Re: BGP Multihoming and syncronous traffic flow for the differen

burakdinci · ‎04-10-2009

ISP-1 ------ ISP-2

same country ISP ------ outside of country ISP

| |

------- My router (Cisco 7600)--------

|

User's real subnet (for example 50.50.0.0)

Hello ,

I have got two different ISPs connections from my router. One of the ISP is in my country (local ISP) , other IPS is in the different country. Here are the requiremets ;

If the traffic is p2p and if it goes to the outside of the country , use ISP-2. And the return of this traffic will come from the ISP-2 link. (syncronous traffic flow)

The other traffic types will use the ISP-1 connection. For example , maybe p2p traffic goes inside of the country. Use ISP-1 connection for this type of traffic as well.

How can i differentiate the traffic goes to the inside of the country , or the outside of the country ?

The users have got real ip addresses. (Nearly 10.000 users.) To catch the p2p traffic , i think we have to use NBAR. To route the different kind of traffic types , i think we have to use PBR. For this kind of request , i can use NATing on the ISP-2 link. But , is this cause any problem for this type of connection on the Cisco 7600 model router ? Is NAT doing on the Cisco 7600 router by software based or hardware based ? For complete scenario , we have to use NAT , PBR and NBAR. Is that cause any problem on the Cisco 7600 router , what about performance ? Could you give me an idea how can it be done ? Kind Regards...

Burak Dikici

Marwan ALshawi · ‎04-10-2009

ok

first of all as long as you have the connectivity with your ISPs as bgp

then i twould say bgp will let you play with path-selction better than using nbar or PBR regarding simplicity and performance as well

u may need nbar or PBR in some sijuations butin general if u have multihomed bgp links

BGP can help u

about how to know this traffic ouside the country or inside

you need to kow your country real IPs range maybe the ISP can help you or search the net about the your country IPs range

this way yo can use wight or localprefrence to make the ISP1 link prefered for any traffic going to your country IP range

for traffic coming back it looks a bit tricky

but one trick you could use

as long as you gonna use nat

make the traffic going thorugh ISP1 use a spicific range of that nat and the other use the rest of the nat pool

this way you will have tow pools

oneuse through IPS1 abd other through ISP2

do ur nat correctly test it

then for any traffic going through ISP1 u goonsa use pool1 now add tow more ASs to IP range from pool2 and make it through route-map in the outboung direction toward ISP1

this way any traffic will use ISP2 thorugh pool2 will be ssen btter to go back thorugh ISPs as well

i think it look a bit complex but when configure it not very complex

HTH

Marwan ALshawi · ‎04-10-2009

hi there

this is an example of config

consider tow links u have and 120.1.1.0 is the range of outside country range and 150.1.1.0 is local range of your country

these to routes each one go thorugh diffrent link and also used as prepend to prefere the path back as well

wish this will help you just lab example just did it

router bgp 2200

no synchronization

bgp log-neighbor-changes

network 192.168.1.0

network 192.168.2.0

neighbor 192.168.1.1 remote-as 10

neighbor 192.168.1.1 route-map AS10 in

neighbor 192.168.1.1 route-map map2 out

neighbor 192.168.2.1 remote-as 20

neighbor 192.168.2.1 route-map AS20 in

neighbor 192.168.2.1 route-map map1 out

no auto-summary

!

ip forward-protocol nd

no ip http server

no ip http secure-server

!

ip nat pool 120 192.168.1.10 192.168.1.20 prefix-length 24

ip nat pool 150 192.168.2.10 192.168.2.20 prefix-length 24

ip nat inside source list 120 pool 120

ip nat inside source list 150 pool 150

!

logging alarm informational

access-list 1 permit 192.168.1.0

access-list 2 permit 192.168.2.0

access-list 10 permit 120.1.1.0 0.0.0.255

access-list 20 permit 150.1.1.0 0.0.0.255

access-list 120 permit ip any 120.1.1.0 0.0.0.255

access-list 150 permit ip any 150.1.1.0 0.0.0.255

!

route-map AS20 permit 20

match ip address 20

set weight 120

!

route-map AS20 permit 30

!

route-map AS10 permit 20

match ip address 10

set weight 120

!

route-map AS10 permit 30

!

route-map map1 permit 10

set as-path prepend 30

!

route-map map1 permit 20

match ip address 1

set as-path prepend 2200 2200 2200 2200

!

route-map map1 permit 30

!

route-map map2 permit 20

match ip address 2

set as-path prepend 2200 2200 2200 2200

!

route-map map2 permit 30

!

if helpful Rate

good luck

burakdinci · ‎04-10-2009

Hello ,

Just using AS path prepending is not enough to adjust certain inbound traffic. I have tested it , but i am still getting inbound traffic from ISP-2. I want to configure the ISP-2 link as backup for all traffic except p2p outside country traffic.

Is that possible to configure this kind of traffic flow without using NAT ?

Marwan ALshawi · ‎04-11-2009

what you mean in P2P is it the P2P download ?

AS prepend just a good way

but u need to checkl with your ISP what method thet consider for BGP attributes to influnce the path selection

ofcourse it is possible with nat and without nat depends on your network

u can use the ideas i posted above just done use nat will work the same

good luck

HTH

burakdinci · ‎04-11-2009

I mean peer to peer traffic. Peer to peer traffic to the outside of the country , i will go over the ISP-2 link , and the return traffic of this connection will come back through the same ISP-2 link.

My clients are using the real ip addresses. If i advertise their subnet from the ISP-1 with BGP to the outside world , the outside world knows them via the ISP-1 link and the their return traffic will come through the ISP-1 link.

I i catch the outside of the country with p2p traffic with NBAR and route this traffic to the ISP-2 with PBR , what about the return traffic of this connection ? At this point the NATing comes in the play. The outside of the country with p2p traffic's source ip address will be NATed to the ISP-2 NAT pool addresses. And this NAT pool addresses will be advertise with BGP only to the ISP-2 link. Therefore , the outside world knows this addresses only through the ISP-2 and the return traffic of this connection will come back through the ISP-2 link , it is symmetrical traffic flow for the outside of the country with p2p traffic. Am i right ?

How can it be done without using the NAT ?

Regards...

milan.kulik · ‎04-11-2009

Hi,

IMHO, without NAT it's impossible.

The outside world will not be able to differentiate between P2P and non-P2P traffic from/to the same device.

It will always route both the same direction - based on the destination IP address.

BR,

Milan

Marwan ALshawi · ‎04-11-2009

i agree that it is not possible without nat

in other words u need to give every device static real public IP assigned from ur ISP which is not practical and dont think about it

just use nat and diffrent pools this will be easy

and make is simple awlays to avoid complixity when you troubleshoot issues

good luck

please rate the helpful post

BGP Multihoming and syncronous traffic flow for the different traffic types