cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2464
Views
0
Helpful
7
Replies

BGP - Setting local preference when the prefix length is not known

Palmer Sample
Level 4
Level 4

 

We have a fairly common edge config:

 - Our own public ASN

 - An ARIN-assigned address block

 - Two routers, two ISPs.  Full BGP routes from the providers and iBGP running between the edge.

 - IPSec SAs established from each router to various upstream services

 

A recent flap reminded me that the IPSec SAs aren't tied to the respective routers - there's a shorter path to the upsteam IPSec peer through one of our ISPs, so both routers use that ISP for the endpoint IP.  Obviously, we want the edge routers to ignore the iBGP routes for the remote IPSec endpoints so that an outage of one ISP will not cause all the tunnels to go down and reconnect.

 

I can think of a few different ways to do this (route-map with a prefix list inbound from the iBGP peer which reduces the local preference, route-map setting a community for inbound routes and then modifying local pref accordingly, etc).  However, how would I go about this when I can assume that I don't know the prefix length?

 

Example - I have disparate IPSec endpoints, a.a.a.a/32 and a.a.a.z/32.  Sure, I can look at the BGP table and see that I'm receiving an advertisement for a.a.a./22 - but I would be remiss in assuming that this will never change.  If I set a prefix-list for a.a.a.a/22 le 32 or similar, that will get hosed if the upstream starts advertising a /21 or larger.

 

I'm sure there are probably numerous ways to accomplish this, but I'm looking some ideas on how others may have gone about influencing the outbound traffic for a single IP or a subnet that will be contained in a summary route which may change.

 

Thanks!

-P

7 Replies 7

Akash Agrawal
Cisco Employee
Cisco Employee

Hi,

 

To influence outbound traffic for a single IP or a subnet (part of a summary route), you need to have some means by which you can define exit-interface,next-hop which would be different from the summary route.

 

One option is PBR but that will always route traffic to same mentioned interface/next-hop irrespective of the fact that ISP advertising that prefix or not.

 

Now my question is why would any ISP would do route aggregation for prefixes which they dont own. Any ISP does prefix aggregation of their own prefixes. In your case who is owning prefixes for IPSEC endpoints.

 

Regards,

Akash