cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1124
Views
5
Helpful
2
Replies

BGP path inbound manipulation for specific subnet

Hi guys, trying to run lab described here https://www.noction.com/knowledge-base/bgp-inbound-traffic-engineering but I wanted to make it a little bit complex : so subnet 190.0.0.0/16 should goes via PE2 but the rest subnets (I added 172.16.0.0/16) go via PE1 . I have GNS3 with 3600 v12.4 ios, and can use only route-maps. I am trying to do AS-path prepend towards PE1 for specific subnet 190.0.0.0/16 and make it less preferred for inbound traffic only for that subnet. Whatever  I tried (empty route-map 20, route-map 20 with match only to ip any any allowed acl ) BGP is sending everything via PE2 :(  .  Here is config: 

R1(config-route-map)# do sho run | s bgp
router bgp 6400
no synchronization
bgp log-neighbor-changes
network 1.1.1.1 mask 255.255.255.255
neighbor 1.1.1.3 remote-as 6400
neighbor 1.1.1.3 update-source Loopback0
neighbor 1.1.1.3 next-hop-self
neighbor 11.0.0.2 remote-as 6500
neighbor 11.0.0.2 route-map BGP_PREFERRED in
neighbor 11.0.0.2 route-map AS-PATH-RPL out
no auto-summary

 

R1(config-route-map)# do sho run | s route-map
neighbor 11.0.0.2 route-map BGP_PREFERRED in
neighbor 11.0.0.2 route-map AS-PATH-RPL out
route-map BGP_PREFERRED permit 10
set local-preference 200
route-map AS-PATH-RPL permit 10
match policy-list CUST-PS
set as-path prepend 6400 6400 6400
route-map AS-PATH-RPL permit 20
match policy-list PERMI_IN_BGP

 

R1(config-route-map)# do sho run | s ip access-lis
ip access-list extended CUST-PS       < should come via PE2 
permit ip 190.0.0.0 0.0.255.255 any


ip access-list extended PERMI_IN_BGP   < the rest of the subnets coming via PE1
permit ip host 1.1.1.1 any
permit ip 172.16.0.0 0.0.255.255 any
permit ip 11.0.0.0 0.0.0.3 any
permit ip 10.0.0.0 0.0.0.3 any

 

PE1# sho ip bgp

Network Next Hop Metric LocPrf Weight Path
*> 0.0.0.0 0.0.0.0 0 32768 i
* i 2.2.2.2 0 100 0 i
*>i1.1.1.2/32 2.2.2.2 0 100 0 6400 i  ## 2.2.2.2 is PE2 
*>i1.1.1.3/32 2.2.2.2 0 100 0 6400 i
*>i172.16.0.0 2.2.2.2 0 100 0 6400 i
*>i190.0.0.0 2.2.2.2 0 100 0 6400 i

Anyone can recommend solution? 

Thanks

1 Accepted Solution

Accepted Solutions

Hello


@Bekzod Fakhriddinov wrote:

can use only route-maps. I am trying to do AS-path prepend towards PE1 for specific subnet 190.0.0.0/16 and make it less preferred for inbound traffic only for that subnet. Whatever  I tried (empty route-map 20, route-map 20 with match only to ip any any allowed acl ) BGP is sending everything via PE2s


AS_PATH prepending is mostly used for advertsing a least prefferd path to upstream ebgp peers
Local preferance is used to prefer an exit from your local AS domain

First of all your route-map isnt matching correctly it need to match on the extended access-list of CUST-PS, not a policy list and second that ace entry in your ACL should be a prefix that your advertising towards the ISP.

So in the below example:

route-map AS-PATH-RPL permit 10
no match policy-list CUST-PS
match ip address CUST-PS  <-- the prefix in this ACL will be as-prepended towards the ISP

 

route-map AS-PATH-RPL permit 20 <--This a catch all statment so all other routes wont be prepedned
no match policy-list PERMI_IN_BGP


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

2 Replies 2

Hello


@Bekzod Fakhriddinov wrote:

can use only route-maps. I am trying to do AS-path prepend towards PE1 for specific subnet 190.0.0.0/16 and make it less preferred for inbound traffic only for that subnet. Whatever  I tried (empty route-map 20, route-map 20 with match only to ip any any allowed acl ) BGP is sending everything via PE2s


AS_PATH prepending is mostly used for advertsing a least prefferd path to upstream ebgp peers
Local preferance is used to prefer an exit from your local AS domain

First of all your route-map isnt matching correctly it need to match on the extended access-list of CUST-PS, not a policy list and second that ace entry in your ACL should be a prefix that your advertising towards the ISP.

So in the below example:

route-map AS-PATH-RPL permit 10
no match policy-list CUST-PS
match ip address CUST-PS  <-- the prefix in this ACL will be as-prepended towards the ISP

 

route-map AS-PATH-RPL permit 20 <--This a catch all statment so all other routes wont be prepedned
no match policy-list PERMI_IN_BGP


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Great , it works now. Thank you 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: