cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
503
Views
5
Helpful
2
Replies
Bekzod Fakhriddinov
Enthusiast

BGP path inbound manipulation for specific subnet

Hi guys, trying to run lab described here https://www.noction.com/knowledge-base/bgp-inbound-traffic-engineering but I wanted to make it a little bit complex : so subnet 190.0.0.0/16 should goes via PE2 but the rest subnets (I added 172.16.0.0/16) go via PE1 . I have GNS3 with 3600 v12.4 ios, and can use only route-maps. I am trying to do AS-path prepend towards PE1 for specific subnet 190.0.0.0/16 and make it less preferred for inbound traffic only for that subnet. Whatever  I tried (empty route-map 20, route-map 20 with match only to ip any any allowed acl ) BGP is sending everything via PE2 :(  .  Here is config: 

R1(config-route-map)# do sho run | s bgp
router bgp 6400
no synchronization
bgp log-neighbor-changes
network 1.1.1.1 mask 255.255.255.255
neighbor 1.1.1.3 remote-as 6400
neighbor 1.1.1.3 update-source Loopback0
neighbor 1.1.1.3 next-hop-self
neighbor 11.0.0.2 remote-as 6500
neighbor 11.0.0.2 route-map BGP_PREFERRED in
neighbor 11.0.0.2 route-map AS-PATH-RPL out
no auto-summary

 

R1(config-route-map)# do sho run | s route-map
neighbor 11.0.0.2 route-map BGP_PREFERRED in
neighbor 11.0.0.2 route-map AS-PATH-RPL out
route-map BGP_PREFERRED permit 10
set local-preference 200
route-map AS-PATH-RPL permit 10
match policy-list CUST-PS
set as-path prepend 6400 6400 6400
route-map AS-PATH-RPL permit 20
match policy-list PERMI_IN_BGP

 

R1(config-route-map)# do sho run | s ip access-lis
ip access-list extended CUST-PS       < should come via PE2 
permit ip 190.0.0.0 0.0.255.255 any


ip access-list extended PERMI_IN_BGP   < the rest of the subnets coming via PE1
permit ip host 1.1.1.1 any
permit ip 172.16.0.0 0.0.255.255 any
permit ip 11.0.0.0 0.0.0.3 any
permit ip 10.0.0.0 0.0.0.3 any

 

PE1# sho ip bgp

Network Next Hop Metric LocPrf Weight Path
*> 0.0.0.0 0.0.0.0 0 32768 i
* i 2.2.2.2 0 100 0 i
*>i1.1.1.2/32 2.2.2.2 0 100 0 6400 i  ## 2.2.2.2 is PE2 
*>i1.1.1.3/32 2.2.2.2 0 100 0 6400 i
*>i172.16.0.0 2.2.2.2 0 100 0 6400 i
*>i190.0.0.0 2.2.2.2 0 100 0 6400 i

Anyone can recommend solution? 

Thanks

1 ACCEPTED SOLUTION

Accepted Solutions
paul driver
VIP Expert

Hello


@Bekzod Fakhriddinov wrote:

can use only route-maps. I am trying to do AS-path prepend towards PE1 for specific subnet 190.0.0.0/16 and make it less preferred for inbound traffic only for that subnet. Whatever  I tried (empty route-map 20, route-map 20 with match only to ip any any allowed acl ) BGP is sending everything via PE2s


AS_PATH prepending is mostly used for advertsing a least prefferd path to upstream ebgp peers
Local preferance is used to prefer an exit from your local AS domain

First of all your route-map isnt matching correctly it need to match on the extended access-list of CUST-PS, not a policy list and second that ace entry in your ACL should be a prefix that your advertising towards the ISP.

So in the below example:

route-map AS-PATH-RPL permit 10
no match policy-list CUST-PS
match ip address CUST-PS  <-- the prefix in this ACL will be as-prepended towards the ISP

 

route-map AS-PATH-RPL permit 20 <--This a catch all statment so all other routes wont be prepedned
no match policy-list PERMI_IN_BGP


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

2 REPLIES 2
paul driver
VIP Expert

Hello


@Bekzod Fakhriddinov wrote:

can use only route-maps. I am trying to do AS-path prepend towards PE1 for specific subnet 190.0.0.0/16 and make it less preferred for inbound traffic only for that subnet. Whatever  I tried (empty route-map 20, route-map 20 with match only to ip any any allowed acl ) BGP is sending everything via PE2s


AS_PATH prepending is mostly used for advertsing a least prefferd path to upstream ebgp peers
Local preferance is used to prefer an exit from your local AS domain

First of all your route-map isnt matching correctly it need to match on the extended access-list of CUST-PS, not a policy list and second that ace entry in your ACL should be a prefix that your advertising towards the ISP.

So in the below example:

route-map AS-PATH-RPL permit 10
no match policy-list CUST-PS
match ip address CUST-PS  <-- the prefix in this ACL will be as-prepended towards the ISP

 

route-map AS-PATH-RPL permit 20 <--This a catch all statment so all other routes wont be prepedned
no match policy-list PERMI_IN_BGP


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Great , it works now. Thank you