Solved: Re: BGP Question

benolyndav · ‎05-22-2021

Hi

We are currently peering using BGP with SP and they are setting up a secondary link for us if i copy and paste all the bgp config just changing the neigbor xxxxx still using same remote-as will bring this down bgp.??

Thanks

Giuseppe Larosa · ‎05-22-2021

Hello @benolyndav ,

adding a new eBGP session with another peer in the same AS of the ISP does not cause the existing eBGP session to flap.

>> ours side is a stack switch one link from sw1 to isp router 1 link from sw2 to isp router

From a logical point of view your switch stack acts as a single device so the configuration suggested by @paul driver is correct you can play with weight to make the existing link the preferred exit link and you can use your own AS number AS path prepend to make the secondary link less attractive for return traffic coming from the internet.

>>You looking to Loadbalance BGP Traffic or Failover? (then you need to add preference which links to be primary and secondary.

>>>>> some traffic will be going over the second link.

You are likely receiving only a default route or a subset of routes and a default route being your device a switch.

There are different options to put some traffic on the secondary link and to receive some traffic on the secondary link.

First of all, at BGP level it works at prefix level and it is destination based ( normal routing)

So looking in the upstream direction the secondary link can be used for:

specific destination prefixes that are only advertised on the secondary link or that have better BGP attributes then the corresponding received on primary link.

if you want to perform this in BGP you can use a route-map.

ip prefix-list ROUTES-VIA-2PATH seq 5 permit 200.200.200.0/24

ip prefix-list ROUTES-VIA-2PATH seq 5 permit 201.201.201.0/24

and so on

route-map RISE-WEIGHT-2PATH permit 10

match address prefix ROUTES-VIA-2PATH

set weight 55000

route-map RISE-WEIGHT-2PATH permit 20

set weight 40000

router bgp 10

neighbor <secondary > route-map RISE-WEIGHT-2PATH in

This is for the upstream direction = to the internet.

For traffic coming from the internet if you have multiple public IP address blocks, each of them /24 you can make one path the preferred return path for one prefix and other one the preferred return path for the other address block.

To achieve this there are two ways in BGP :

a) being the upstream provider the same, with same AS number you can use MED to influence return path. A lower MED value is the preferred return path for an advertised prefix.

b) using AS-path prepending in a selective way .

For using effectively MED we have to remember that a missing MED is considered equal to zero that is the best possible value.

Let us suppose yo have two address blocks to advertise:

100.100.100.0/24

100.101.101.0/24

MED approach:

ip prefix-list BLOCK1 permit 100.100.100.0/24

ip prefix-list 2 BLOCK2 permit 100.101.101.0/24

! route-map to be used outbound primary link

route-map PRIMARY-OUT permit 10

match address prefix BLOCK1

set metric 50

route-map PRIMARY-OUT permit 20

match address prefix BLOCK2

set metric 1000

! for the secondary we do the opposite

route-map SECONDARY-OUT permit 10

match address prefix BLOCK2

set metric 50

route-map SECONDARY-OUT permit 20

match address prefix BLOCK1

set metric 1000

router bgp 100

neighbor <primary link address > route-map PRIMARY-OUT out

neighbor <secondary link address > route-map SECONDARY-OUT out

The use of selective AS path prepending is similar remembering that no AS path prepending would mean preferred return path

The route-map could be the following

route-map AS-PRI-OUT permit 10

match address prefix BLOCK1

route-map AS-PRI-OUT permit 20

match address prefix BLOCK2

set as-path prepend 10 10 10

Finally, if you have a single address block and you want to put some traffic on the secondary link you can use PBR policy based routing to match on specific sources to be routed via the secondary link.

In a scenario like this all return traffic will come from one link.

Hope to help

Giuseppe

View solution in original post

balaji.bandi · ‎05-22-2021

No, it will not, but the below questions required to answer.

1. You have 2 different Links with 2 routers?

2. Are you using the same Router or a different Router to Peer?

3. You looking to Loadbalance BGP Traffic or Failover? (then you need to add preference which links to be primary and secondary.

below example help you :

https://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/13762-40.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

benolyndav · ‎05-22-2021

1. You have 2 different Links with 2 routers?

yes 2 links to 2 Routers

2. Are you using the same Router or a different Router to Peer?

ours side is a stack switch one link from sw1 to isp router 1 link from sw2 to isp router

3. You looking to Loadbalance BGP Traffic or Failover? (then you need to add preference which links to be primary and secondary.

some traffic will be going over the second link

Giuseppe Larosa · ‎05-22-2021

Hello @benolyndav ,

adding a new eBGP session with another peer in the same AS of the ISP does not cause the existing eBGP session to flap.

>> ours side is a stack switch one link from sw1 to isp router 1 link from sw2 to isp router

From a logical point of view your switch stack acts as a single device so the configuration suggested by @paul driver is correct you can play with weight to make the existing link the preferred exit link and you can use your own AS number AS path prepend to make the secondary link less attractive for return traffic coming from the internet.

>>You looking to Loadbalance BGP Traffic or Failover? (then you need to add preference which links to be primary and secondary.

>>>>> some traffic will be going over the second link.

You are likely receiving only a default route or a subset of routes and a default route being your device a switch.

