08-11-2010 07:38 AM - edited 03-04-2019 09:22 AM
I have been reading all over trying to learn as much as I can about routing a single subnet in and out a single BGP peer but I am running out of time.
We have a single 6500 with sup720 running BGP between 2 ISP peers. We advertise all out subnets to both but now we need to force a single one to only use one of the peers. Attached is the BGP config.. IP addresses have been changed to protect the innocent.
Any help would be awesome!
Thanks!
Kevin
Solved! Go to Solution.
08-12-2010 04:27 AM
Hi Kevin,
I presume you want to use only one ISP peer for both forward and reverse traffic. If that peer fails the traffic should fall back to other peer. If this is correct, then there are ways you can achieve:
1. For outbound, you can influence the traffic by manipulating BGP attributes as you said weight, local preference. You have to set the peer where you want your traffic to flow by configuring higher value of weight and local preference. These attributes can be set to group of prefixes or for all prefixes received by that peero. By this the outbound traffic prefers the peer.
router bgp xxx
neighbor a.b.c.d weight
neighbor a.b.c.d route-map test in -- for specific prefixes with acl testacl
route-map test permit 10
match ip address testacl
set weight
2. For inbound, it depends how you advertise the prefixes to both peers. One common way people do is to prepend your own as number while you advertise the prefix to your secondary peers. To primary peers you can advertise without any your own as prepending.
router bgp xxx
neighbor a.b.c.d route-map test out ----- secondary peer
neighbor e.f.g.h remote-as yyy ------- primary peer
route-map test permit 10
match ip address testacl
set as-path prepend
3. The drawback of the above method is when the internet chooses the best path to your prefixes they usually choose the shortest as path. Though you prepend you AS many times to your secondary peer, chances are there that your secondary peer can be preferred from some ISP. This all depends from that particular ISP point of view as internet is interconnection of ISP's. There is a feature where you can advertise your prefixes only to one ISP. Only if that ISP fails you can advertise the prefixes to your secondary ISP. In this way, secondary ISP only receive when your primary ISP goes down. This feature is called "BGP Conditional Advertisement'.
Please refer the below link:
http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a0080094309.shtml
Hope this helps
Arun
08-11-2010 08:02 AM
When you say force do you mean influencing routing based on source address rather than destination address?
Thanks,
Chris
08-11-2010 08:13 AM
The source address would be a local x.x.x.x IP going to any destination and can only use one BGP peer. Is there a way to static route outgoing and incoming traffic for the single subnet using only one BGP peer?
I have seen people say you can use local-pref and weights but I'm not sure how that is done.
Did I answer your question correctly?
Thanks again!
Kevin
08-11-2010 09:35 AM
Hi,
Answer to "Is there a way to static route outgoing and incoming traffic for the single subnet using only one BGP peer?" yes, you can route a particular subnet from one peer and other from other peer. but its not static routing. You have to first classify which prefixes will use which peer. Then you can configure it. Here is example : http://showipbgp.com/bgp-configurations/40-cisco/72-3-2-1-cisco-dual-bgp-with-prefix-length-load-balancing.html
Same time other link : http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a00800945bf.shtml
Hope this information will help you.
Uttam
08-11-2010 10:09 AM
I would use a prefix list in conjuction with a route-map to a
specific neighbor and block what you don't want going to that neighbor.
08-12-2010 04:27 AM
Hi Kevin,
I presume you want to use only one ISP peer for both forward and reverse traffic. If that peer fails the traffic should fall back to other peer. If this is correct, then there are ways you can achieve:
1. For outbound, you can influence the traffic by manipulating BGP attributes as you said weight, local preference. You have to set the peer where you want your traffic to flow by configuring higher value of weight and local preference. These attributes can be set to group of prefixes or for all prefixes received by that peero. By this the outbound traffic prefers the peer.
router bgp xxx
neighbor a.b.c.d weight
neighbor a.b.c.d route-map test in -- for specific prefixes with acl testacl
route-map test permit 10
match ip address testacl
set weight
2. For inbound, it depends how you advertise the prefixes to both peers. One common way people do is to prepend your own as number while you advertise the prefix to your secondary peers. To primary peers you can advertise without any your own as prepending.
router bgp xxx
neighbor a.b.c.d route-map test out ----- secondary peer
neighbor e.f.g.h remote-as yyy ------- primary peer
route-map test permit 10
match ip address testacl
set as-path prepend
3. The drawback of the above method is when the internet chooses the best path to your prefixes they usually choose the shortest as path. Though you prepend you AS many times to your secondary peer, chances are there that your secondary peer can be preferred from some ISP. This all depends from that particular ISP point of view as internet is interconnection of ISP's. There is a feature where you can advertise your prefixes only to one ISP. Only if that ISP fails you can advertise the prefixes to your secondary ISP. In this way, secondary ISP only receive when your primary ISP goes down. This feature is called "BGP Conditional Advertisement'.
Please refer the below link:
http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a0080094309.shtml
Hope this helps
Arun
08-16-2010 11:50 AM
I was able to get it to work by setting up 2 new ANNOUNCE lists one for each peer. I use the permit statement for the peer I want the traffic to use and used the deny statement on the peer I do not want to use for the traffic. I then soft reset out for both peers.
It seems to be working fine now.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: