06-05-2010 09:52 AM - edited 03-04-2019 08:41 AM
Dear Expert,
Two ISPs (local ISP and global ISP) will be peered with bgp router and form the multi-homing. We would like to seek for your comments on the configuration of the bgp router located in Hong Kong data center. Attached please find the logical design diagram and below please find the user requirements for your reference:
We would like the local traffics (all Hong Kong traffic) go to local ISP-A and the global traffics (other than Hong Kong traffic) go to ISP-B. Following is the configuration:
#CPE
router bgp 100
no synchronization
bgp log-neighbor-changes
redistribute connected
# to ISP-A
neighbor 192.168.10.1 remote-as 100
neighbor 192.168.10.1 route-map LOCAL in
#ISP-B
neighbor 192.168.20.1 remote-as 200
neighbor 192.168.10.1 route-map GLOBAL in
no auto-summary
ip bgp-community new-format
# define the routes including hkix ASN
ip community-list 1 permit _4635_
# set the routes, which learn from local ISP and including HKIX ASN, to the 75, more preference to ISP-A for local traffic inside HK
route-map LOCAL permit 10
match community 1
set local-preference 75
route-map LOCAL permit 20
# set the routes, which learn from global ISP and including HKIX ASN, to the 125, less preference to ISP-B for local traffic inside HK
route-map GLOBAL permit 10
match community 1
set local-preference 125
route-map GLOBAL permit 20
According to above config, does it achieve my goal? Thanks
rdgs
Solved! Go to Solution.
06-07-2010 03:13 AM
Hello Anita,
the question is more complex with this as-path access-list (2) you accept routes that are locally generated on HKIX directly connected providers but not those of customers of these providers.
However, also those customers are likely local to the Hong Kong area as they are carried to the HKIX.
Also some of the providers connected to HKIX are big providers so you should not accept all routes containing their AS number or the risk is to consider as local routes routes that are not local.
ip as-path access-list 2 permit _703$
This is UUNET ASIA now part of Verizon it may give you more then local routes if you match on _703_, so inthis case matching on _703$ can be a safe assumption.
On the other hand some providers that are local to that area will provide local routes also using _ASN_ (because they are local)
So you will need to tune the AS path access-list classifying local providers ( _ASN_) from global providers (_ASN$).
Now, the logic of route-maps is correct with correct use of local preference values
Be aware also that you will need to update this as-path access-list over time to reflect changes.
Hope to help
Giuseppe
06-05-2010 01:21 PM
Hello Anita,
there are some notes about proposed configuration:
a)
if you want to filter on BGP attribute AS path you need to use a different filter type
ip as-path access-list 1 permit _4635_
a community list filter attempts to match on BGP community that is a different BGP attribute.
b)
the assumption that local routes will have HK IXP AS number in the AS path has to be verified: most of Internet exchange points provides VLans facilities to allow public peering between participants without need of going via the BGP session with IXP.
You need to verify this eventually looking at IXP web site and with the help of public looking glasses
you can find looking glasses in
www.traceroute.org
c) Cisco implementation provides preference to higher values of Local preference attributes so if ISP-A is the local ISP and the as-path access-list identifies local IP prefixes you need to use a value greater then 100 in route-map LOCAL and a value less then 75 in route-map GLOBAL.
So you need to exchange values in the route-map
What you need more is to check if actually local IP prefixes can be identified by the presence of ASN of IXP
I'm afraid this is not true.
see the list of connected providers at HK IXP
http://www.hkix.net/hkix/connected.htm
you may need to filter based on the AS number column of the above web page
Hope to help
Giuseppe
06-06-2010 05:17 AM
06-07-2010 03:13 AM
Hello Anita,
the question is more complex with this as-path access-list (2) you accept routes that are locally generated on HKIX directly connected providers but not those of customers of these providers.
However, also those customers are likely local to the Hong Kong area as they are carried to the HKIX.
Also some of the providers connected to HKIX are big providers so you should not accept all routes containing their AS number or the risk is to consider as local routes routes that are not local.
ip as-path access-list 2 permit _703$
This is UUNET ASIA now part of Verizon it may give you more then local routes if you match on _703_, so inthis case matching on _703$ can be a safe assumption.
On the other hand some providers that are local to that area will provide local routes also using _ASN_ (because they are local)
So you will need to tune the AS path access-list classifying local providers ( _ASN_) from global providers (_ASN$).
Now, the logic of route-maps is correct with correct use of local preference values
Be aware also that you will need to update this as-path access-list over time to reflect changes.
Hope to help
Giuseppe
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide