05-23-2014 01:18 AM - edited 03-04-2019 11:01 PM
I would like to influence inbound traffic into a site based on the source AS, is this possible?
I have two circuits communicating with two different business units
Outbound is fine, using local preference
I want all inbound and outbound traffic to use the circuits as follows
Circuit A = BU 1
Circuit B = BU 2
Obviously the site is advertising the same routes from both circuits. So I can't use MED for the local routes as traffic will come in one way only
what I want to do is match on source AS number, so
If AS 2 (BU 2) wants to access the site, then they will use circuit B
I was thinking I could do the following on the Circuit A, whereby if source is AS 2 (BU 2) then prepend the route, but I have not got this right as I need to actually prepend the local AS!!! So that the BU 2 traffic preferes circuit B
ip as-path access-list 1 permit _2$
route-map BU 2 permit 10
match as-path 1
set as-path prepend 2 2
neighbor x.x.x.x route-map BU 2 out
I am not sure if this is even possible? Any help much appreciated.
Note that all connections to the cloud are eBGP
Within the local site, the router to router connections are iBGP
The switch is using an IGP
05-23-2014 07:59 AM
Hello SJYoung2008,
>> I have two circuits communicating with two different business units
Do you mean you have direct eBGP sessions on local AS between (localAS, AS1) on circuitA and (localAS, AS2) on circuitB?
If this is the case, you don't need to do anything to achieve the desired result as from the point of view of AS2 the direct eBGP session on circuitB is a better path then going through AS1 and circuitA
(shortest AS path is preferred)
Your attempts are conceptually wrong as AS2 choices are not influenced by what you do on the other eBGP session. You could achieve that all return traffic comes back via circuitB even if originated in AS1. But you don't want this.
if AS1 and AS2 have no direct eBGP session with local AS of local site the result is not guaranteed and you cannot influence it in any way it is a choice of administrators of AS2 at that point what path to prefer to go back to you.
Hope to help
Giuseppe
06-04-2014 01:42 AM
Hi Giuseppe
Thanks for the response
The cloud represents an ISP. Each of the locations AS1, AS2 and the main site have eBGP connections to the ISP
I would like AS2 to use circuit B, so all traffic to and from AS2 via this circuit but if the link drops, then it will use the other circuit
and AS1 to use circuit A
I had set the local preference, so any outbound traffic for AS2 went via Circuit B and AS1 via circuit A
My problem is getting the traffic from a specific source to enter the same circuit
Is there a way that I could use a community string?
So I mark traffic leaving Site AS2 with a community string
At the main site, I match the community string and set a prepend, so that the router advertises all its routes with a worse as path?
I am not sure if this is possible
Thanks
Simon
06-04-2014 04:39 AM
Hi young,
you can use community string, here is the example:
http://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/28784-bgp-community.html
Regards,
kazim
"HTH"
06-05-2014 04:57 AM
Hi
Yes, I had read this already and most other web links but its not specific enough. So in my test environment
I have configured on AS2 only (R5)
ip access-list standard test
permit any log
!
!
route-map SETCOM permit 10
match ip address test
set community 2:1
!
router bgp 2
neighbor x.x.x.x send-community
neighbor x.x.x.x route-map SETCOM out
So all traffic from Site AS2 is matched and has a community string assigned.
This traffic reaches my Circuit A router (R11)
route-map SETCOM permit 10
match community 2:1
set as-path prepend 3 3 3 3
!
route-map SETCOM permit 20
!
router bgp 3
neighbor x.x.x.x send-community
neighbor x.x.x.x route-map SETCOM in
The traffic from community 2:1 is matched, I then prepend traffic to to Site AS 2
It kind of works but it black holes the routes from AS3 via R11
When I look at the BGP on R7 I see only routes from R10 and not R9
I want both paths to be available but a preferred return path via R12 for all R5 traffic
06-05-2014 05:41 AM
ok, send config this topology
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide