05-22-2021 12:33 AM
Hi
We are currently peering using BGP with SP and they are setting up a secondary link for us if i copy and paste all the bgp config just changing the neigbor xxxxx still using same remote-as will bring this down bgp.??
Thanks
Solved! Go to Solution.
05-22-2021 08:58 AM - edited 05-22-2021 09:01 AM
Hello @benolyndav ,
adding a new eBGP session with another peer in the same AS of the ISP does not cause the existing eBGP session to flap.
>> ours side is a stack switch one link from sw1 to isp router 1 link from sw2 to isp router
From a logical point of view your switch stack acts as a single device so the configuration suggested by @paul driver is correct you can play with weight to make the existing link the preferred exit link and you can use your own AS number AS path prepend to make the secondary link less attractive for return traffic coming from the internet.
>>You looking to Loadbalance BGP Traffic or Failover? (then you need to add preference which links to be primary and secondary.
>>>>> some traffic will be going over the second link.
You are likely receiving only a default route or a subset of routes and a default route being your device a switch.
There are different options to put some traffic on the secondary link and to receive some traffic on the secondary link.
First of all, at BGP level it works at prefix level and it is destination based ( normal routing)
So looking in the upstream direction the secondary link can be used for:
specific destination prefixes that are only advertised on the secondary link or that have better BGP attributes then the corresponding received on primary link.
if you want to perform this in BGP you can use a route-map.
ip prefix-list ROUTES-VIA-2PATH seq 5 permit 200.200.200.0/24
ip prefix-list ROUTES-VIA-2PATH seq 5 permit 201.201.201.0/24
and so on
route-map RISE-WEIGHT-2PATH permit 10
match address prefix ROUTES-VIA-2PATH
set weight 55000
route-map RISE-WEIGHT-2PATH permit 20
set weight 40000
router bgp 10
neighbor <secondary > route-map RISE-WEIGHT-2PATH in
This is for the upstream direction = to the internet.
For traffic coming from the internet if you have multiple public IP address blocks, each of them /24 you can make one path the preferred return path for one prefix and other one the preferred return path for the other address block.
To achieve this there are two ways in BGP :
a) being the upstream provider the same, with same AS number you can use MED to influence return path. A lower MED value is the preferred return path for an advertised prefix.
b) using AS-path prepending in a selective way .
For using effectively MED we have to remember that a missing MED is considered equal to zero that is the best possible value.
Let us suppose yo have two address blocks to advertise:
100.100.100.0/24
100.101.101.0/24
MED approach:
ip prefix-list BLOCK1 permit 100.100.100.0/24
ip prefix-list 2 BLOCK2 permit 100.101.101.0/24
! route-map to be used outbound primary link
route-map PRIMARY-OUT permit 10
match address prefix BLOCK1
set metric 50
route-map PRIMARY-OUT permit 20
match address prefix BLOCK2
set metric 1000
! for the secondary we do the opposite
route-map SECONDARY-OUT permit 10
match address prefix BLOCK2
set metric 50
route-map SECONDARY-OUT permit 20
match address prefix BLOCK1
set metric 1000
router bgp 100
neighbor <primary link address > route-map PRIMARY-OUT out
neighbor <secondary link address > route-map SECONDARY-OUT out
The use of selective AS path prepending is similar remembering that no AS path prepending would mean preferred return path
The route-map could be the following
route-map AS-PRI-OUT permit 10
match address prefix BLOCK1
route-map AS-PRI-OUT permit 20
match address prefix BLOCK2
set as-path prepend 10 10 10
Finally, if you have a single address block and you want to put some traffic on the secondary link you can use PBR policy based routing to match on specific sources to be routed via the secondary link.
In a scenario like this all return traffic will come from one link.
Hope to help
Giuseppe
05-22-2021 02:09 AM
No, it will not, but the below questions required to answer.
1. You have 2 different Links with 2 routers?
2. Are you using the same Router or a different Router to Peer?
3. You looking to Loadbalance BGP Traffic or Failover? (then you need to add preference which links to be primary and secondary.
below example help you :
https://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/13762-40.html
05-22-2021 04:49 AM
1. You have 2 different Links with 2 routers?
yes 2 links to 2 Routers
2. Are you using the same Router or a different Router to Peer?
ours side is a stack switch one link from sw1 to isp router 1 link from sw2 to isp router
3. You looking to Loadbalance BGP Traffic or Failover? (then you need to add preference which links to be primary and secondary.
some traffic will be going over the second link
05-22-2021 08:58 AM - edited 05-22-2021 09:01 AM
Hello @benolyndav ,
adding a new eBGP session with another peer in the same AS of the ISP does not cause the existing eBGP session to flap.
>> ours side is a stack switch one link from sw1 to isp router 1 link from sw2 to isp router
From a logical point of view your switch stack acts as a single device so the configuration suggested by @paul driver is correct you can play with weight to make the existing link the preferred exit link and you can use your own AS number AS path prepend to make the secondary link less attractive for return traffic coming from the internet.
>>You looking to Loadbalance BGP Traffic or Failover? (then you need to add preference which links to be primary and secondary.
>>>>> some traffic will be going over the second link.
You are likely receiving only a default route or a subset of routes and a default route being your device a switch.
There are different options to put some traffic on the secondary link and to receive some traffic on the secondary link.
First of all, at BGP level it works at prefix level and it is destination based ( normal routing)
So looking in the upstream direction the secondary link can be used for:
specific destination prefixes that are only advertised on the secondary link or that have better BGP attributes then the corresponding received on primary link.
if you want to perform this in BGP you can use a route-map.
ip prefix-list ROUTES-VIA-2PATH seq 5 permit 200.200.200.0/24
ip prefix-list ROUTES-VIA-2PATH seq 5 permit 201.201.201.0/24
and so on
route-map RISE-WEIGHT-2PATH permit 10
match address prefix ROUTES-VIA-2PATH
set weight 55000
route-map RISE-WEIGHT-2PATH permit 20
set weight 40000
router bgp 10
neighbor <secondary > route-map RISE-WEIGHT-2PATH in
This is for the upstream direction = to the internet.
For traffic coming from the internet if you have multiple public IP address blocks, each of them /24 you can make one path the preferred return path for one prefix and other one the preferred return path for the other address block.
To achieve this there are two ways in BGP :
a) being the upstream provider the same, with same AS number you can use MED to influence return path. A lower MED value is the preferred return path for an advertised prefix.
b) using AS-path prepending in a selective way .
For using effectively MED we have to remember that a missing MED is considered equal to zero that is the best possible value.
Let us suppose yo have two address blocks to advertise:
100.100.100.0/24
100.101.101.0/24
MED approach:
ip prefix-list BLOCK1 permit 100.100.100.0/24
ip prefix-list 2 BLOCK2 permit 100.101.101.0/24
! route-map to be used outbound primary link
route-map PRIMARY-OUT permit 10
match address prefix BLOCK1
set metric 50
route-map PRIMARY-OUT permit 20
match address prefix BLOCK2
set metric 1000
! for the secondary we do the opposite
route-map SECONDARY-OUT permit 10
match address prefix BLOCK2
set metric 50
route-map SECONDARY-OUT permit 20
match address prefix BLOCK1
set metric 1000
router bgp 100
neighbor <primary link address > route-map PRIMARY-OUT out
neighbor <secondary link address > route-map SECONDARY-OUT out
The use of selective AS path prepending is similar remembering that no AS path prepending would mean preferred return path
The route-map could be the following
route-map AS-PRI-OUT permit 10
match address prefix BLOCK1
route-map AS-PRI-OUT permit 20
match address prefix BLOCK2
set as-path prepend 10 10 10
Finally, if you have a single address block and you want to put some traffic on the secondary link you can use PBR policy based routing to match on specific sources to be routed via the secondary link.
In a scenario like this all return traffic will come from one link.
Hope to help
Giuseppe
05-22-2021 10:18 AM
Hi
This is what we currently have our provider has advised us just to cop everything and add to new neighbour statement, they do the rest for us
router bgp xxxx
bgp log-neighbor-changes
timers bgp 10 30
redistribute connected
redistribute static
redistribute ospf 1 metric 100 match internal external 1 external 2
neighbor 192.168.x.x remote-as xxx
neighbor 192.168.x.x password
neighbor 192.168.x.x send-community
neighbor 192.168.x.x allowas-in 1
neighbor 192.168.x.x soft-reconfiguration inbound
neighbor 192.168.x.x route-map RM_CPL_TO_TRENT_02 in
neighbor 192.168.x.x route-map RM_TRENT_TO_CPL out
05-22-2021 05:10 AM - edited 05-22-2021 12:51 PM
Hello
@benolyndav wrote:
changing the neigbor xxxxx still using same remote-as will bring this down bgp.??
Yes it will, however adding a addtional neigbour with the new peering address to the bgp stanza wont cause an outage, but prior to that I would make sure the primary bgp peering the preffered egress/ingress path
Example:
route-map ASpath
set as-path 10 10 10
prepend router bgp 10
neigbour <primary> wieight 50000
neigbour <secondary> wieight 40000
neigbour <secondary> route-map ASpath out
However for LB
Example:
Local route will be advertised to the ISP with prefferance given to ISP2 path, all other local routes via ISP1 path
ISP specific route will be advertised to local rtr with prefferance given to isp2 path, all other routes via ISPa path
Lasty only advertise local route the ISP via either path
ip prefix-list local-route permit x.0.0.0/8
ip prefix-list ISP2-route permit y.0.0.0/8
ip as-path access-list 1- permit ^$
route-map weight-ISP2 permit 10
match ip address prefix-list ISP2-route
set weight 55000
route-map weight-ISP2 permit 99
set weight 45000
route-map ASpath
match ip address prefix-list local-route
set as-path prepend 10 10
route-map ASpath2
set as-path prepend 10 10 10
router bgp 10
neighbor x.x.x.1 remote-as 11
neighbor x.x.x.1 weight 50000
neighbor x.x.x.1 route-map ASpath out
neighbor x.x.x.1 filter-list 10 out
neighbor x.x.x.2 remote-as 11
neighbor x.x.x.2 weight 40000
neighbor x.x.x.2 route-map weight-ISP2 in
neighbor x.x.x.2 route-map ASpath2 out
neighbor x.x.x.2 filter-list 10 out
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide