Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2102
Views
4
Helpful
29
Replies

BGP path selection issue with AS prepend

Najib Akbari
Level 1
Level 1

‎08-28-2024 02:48 PM

Hi,

I have site ASA 1.1.1.1 and tunneled with static route to two Fortigate FW1 and FW2. each FW linked to LAN via Core SW -> VeloCloud SD-WAN, so both FW 1&2 has BGP neighborship with Core SW and Core SW with VeloCLoud A and B and to make A path less preferable I prepend the ASA subnet 192.168.168.0/24 ( redistributed as static into BGP ) route with FW1 ASN so from C prespective, the route from B path be more preferable but C site Core switch BGP prefers A even though it has longer AS-Path. i have limited knowledge of Velo-Clouds and i checked BGP settings on core switches and fortigate and no other attributes are affecting best-path decision unless something going on on VeloCloud and i do not know how to check. please advise

attached is the topology 

Labels:
Preview file
57 KB
0 Helpful
29 Replies 29

paul driver
VIP
VIP

‎08-28-2024 08:55 PM

Hello

@Najib Akbari wrote:
i have limited knowledge of Velo-Clouds and i checked BGP settings on core switches and fortigate and no other attributes are affecting best-path decision unless something going on on VeloCloud and i do not know how to check. please advise

Given where as-path is situated in bgp best selection, Its entirely possible that the Velocloud could is overwriting the as path-prepend when its receiving the prefixes from you?


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Najib Akbari
Level 1
Level 1
In response to paul driver

‎08-29-2024 08:08 AM

Yes it is possible. I did AS-Path prepend on site A core switch BGP outgoing adv towards VCloud

0 Helpful

paul driver
VIP
VIP
In response to Najib Akbari

‎08-29-2024 08:38 AM

Hello
You could possibly have a word with your ISP for the vcloud and see if that is the case, maybe they are expecting communities?
Another option you can control would be to summarise on the less desirable path and advertise more specific prefixes on the preferred path?


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Najib Akbari
Level 1
Level 1
In response to paul driver

‎08-29-2024 01:47 PM

summarize will work, but i was wondering if i can fix it with BGP attributes. I have admin access to VeloClouds but i need guidance how to verify it. when i do sh ip bgp on core switch it does not show both records from two different source of advertisement routers, it seems then VCloud does sort of filter and relay only one route, if that source stops/fils then relays the other one but always prefers the one coming from site A ( what do you think? )

can you elaborate on communities maybe? how do i verify and maybe use it

0 Helpful

paul driver
VIP
VIP
In response to Najib Akbari

‎08-29-2024 02:31 PM

Hello

@Najib Akbari wrote:
I have admin access to VeloClouds but i need guidance how to verify it

you dont mention what the Velocloud is, however maybe you can verify the bgp process configuration, do you see any attributes being applied that can negate ingress route prefixes pertaining to as-path prepending



Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Najib Akbari
Level 1
Level 1
In response to paul driver

‎08-29-2024 02:42 PM

VCloud is VMWARE SD-WAN appliances managed by ATT and I have admin access

0 Helpful

MHM Cisco World
VIP
VIP

‎08-28-2024 10:18 PM - edited ‎09-02-2024 08:42 AM

MHM

0 Helpful

Najib Akbari
Level 1
Level 1
In response to MHM Cisco World

‎08-29-2024 08:12 AM

Yes, two VTI tunnel going to FW 1&2. No BGP on ASA. with static route higher metric on traffic going to FW1 so makes FW2 primary link from ASA point of view

0 Helpful

MHM Cisco World
VIP
VIP
In response to Najib Akbari

‎08-29-2024 08:22 AM - edited ‎09-02-2024 08:42 AM

MHM

0 Helpful

MHM Cisco World
VIP
VIP
In response to MHM Cisco World

‎08-29-2024 08:26 AM - edited ‎09-02-2024 08:43 AM

MHM

0 Helpful

Najib Akbari
Level 1
Level 1
In response to MHM Cisco World

‎08-29-2024 01:48 PM

no, different AS # and yes i am aware of that, thnx

0 Helpful

MHM Cisco World
VIP
VIP
In response to Najib Akbari

‎08-29-2024 02:01 PM - edited ‎09-02-2024 08:43 AM

MHM

0 Helpful

Najib Akbari
Level 1
Level 1
In response to MHM Cisco World

‎08-29-2024 02:10 PM

Velo does not remove private AS#, it always relays the route learned from Site A even thu sh ip bgp shows prepended AS #.

on your second though of summary and small prefix, thats different approach of forcing certain path with most specific and that already discussed in this case, thats feasible but i want to do it with BGP.

0 Helpful

MHM Cisco World
VIP
VIP
In response to Najib Akbari

‎08-29-2024 02:16 PM - edited ‎09-02-2024 08:41 AM

MHM

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card