 advertised-routes
BGP table version is 16547823, local router ID is 198.51.101.240
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
              t secondary path,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>   198.51.101.0     10.200.0.2               0         32768 i

Total number of prefixes 1
Border-ITB-AJW#show ip bgp neighbor 124.195.38.1 advertised-routes
BGP table version is 16547823, local router ID is 198.51.101.240
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
              t secondary path,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>   198.51.101.0     10.200.0.2               0         32768 i

Total number of prefixes 1
Border-ITB-AJW#show ip bgp neighbor 103.158.98.145 advertised-routes
BGP table version is 16547842, local router ID is 198.51.101.240
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
              t secondary path,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>   198.51.101.0     10.200.0.2               0         32768 i

Total number of prefixes 1
Border-ITB-AJW#show ip bgp neighbor 103.158.98.149 advertised-routes
BGP table version is 16547842, local router ID is 198.51.101.240
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
              t secondary path,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>   198.51.101.0     10.200.0.2               0         32768 i

Total number of prefixes 1

124.195.38.8 is igp i think, since my peer 124.195.38.1 is/23

MHM Cisco World · ‎10-30-2022

""124.195.38.8 is igp i think, since my peer 124.195.38.1 is/23""
iBGP keep next-hop same so it can be IGP
but I see AS is different so it eBGP and in eBGP next-hop is peer IP not IGP.

so are you sure what we see is boarder Router BGP or other router behind it??

paul driver · ‎10-30-2022

Hello
your route-maps are very convoluted to read, however it seems you have mixed traffic engineering which is providing the results you are seeing, suggest you make some changes to correct this, also as you only have a single router to 5 ebgp peers using the weight attribute would be a better alternative to local preference

As-apath sequence order for ingress traffic (longest first)
* both share the same (all being equal choose next bgp path selection)

neighbor 103.158.98.145 ASN141125
neighbor 103.158.98.149 ASN141125
neighbor 124.195.38.1 * ASN17922
neighbor 124.195.39.1 * ASN17922
neighbor 114.5.179.149 ASN4761 (most preferred by ISP if based on as-path)

Local-Preference sequence order for egress traffic: (lowest first)
* both share the same (all being equal choose next bgp path selection)
# both share the same (all being equal choose next bgp path selection)

neighbor 103.158.98.145 * ASN141125
neighbor 103.158.98.149 * ASN141125
neighbor 114.5.179.149 * ASN4761
neighbor 124.195.38.1 # ASN17922
neighbor 124.195.39.1# ASN17922

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul