Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
331
Views
1
Helpful
6
Replies

BGP VLAN neighbor preference

gpfilgueira
Level 1
Level 1

‎02-05-2025 07:16 PM

I am wrecking my head for a solution for this problem for weeks and cannot understand how to solve it.

I have a simple BGP topology with 6 routers. I will refer to R1 as the left one and R6 and the right one.

R6 has 4 vlans on subinterfaces and i need to find a way to make two of those vlans prefer using ine bgp neighbor to reach R1 and the other two vlans to prefer using the other neighbor to reach R1.

I tried ACLs, route-maps, prefix-lists, AS prepending, BGP communities, MED, local-preference, etc... And nothing seems to work!

It looks to be something so simple and yet i cannot discover how to do this.

I am using cisco c7200's, and (i don't know if it is relevant), i have ip sla with tracks and EEM's on R6 to manage bgp routing in cases of some interface failing.

 

Vlans 10.4.0.0 and 10.5.0.0 should get to PC1 using R1 gi2/0
Vlans 10.6.0.0 and 10.7.0.0 should get to PC1 using R1 gi1/0

But they should only prefer those routes and should be able to use the other route if needed.
LAB7image.png 

Labels:
6 Replies 6

MHM Cisco World
VIP
VIP

‎02-05-2025 08:31 PM

If this is gns3 can I see R6 and R1 config?

MHM

0 Helpful

gpfilgueira
Level 1
Level 1
In response to MHM Cisco World

‎02-05-2025 08:35 PM

There are a bunch of leftover from things i tried but here it is:

# R1

R1#show run
Building configuration...

Current configuration : 3535 bytes
!
! Last configuration change at 00:43:06 UTC Thu Feb 6 2025
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
no ip icmp rate-limit unreachable
!
!
!
!
!
!
no ip domain lookup
ip cef
no ipv6 cef
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 192.168.10.1 255.255.255.0
duplex full
!
interface GigabitEthernet1/0
ip address 192.168.0.1 255.255.255.252
negotiation auto
!
interface GigabitEthernet2/0
ip address 192.168.0.5 255.255.255.252
negotiation auto
!
interface GigabitEthernet3/0
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet4/0
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet5/0
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet6/0
no ip address
shutdown
negotiation auto
!
router bgp 65529
bgp router-id 1.1.1.1
bgp log-neighbor-changes
network 192.168.0.0 mask 255.255.255.252
network 192.168.0.4 mask 255.255.255.252
network 192.168.10.0
redistribute connected
redistribute static
neighbor 192.168.0.2 remote-as 65530
neighbor 192.168.0.2 route-map TOP in
neighbor 192.168.0.6 remote-as 65531
neighbor 192.168.0.6 route-map BOTTOM in
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
ip prefix-list NET4 seq 5 permit 10.4.0.0/24
!
ip prefix-list NET5 seq 5 permit 10.5.0.0/24
!
ip prefix-list NET6 seq 5 permit 10.6.0.0/24
!
ip prefix-list NET7 seq 5 permit 10.7.0.0/24
!
ip prefix-list NETLOCAL seq 5 permit 192.168.10.0/24
!
route-map MET_BOTTOM permit 10
match ip address prefix-list NET6
set metric 50
!
route-map MET_BOTTOM permit 20
match ip address prefix-list NET7
set metric 50
!
route-map BOTTOM permit 10
match ip address prefix-list NET6
set local-preference 200
!
route-map BOTTOM permit 20
match ip address prefix-list NET7
set local-preference 200
!
route-map MED_BOTTOM permit 10
match ip address prefix-list NET6
set metric 50
!
route-map MED_BOTTOM permit 20
match ip address prefix-list NET7
set metric 50
!
route-map MED_BOTTOM permit 30
match ip address prefix-list NETLOCAL
!
route-map MED_BOTTOM permit 40
!
route-map PREPENDR2 permit 10
match ip address prefix-list NET6
set as-path prepend 65529 65529 65529 65529
!
route-map PREPENDR2 permit 20
match ip address prefix-list NET7
set as-path prepend 65529 65529 65529 65529
!
route-map PREPENDR3 permit 10
match ip address prefix-list NET4
set as-path prepend 65529 65529 65529 65529
!
route-map PREPENDR3 permit 20
match ip address prefix-list NET5
set as-path prepend 65529 65529 65529 65529
!
route-map MET_TOP permit 10
match ip address prefix-list NET4
set metric 50
!
route-map MET_TOP permit 20
match ip address prefix-list NET5
set metric 50
!
route-map TOP permit 10
match ip address prefix-list NET4
set local-preference 200
!
route-map TOP permit 20
match ip address prefix-list NET5
set local-preference 200
!
route-map MED_TOP permit 10
match ip address prefix-list NET4
set metric 50
!
route-map MED_TOP permit 20
match ip address prefix-list NET5
set metric 50
!
route-map MED_TOP permit 30
match ip address prefix-list NETLOCAL
!
route-map MED_TOP permit 40
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
!
!
end

----------------

# R6

R6#show run
Building configuration...

Current configuration : 5050 bytes
!
! Last configuration change at 01:45:01 UTC Thu Feb 6 2025
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
!
hostname R6
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
no ip icmp rate-limit unreachable
!
!
!
!
!

R6#show run
Building configuration...

Current configuration : 5050 bytes
!
! Last configuration change at 01:45:01 UTC Thu Feb 6 2025
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
!
hostname R6
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
no ip icmp rate-limit unreachable
!
!
!
!
!
!
no ip domain lookup
ip cef
no ipv6 cef
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
!
track 1 ip sla 1 reachability
delay down 10 up 10
!
track 2 ip sla 2 reachability
delay down 10 up 10
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
no ip address
duplex full
!
interface FastEthernet0/0.4
encapsulation dot1Q 4
ip address 10.4.0.1 255.255.255.0
ip access-group VLAN45 in
!
interface FastEthernet0/0.5
encapsulation dot1Q 5
ip address 10.5.0.1 255.255.255.0
ip access-group VLAN45 in
!
interface FastEthernet0/0.6
encapsulation dot1Q 6
ip address 10.6.0.1 255.255.255.0
ip access-group VLAN67 in
!
interface FastEthernet0/0.7
encapsulation dot1Q 7
ip address 10.7.0.1 255.255.255.0
ip access-group VLAN67 in
!
interface GigabitEthernet1/0
ip address 192.168.0.22 255.255.255.252
negotiation auto
!
interface GigabitEthernet2/0
ip address 192.168.0.26 255.255.255.252
ip access-group TRACK_10_4_TRAFFIC out
negotiation auto
!
interface GigabitEthernet3/0
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet4/0
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet5/0
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet6/0
no ip address
shutdown
negotiation auto
!
router bgp 65535
bgp log-neighbor-changes
network 10.4.0.0 mask 255.255.255.0
network 10.5.0.0 mask 255.255.255.0
network 10.6.0.0 mask 255.255.255.0
network 10.7.0.0 mask 255.255.255.0
network 192.168.0.20 mask 255.255.255.252
network 192.168.0.24 mask 255.255.255.252
neighbor 192.168.0.21 remote-as 65534
neighbor 192.168.0.25 remote-as 65534
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
ip access-list standard VLAN_4_5
permit 10.4.0.0 0.0.0.255
permit 10.5.0.0 0.0.0.255
ip access-list standard VLAN_6_7
permit 10.6.0.0 0.0.0.255
permit 10.7.0.0 0.0.0.255
!
ip access-list extended VLAN45
permit ip 10.4.0.0 0.0.0.255 any
permit ip 10.5.0.0 0.0.0.255 any
ip access-list extended VLAN67
permit ip 10.6.0.0 0.0.0.255 any
permit ip 10.7.0.0 0.0.0.255 any
!
!
ip prefix-list VLAN10-4 seq 5 permit 10.4.0.0/24
!
ip prefix-list VLAN10-5 seq 5 permit 10.5.0.0/24
!
ip prefix-list VLAN10-6 seq 5 permit 10.6.0.0/24
!
ip prefix-list VLAN10-7 seq 5 permit 10.7.0.0/24
ip sla 1
icmp-echo 192.168.0.1 source-interface GigabitEthernet1/0
frequency 10
ip sla schedule 1 life forever start-time now
ip sla 2
icmp-echo 192.168.0.5 source-interface GigabitEthernet2/0
frequency 10
ip sla schedule 2 life forever start-time now
!
route-map PREFERDOWN permit 10
match ip address prefix-list VLAN10-6 VLAN10-7
set local-preference 200
!
route-map PORBAIXO deny 10
match ip address prefix-list VLAN10-4 VLAN10-5
set local-preference 200
!
route-map PREFERUP permit 10
match ip address prefix-list VLAN10-4 VLAN10-5
set local-preference 200
!
route-map PREFER_R5 permit 10
match ip address VLAN_6_7
set local-preference 200
!
route-map PREFER_R4 permit 10
match ip address VLAN_4_5
set local-preference 200
!
route-map PORCIMA deny 10
match ip address prefix-list VLAN10-6 VLAN10-7
set local-preference 200
!
route-map VIA_R5 permit 10
match ip address VLAN67
set local-preference 200
!
route-map VIA_R5 permit 20
!
route-map VIA_R4 permit 10
match ip address VLAN45
set local-preference 200
!
route-map VIA_R4 permit 20
!
route-map NO_PREFER_R5 permit 10
match ip address VLAN_6_7
set local-preference 100
!
route-map NO_PREFER_R4 permit 10
match ip address VLAN_4_5
set local-preference 100
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
!
event manager applet DOWN_SHUT
event track 2 state down
action 1.0 cli command "enable"
action 2.0 cli command "conf t"
action 3.0 cli command "router bgp 65535"
action 4.0 cli command "no neighbor 192.168.0.25 remote-as 65534"
action 5.0 cli command "end"
event manager applet UP_SHUT
event track 1 state down
action 1.0 cli command "enable"
action 2.0 cli command "conf t"
action 3.0 cli command "router bgp 65535"
action 4.0 cli command "no neighbor 192.168.0.21 remote-as 65534"
action 5.0 cli command "end"
event manager applet UP_ON
event track 1 state up
action 1.0 cli command "enable"
action 2.0 cli command "conf t"
action 3.0 cli command "router bgp 65535"
action 4.0 cli command "neighbor 192.168.0.21 remote-as 65534"
action 5.0 cli command "end"
event manager applet DOWN_ON
event track 2 state up
action 1.0 cli command "enable"
action 2.0 cli command "conf t"
action 3.0 cli command "router bgp 65535"
action 4.0 cli command "neighbor 192.168.0.25 remote-as 65534"
action 5.0 cli command "end"
!
end

0 Helpful

rais
Level 7
Level 7

‎02-06-2025 05:55 AM - edited ‎02-06-2025 05:58 AM

Simplest option is Policy Based Routing on R6.

HTH

0 Helpful

gpfilgueira
Level 1
Level 1
In response to rais

‎02-06-2025 07:18 AM

I tried implementing PBR a few different ways on R6 and it either did have no effect or blocked the BGP neighbors. Could you specify how i can the Policy Based Routing while keeping the BGP configuration, ensuring the vlans prefer a path and they still can go through the other on if the one they prefer is not available?

0 Helpful

rais
Level 7
Level 7
In response to gpfilgueira

‎02-07-2025 05:36 AM

We can tweak BGP to take the top [or bottom] route for all traffic.

On R6, create an SLA to monitor availability of R1 via g2/0 interface. Also a PBR for sub-interfaces vlan4-6 a rule that says source: 10.4/15 to dest: 192.168.10/24 takes g2/0 as its next hop provided SL/tracking is good.

On R1, BGP policy would prefer vlan4-5 to exit via g2/0 or R3.

HTH.

0 Helpful

paul driver
VIP
VIP

‎02-06-2025 12:49 PM

Hello @gpfilgueira 
you can utilise bgp condictional route advertisement
At present i don’t proper access to CSC as im using my phone but please refer to here is should show how to achieve what you wish to accomplish 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card