There are different options to put some traffic on the secondary link and to receive some traffic on the secondary link.

First of all, at BGP level it works at prefix level and it is destination based ( normal routing)

So looking in the upstream direction the secondary link can be used for:

specific destination prefixes that are only advertised on the secondary link or that have better BGP attributes then the corresponding received on primary link.

if you want to perform this in BGP you can use a route-map.

ip prefix-list ROUTES-VIA-2PATH seq 5 permit 200.200.200.0/24

ip prefix-list ROUTES-VIA-2PATH seq 5 permit 201.201.201.0/24

and so on

route-map RISE-WEIGHT-2PATH permit 10

match address prefix ROUTES-VIA-2PATH

set weight 55000

route-map RISE-WEIGHT-2PATH permit 20

set weight 40000

router bgp 10

neighbor <secondary > route-map RISE-WEIGHT-2PATH in

This is for the upstream direction = to the internet.

For traffic coming from the internet if you have multiple public IP address blocks, each of them /24 you can make one path the preferred return path for one prefix and other one the preferred return path for the other address block.

To achieve this there are two ways in BGP :

a) being the upstream provider the same, with same AS number you can use MED to influence return path. A lower MED value is the preferred return path for an advertised prefix.

b) using AS-path prepending in a selective way .

For using effectively MED we have to remember that a missing MED is considered equal to zero that is the best possible value.

Let us suppose yo have two address blocks to advertise:

100.100.100.0/24

100.101.101.0/24

MED approach:

ip prefix-list BLOCK1 permit 100.100.100.0/24

ip prefix-list 2 BLOCK2 permit 100.101.101.0/24

! route-map to be used outbound primary link

route-map PRIMARY-OUT permit 10

match address prefix BLOCK1

set metric 50

route-map PRIMARY-OUT permit 20

match address prefix BLOCK2

set metric 1000

! for the secondary we do the opposite

route-map SECONDARY-OUT permit 10

match address prefix BLOCK2

set metric 50

route-map SECONDARY-OUT permit 20

match address prefix BLOCK1

set metric 1000

router bgp 100

neighbor <primary link address > route-map PRIMARY-OUT out

neighbor <secondary link address > route-map SECONDARY-OUT out

The use of selective AS path prepending is similar remembering that no AS path prepending would mean preferred return path

The route-map could be the following

route-map AS-PRI-OUT permit 10

match address prefix BLOCK1

route-map AS-PRI-OUT permit 20

match address prefix BLOCK2

set as-path prepend 10 10 10

Finally, if you have a single address block and you want to put some traffic on the secondary link you can use PBR policy based routing to match on specific sources to be routed via the secondary link.

In a scenario like this all return traffic will come from one link.

Hope to help

Giuseppe

benolyndav · ‎05-22-2021

Hi

This is what we currently have our provider has advised us just to cop everything and add to new neighbour statement, they do the rest for us

router bgp xxxx
bgp log-neighbor-changes
timers bgp 10 30
redistribute connected
redistribute static
redistribute ospf 1 metric 100 match internal external 1 external 2
neighbor 192.168.x.x remote-as xxx
neighbor 192.168.x.x password
neighbor 192.168.x.x send-community
neighbor 192.168.x.x allowas-in 1
neighbor 192.168.x.x soft-reconfiguration inbound
neighbor 192.168.x.x route-map RM_CPL_TO_TRENT_02 in
neighbor 192.168.x.x route-map RM_TRENT_TO_CPL out

paul driver · ‎05-22-2021

Hello

@benolyndav wrote:

changing the neigbor xxxxx still using same remote-as will bring this down bgp.??

Yes it will, however adding a addtional neigbour with the new peering address to the bgp stanza wont cause an outage, but prior to that I would make sure the primary bgp peering the preffered egress/ingress path

Example:
route-map ASpath
set as-path 10 10 10
prepend router bgp 10
neigbour <primary> wieight 50000
neigbour <secondary> wieight 40000
neigbour <secondary> route-map ASpath out

However for LB

Example:
Local route will be advertised to the ISP with prefferance given to ISP2 path, all other local routes via ISP1 path
ISP specific route will be advertised to local rtr with prefferance given to isp2 path, all other routes via ISPa path
Lasty only advertise local route the ISP via either path

ip prefix-list local-route permit x.0.0.0/8
ip prefix-list ISP2-route permit y.0.0.0/8
ip as-path access-list 1- permit ^$

route-map weight-ISP2 permit 10
match ip address prefix-list ISP2-route
set weight 55000

route-map weight-ISP2 permit 99
set weight 45000

route-map ASpath
match ip address prefix-list local-route
set as-path prepend 10 10

route-map ASpath2
set as-path prepend 10 10 10

router bgp 10
neighbor x.x.x.1 remote-as 11
neighbor x.x.x.1 weight 50000
neighbor x.x.x.1 route-map ASpath out
neighbor x.x.x.1 filter-list 10 out

neighbor x.x.x.2 remote-as 11
neighbor x.x.x.2 weight 40000
neighbor x.x.x.2 route-map weight-ISP2 in
neighbor x.x.x.2 route-map ASpath2 out
neighbor x.x.x.2 filter-list 10 out

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul