04-12-2017 02:09 PM - edited 03-05-2019 08:20 AM
Hi team!
I have a question: Now i have my own AS with /22 mask and here is example configuration (with other IPs):
R1:
router bgp 100
bgp log-neighbor-changes
network 150.0.0.0 mask 255.255.252.0 - this pool for ISP
network 150.0.0.0 mask 255.255.255.0 - this pool for DDOS recovery GRE tunnel
neighbor 10.0.0.2 remote-as 100 - iBGP
neighbor 30.0.0.2 remote-as 200 - eBGP
neighbor 30.0.0.2 route-map ISP1_IN in
neighbor 30.0.0.2 route-map ISP1_OUT out
route-map ISP1_IN permit 10
match ip address prefix-list ISP1_IN
set local-preference 300
route-map ISP1_OUT permit 10
match ip address prefix-list ISP1_OUT
set community 100:200
ip prefix-list ISP1_IN seq 5 permit 0.0.0.0/0
ip prefix-list ISP1_OUT seq 5 permit 150.0.0.0/22
R2:
router bgp 100
bgp log-neighbor-changes
network 150.0.0.0 mask 255.255.252.0
network 150.0.0.0 mask 255.255.255.0
neighbor 10.0.0.2 remote-as 100
neighbor 30.0.0.2 remote-as 200
neighbor 30.0.0.2 route-map ISP2_IN in
neighbor 30.0.0.2 route-map ISP2_OUT out
route-map ISP2_IN permit 10
match ip address prefix-list ISP2_IN
route-map ISP2_OUT permit 10
match ip address prefix-list ISP2_OUT
set as-path prepend 100 100
ip prefix-list ISP2_IN seq 5 permit 0.0.0.0/0
ip prefix-list ISP2_OUT seq 5 permit 150.0.0.0/22
Question: what can you say about this configuration? i mean is it normal solution for this situation?
Moreover, when i make "set community (for example) 100:200" at R1 in route-map ISP1_OUT and delete "set as-path prepend 100 100" from R2 route-map ISP2_OUT - > this community makes the ISP2 more prefer but any IPs from network 150.0.0.0 makes unreachable. Question" why and how?
04-13-2017 10:08 AM
Hello
when i make "set community (for example) 100:200" at R1 in route-map ISP1_OUT and delete "set as-path prepend 100 100" from R2 route-map ISP2_OUT - > this community makes the ISP2 more prefer
Not sure i understand here , prefer for what ?- As-prepending would affect incoming traffic towards your 150.x.x.x/22 network.so when you remove the pre-prepending, which by the way is a higher path attribute (PA) than community PA in the bgp path selection process
Then the route path selection would be down to what/how the ISP's are advertising your network based on whatever (if any) PA they receive for your 150x.x.x/22
but any IPs from network 150.0.0.0 makes unreachable. Question" why and how?
You saying from within your network (150.0.0./22) you cannot access anything off site- I see you are using LP to prefer ISP1 as your egress path - How is this being propagated to your Lan and does this just happen when you remove the pre-pending?
res
Paul
04-13-2017 11:17 AM
HI Paul,
Issue solved!
Thank you for response!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide