cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1366
Views
18
Helpful
7
Replies

BGP Influencing inbound path

paddyxdoyle
Frequent Contributor
Frequent Contributor

Hi All,

I'm trying to influence our routing so that traffic that is coming into our network via a certain AS number will hopefully avoid that AS number and take a different path. I'm thinking of doing this using AS prepends to the specific AS number, is the following example correct please?

The AS i want to avoid is listed below as 22222, the "match community 2" statement is a community ACL we use to match ours and our customers prefixes that we advertise to the net.

ip as-path access-list 1 permit _22222$

!

route-map test-out permit 5

match as-path 1

set as-path prepend 11111 11111 11111 11111

!

route-map test-out permit 10

match community 2

!

The reason behind this is we are trying to get a reliable connection back from a host. This hosts AS has two paths out, one is very unreliable and the other is fine. So hopefully by sending our prefixes to the unreliable AS with prepends, the target AS will see this information and take the better path back to our network.

If this is correct, Is this the best way to achieve these results?

Thanks in advance

PJ

7 Replies 7

Edison Ortiz
Hall of Fame Mentor Hall of Fame Mentor
Hall of Fame Mentor

If you want your host to be advertised with a preferred path via one AS, you need to match your host route and set a as-prepend out to the neighbor via the unwanted path.

For instance:

ip prefix-list host->22222 permit host [host]

route-map test-out permit 5

match ip prefix-list host->22222

set as-path prepend 11111 11111 11111 11111

!

route-map test-out permit 10

HTH,

__

Edison.

Hi,

If applicable you could also leak a more specific route to the preferred AS hence traffic will always come in via the path that has the more specific route.

It would be helpful if you could give a bit more details on the topology if possible. Thx

mheusing
Cisco Employee
Cisco Employee

Hi PJ,

You are right that AS path prepending is the only way to possibly achieve a desired return traffic pattern beyond the ASes you are peering with.

The technical reason is that the well-known mandatory attributes in BGP are origin, next hop - which changes as routes are propagated - and AS path. So the latter is the only adjustable attribute, where we can be sure it will be propagated beyond the neighboring AS.

As you also might know, there are "better" attributes like Local Preference, which basically means that any AS in the internet can ignore your path prepending and implement a policy conflicting with yours. There is a big "A" in AS, i.e. they are autonomous, which is why I wrote "possibly achieve" above.

Be careful with AS path prepending however, as you cannot only do this for a "connection back from a host". The AS path prepended will be seen by the whole internet and thus change the routing behaviour of all ASes out there.

After this introduction let me summarize what I understood your situation is. You are concerned about traffic returning to your AS following the BGP updates you announce to the internet - your "community 2" routes - especially from a particular host. The topology is either:

A) your AS is 11111, host is in AS 55555 and should not go through 22222, inbetween there are many ASes and you are peering with at least two e.g. 33333, 44444.

AS 55555 and any other AS inbetween 11111 and 55555 might have a policy conflicting with yours. E.g. AS 55555 might choose AS 22222 as prefered exit to the internet (with weight or local preference), because AS 22222 is cheaper for them, they have a faster connection to them or the like.

Thus, there is NO solution, which will ENSURE your desired result.

B) your AS is 11111, host is in AS 55555 and traffic should not go through 22222, which you are peering with together with another AS e.g. 33333

The config you gave is not achieving the desired result. What you can try to do:

router bgp 11111

neighbor 2.2.2.2 remote-as 22222

neighbor 2.2.2.2 route-map AS-Prep out

neighbor 3.3.3.3 remote-as 33333

route-map AS-Prep permit 10

match community 2

set as-path prepend 11111 11111 11111 11111

route-map AS-Prep permit 9999

You can also try this for case A) and cross fingers ... ;-)

Hope this helps! Please use the rating sytem.

Regards,

Martin

paddyxdoyle
Frequent Contributor
Frequent Contributor