BGP steering inbound routes within the same AS

Patrick Beaven · ‎01-29-2014

I have a fairly simple setup with BGP i have 2 routers running bgp as a distribution layer. These 2 routers are peering with an access layer.

The access layer routers are all running a private as and peer with the via ebgp to the distribution layer routers. The access layer router also peer with each other. There is 3 at this layer. All ibgp mesh. All works great.

at the Distribution layer these 2 routers connect via ibgp (public As) to the uplink routers. The uplink routers have EBGP peers to a few different providers.

I all works very well with multiple paths to and from the access layer. So here is the problem.

I want to steer inbound traffic from the internet through the distribution layer routers to the access layer routers in a predictible manner.

I have hundreds of discontiguous routes on each of these routers so simply removing the ibgp peering between them is not an option.

I could most likely just do this by setting up route-tagging via communities between ibgp neighbors as well. Is there any other way to do this?

I can use med values because the are not transitive.

Just to clarify, I want to be able to state the once internet traffic has hit the distribution layer to force traffic a specific path.

Idea's

paul driver · ‎01-29-2014

Hello

Can you post a topology on this?

res

Paul

Please don't forget to rate any posts that have been helpful.

Thanks.

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Patrick Beaven · ‎01-30-2014

Patrick Beaven · ‎01-30-2014

I hope the basic topo helps. I realize that I could just use communties and send and set metrics by route tagging.

I was wanting to stay away from that unless I have too. So far thats the only way I know to do this. Primarily because of the discontiguous subnets everywhere. Also realize that I am Routing every block to null on the distribution layer. This design works great for path resiliency.

Thanks,

Robert Falconer · ‎01-30-2014

Just to make sure I understand what you are trying to do, egress traffic from the customer networks can take any path. You want to influence traffic paths from the distribution layer, ingress to the access layer.

You can probably set local preference on the inbound connectionsto the distro switches. If Customer1 is homed on R1, on the connections to SR3 and R2, set the local preference of 90 on C1's prefixes towards DS1 and DS2. Or make R2 80 so it's even less preferred than SR3. It's a fair amount of work to set up prefix lists if you have hundreds of networks but I think it will do what you want. Once you've done the prefix lists for each customer, you can re-use them on each DS.

ip prefix-list LP_Manipulation_R1_Customers seq 5 permit x.x.x.x/29 <==C1's network

route-map BGP_In_From_SR3 permit 10

match ip prefix-list R1

set local-preference 90

route-map BGP_In_From_R2 permit 10

match ip prefix-list R1

set local-preference 90

Patrick Beaven · ‎01-30-2014

Robert,

Thanks for the reply, I thought about using the local preference but there is literally thousands of different blocks for over 400 different customers. I was trying to do something that didnt require me having to add management tasks when adding and subtracting blocks to customers. The traffic flow is fairly fluid so I may end up using communities to either set metrics so that the are not likely to use the "not-preferred" route. I wish I could AS prepend inside an AS. That would make it easy!

Any other ideas?

Robert Falconer · ‎01-31-2014

If you're going to stay with BGP internally, I don't have any other ideas right now. iBGP limits what you can do, as you note with the AS prepend. OSPF or EIGRP would simplify path manipulation.

Jon Marshall · ‎01-31-2014

Patrick

Could you explain a couple of things about your setup. Are you saying you want traffic for customers connected to a specific access device to go direct to that device ?

If so -

1) when you say you cannot break the access router IBGP peerings because of discontiguous subnets could you explain what you mean. Probably my misunderstanding.

2) how would AS PATH prepending from the access layer make it easier. Again, probably down to my lack of understanding your setup.

Jon

Patrick Beaven · ‎02-13-2014

My Goal was to direct inbound traffic through a preselected path to that inbound traffic paths would be predictable.

With a full mesh bgp environment with multipath enabled you cannot always get that unless other factors are modified to make routing selections predictable. I did identify the easiest way to force traffic inbound once it hit the distribution layer to go a specific route without breaking up the ibgp sessions to individual autonomous systems. The easiest way was to advertise those routes at the access layer to the distribution layer and change the network source type to IGP. This will cause those routes to be preferred over the other indirect routes and still allow mulitple path failovers to occur!

Thanks again for all the input!