03-14-2009 04:01 PM - edited 03-04-2019 03:55 AM
Hello ,
I would like consult some subject about BGP to the experienced BGP users. We are making a BGP connection to a two different ISPs via central site router. We are announcing our subnet via ISP-1 normally , but for ISP2 we are announcing the subnet with AS path prepending configuration. As a result , we still see inbound traffic from internet to our subnet via ISP-2. Is that possible to adjust more tuning for
inbound traffic ? We would like to achieve that there will be no inbound traffic via ISP-2.
By the way , in the next step of the configuration we would like to configure our multihomed BGP router with PBR & NBAR. What we are going to try with this is that for example p2p traffic from our subnet to the internet
will be detected with NBAR and it will be forwarded to the ISP-2 connection with PBR and the return traffic of this
connection will be come through the ISP-2 connection. (Symmetric traffic flow) How can be achive that ?
Kind Regards...
Burak Dikici
Note: I am writing the configuration of our multihomed BGP router below. (the real configuration's ip addresses
and BGP AS numbers has beed changed in the text which is writing below.)
router bgp 100
bgp log-neighbor-changes
neighbor 2.2.2.2 remote-as 222
neighbor 2.2.2.2 description ISP_2
neighbor 1.1.1.1 remote-as 111
neighbor 1.1.1.1 description ISP_1
!
address-family ipv4
no synchronization
network X.Y.0.0 mask 255.255.0.0
neighbor 2.2.2.2 activate
neighbor 2.2.2.2 route-map AS_path_prepend_for_ISP2 out
neighbor 2.2.2.2 filter-list 10 out
neighbor 1.1.1.1 activate
neighbor 1.1.1.1 route-map UPDATES_FOR_ISP1 in
neighbor 1.1.1.1 filter-list 10 out
no auto-summary
exit-address-family
ip as-path access-list 10 permit ^$
access-list 10 permit any
access-list 20 permit X.Y.0.0 0.0.255.255
route-map UPDATES_FOR_ISP1 permit 10
match ip address 10
set weight 100
route-map AS_path_prepend_for_ISP2 permit 10
match ip address 20
set as-path prepend 100 100 100 100 100
route-map AS_path_prepend_for_ISP2 permit 20
03-14-2009 05:29 PM
For your first question, the BGP Conditional Advertisement Feature might be of use. Don't advertise you subnet to ISP2 unless ISP1 fails. (More info: http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a0080094309.shtml)
For your second question, one method might be to use a different address block for your ISP2 PBR directed traffic. You'll likely need to use NAT so that the PBR traffic only returns to the "special" address block you only advertise via ISP2.
03-14-2009 08:38 PM
For my second question , what about redundancy ? Your advice is to use NATing , in this situation what if ISP-1 connection goes down , normal user traffic (other than p2p for example) will also be NATed , am i right ? Is this cause any problem for redundancy ?
03-14-2009 08:46 PM
By the way , if we use PAT for this process , is that couse any problem ?
(not NAT because , we have got a lot of client ip addresses and all of them are real ip addresses)
03-15-2009 06:13 AM
For your first question, what happens if the ISP1 traffic is not nat'ed? Well if your addresses change, current sessions would be broken. (BTW: I've been assuming you have your own public IP address blocks that work on both ISPs.) Can NAT be conditional? I'm not sure. It might if NAT could also trigger on something like PBR or some other condition. An example of the latter, might be two logical interfaces on the ISP2 connection. (Comments from anyone else?)
For your second question, PAT can be an issue. There are applications that are confused if their ports change. I've seen "cheap" consumer Internet routers handle this issue well, but some Cisco PAT (on "enterprise class" routers) didn't seem to work as well. (Perhaps someone with more experience will comment on this.)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide