cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
724
Views
10
Helpful
8
Replies

BGP route policy

CCIE Aspirant
Level 1
Level 1

Hi,

 

i hope everyone is fine.

we have public AS and we have a public subnet /22.

we are going to establish a bgp neighborship with two ISP. we have divided our /22 subnet into 4  /24 subnets.

 

Subnet  185.XX.176.0/22 we have divided it into following subnets

 

Subnet 1 : 185.XX.176.0/24

Subnet 2 : 185.XX.177.0/24

Subnet 3 : 185.XX.178.0/24

Subnet 4 : 185.XX.179.0/24

 

we have these subnets defined at our router and we need to send these subnet in following order to our ISPs

Subnet1 and Subnet2 to ISP 1 as main and subnet 3 and Subnet 4 as backup( incase link goes down).

Subnet 3 and Subnet4 to ISP 2 as main and subnet1 and subnet2 as backup ( incase link goes down).

we need the return traffic to follow the same path as it took for exit.

we have loopbacks and /30 networks in these four subnets so in BGP it is not feasible for us to advertise all our loopbacks and /30. 

so kindly suggest a good way to achieve our goals.

 

 

 

8 Replies 8

two way :-

1- using as-path prepend 

2- using MED 

Hi MHM,

Thanks for your reply

can u check the following configs and find out is this seems ok?

access-list 40 permit 185.XX.176.0 0.0.0.255
access-list 41 permit 185.XX.177.0 0.0.0.255
access-list 42 permit 185.XX.178.0 0.0.0.255
access-list 43 permit 185.XX.179.0 0.0.0.255


route-map STD_SUBNETS permit 10
match ip address 40 41
route-map STD_SUBNETS permit 20
match ip address 42 43
set as-path prepend 2127XX 2127XX 2127XX


route-map ATH_SUBNETS permit 10
match ip address 42 43
route-map ATH_SUBNETS permit 20
match ip address 40 41
set as-path prepend 2127XX 2127XX 2127XX

 

 

 

router bgp 2127XX

network 185.XX.176.0 mask 255.255.255.252
network 185.XX.176.4 mask 255.255.255.252

network 185.XX.177.0 mask 255.255.255.252
network 185.XX.177.4 mask 255.255.255.255

network 185.XX.178.0 mask 255.255.255.252
network 185.XX.178.4 mask 255.255.255.255

network 185.XX.179.0 mask 255.255.255.252
network 185.XX.179.4 mask 255.255.255.255


aggregate-address 185.XX.176.0 255.255.252.0


neighbor 172.16.180.161 remote-as 252XX
neighbor 172.16.180.161 route-map STD_SUBNETS out
neighbor 172.17.4.137 remote-as 296XX
neighbor 172.17.4.137 route-map ATH_SUBNETS out

 

int loopback 1
ip add 185.XX.176.1 255.255.255.252


int loopback 2
ip add 185.XX.177.1 255.255.255.252


int loopback 3
ip add 185.XX.178.1 255.255.255.252


int loopback 4
ip add 185.XX.179.1 255.255.255.252

 

your config is OK except that why you config aggregation network ?

i used it incase if i need to use other loopback and dont want to always come under bgp and advertise it. so for that reason i am using it. 

and can u suggest me how can i use above configs with MED. as far as i know MED is compared only for IBGP unless we use command bgp always-compare-med.

 

 

Hello @CCIE Aspirant ,

I would expect 4 aggregate-address command with summary-only for each /24 prefix that you would like to publish.

 

As noted by @Richard Burts  with selective AS path prepending you are attempting to influence the return traffic from each ISP but nothing is done for the outbound direction.

You could use PBR to send traffic sourced by subnet1 , subnet2 to ISP1 when available.

However, the issue here is that the public addresses are assigned to loopback addresses on the router itself making difficult to find the point of application of PBR.

Probably your loopbacks interfaces represent different NAT pools that you use for different set of internal subnets.

 

Let us know if it is so.

 

Hope to help

Giuseppe

 

I am not sure that I understand or agree with the logic of the BGP configuration. But I want to focus on a different aspect of the original post "we need the return traffic to follow the same path as it took for exit." The posted configuration concerns what you advertise to the ISP and therefore impacts how they send Internet traffic to you. I do not see anything in the config that controls how you send traffic to the Internet. Without control of how traffic outbound is sent how can you control to be sure that return traffic takes the same path as it took for exit?

 

HTH

Rick

Hi,

 

thanks for the reply.

 

so how we can control the outbound traffic? we need to send subnet 1 and subnet 2 to isp 1 as main and subnet 3 and subnet 4 as backup and vice versa to  isp2. 

can u suggest some solution.

 

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco