Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
968
Views
0
Helpful
5
Replies

Influence BGP for specific IP address

jeff6strings
Level 1
Level 1

‎01-09-2013 12:57 PM - edited ‎03-04-2019 06:39 PM

We have a corporate site with an Internet DS3 line and doing BGP peering with this ISP with our own registered AS number and public /25 IP addresses (for example 192.168.200.0/25). A remote office is connected to our corporate office via private 1 GB Fiber; this remote office has a 50Mb fiber Internet line with a different ISP which we are doing BGP peering with our same AS number and same /25 IP network. The network and BGP are configured so if the DS3 at corporate goes down all traffic will go across the inter-office fiber out the 50Mb line which works very well when we need it. Our problem is at our corporate office we have vendor equipment on our public /25 network with 1 IP address and on occasion it consumes a large amount of traffic and in turn causes the DS3 to almost peek.

Is there a way we can manipulate our BGP so this vendor’s traffic (IP address) will prefer the 50Mb Internet line at the remote office since that line has very little utilization?

Appreciate any help.

Jeff

Labels:
0 Helpful
5 Replies 5

Milan Rai
Level 1
Level 1

‎01-09-2013 09:03 PM

hey jeff

Can you plz provide your config ..........

And do u mean to say that you have done eBGP on both of the peer??????? And if possible you want to direct all traffic through remote office link????????

Plz make it clear.....

0 Helpful

milan.kulik
Level 10
Level 10

‎01-10-2013 12:28 AM

Hi,

areyou saying you are advertising the same /25 subnet to the Internet from both sites while peering to different ISPs?

IMHO, you are getting into asymmetric routing to/from some Internet sites then, aren't you?

I.e., your traffic to some targets  sent from site A to the ISP A  is returnig via ISP B to site B possibly and takes the inter-office 50 Mbps line to reach site A again? Or vice versa?

To your vendor host  question:

For the outgoing traffic  you could configure a PBR in your corporate office to forward the traffic outgoing from that host to the inter-office line.

For the incoming traffic you could advertise a host /32 prefix from the remote site.

But most of the ISPs are dropping host prefixes I'm afraid. So it would not work well probably for the incoming traffic.

BR,

Milan

0 Helpful

jeff6strings
Level 1
Level 1
In response to milan.kulik

‎01-10-2013 09:30 AM

Milan,

"areyou saying you are advertising the same /25 subnet to the Internet from both sites while peering to different ISPs?"

Yes, we are advertising the same AS number and /25 subnet at both sites to seperate ISPs.

"IMHO, you are getting into asymmetric routing to/from some Internet sites then, aren't you?"

"I.e., your traffic to some targets  sent from site A to the ISP A  is  returnig via ISP B to site B possibly and takes the inter-office 50 Mbps  line to reach site A again? Or vice versa?"

No, when I first arrived here and reviewed the configuration I thought that would be the case but in testing our traffic from the corp side is going out the DS3 and returning on the DS3.

Our scrubbed BGP config is below.

Thank you.

jeff

0 Helpful

jeff6strings
Level 1
Level 1
In response to jeff6strings

‎01-10-2013 09:38 AM

Here is our BGP config for both corporate and remote office. The 192.168.200 addresses are in place of our public IP subnet.

Corporate:

router bgp ABCDE

no synchronization

bgp log-neighbor-changes

network 192.168.200.0 mask 255.255.255.128

aggregate-address 192.168.200.0 255.255.255.0 summary-only

timers bgp 5 20

neighbor IBGP-PEER peer-group

neighbor IBGP-PEER remote-as ABCDE

neighbor IBGP-PEER next-hop-self

neighbor IBGP-PEER soft-reconfiguration inbound

neighbor 74.x.x.x remote-as DCBA

neighbor 74.x.x.x soft-reconfiguration inbound

neighbor 74.x.x.x prefix-list Default in

neighbor 74.x.x.x route-map foo out

neighbor 192.168.10.6 peer-group IBGP-PEER

neighbor 192.168.10.6 description Tunnel 200 peer. Rides the Internet to remote office router

neighbor 192.168.11.2 peer-group IBGP-PEER

neighbor 192.168.11.2 description to corprouter-ext02-3800 int G0/1 

neighbor 192.168.200.233 peer-group IBGP-PEER

neighbor 192.168.200.233 description to corprouter-ext02-3800 int G0/0

no auto-summary

ip prefix-list Default description Default_Only

ip prefix-list Default seq 5 permit 0.0.0.0/0

route-map foo permit 5

match ip address 2

access-list 2 permit 206.223.67.0 0.0.0.255

Remote Office:

router bgp ABCDE

no synchronization

bgp log-neighbor-changes

timers bgp 5 20

neighbor IBGP-PEER peer-group

neighbor IBGP-PEER remote-as ABCDE

neighbor IBGP-PEER next-hop-self

neighbor IBGP-PEER soft-reconfiguration inbound

neighbor IBGP-PEER prefix-list IBGP-ROUTES in

neighbor 65.x.x.x remote-as FGHI

neighbor 65.x.x.x soft-reconfiguration inbound

neighbor 65.x.x.x prefix-list Default in

neighbor 65.x.x.x route-map SEND-ROUTES out

neighbor 192.168.10.1 peer-group IBGP-PEER

neighbor 192.168.10.1 description Tunnel 100 peer.  Rides the Internal Network corprouter-ext02-3800

neighbor 192.168.10.1 weight 1000

neighbor 192.168.10.5 peer-group IBGP-PEER

neighbor 192.168.10.5 description Tunnel 200 peer.  Rides the Internet corprouter-ext01-3800

neighbor 192.168.12.1 peer-group IBGP-PEER

neighbor 192.168.12.1 description DarkFiber

neighbor 192.168.12.1 weight 2000

no auto-summary

ip prefix-list IBGP-ROUTES seq 5 permit 192.168.200.0/24

ip prefix-list IBGP-ROUTES seq 10 permit 0.0.0.0/0

ip prefix-list Default description Default_Only

ip prefix-list Default seq 5 permit 0.0.0.0/0

route-map SEND-ROUTES permit 5

match ip address prefix-list CORP-INTERNET-ROUTES

set as-path prepend ABCDE ABCDE ABCDE

ip prefix-list CORP-INTERNET-ROUTES description This prefix list lets routes out to the internet.

ip prefix-list CORP-INTERNET-ROUTES seq 5 permit 1.1.1.1/32

ip prefix-list CORP-INTERNET-ROUTES seq 10 permit 192.168.200.0/24

0 Helpful

milan.kulik
Level 10
Level 10
In response to jeff6strings

‎01-11-2013 12:34 AM

Hi,

so you are advertising the same /24 prefix from both sites to the Internet.

Prepending your AS three times from the remote site should make it less preferred for the Internet routing.

Should work in most cases.

And you are routing the Internet traffic via the dark fiber line (Tunnel 200) to/from the remote site when all lines are Up.

You are advertising 1.1.1.1/32 (the vendor host prefix) to the Internet form the remote site.

As I said already: Most ISP would deny /32 prefixes. You could check the routing for 1.1.1.1/32 in the Internet using some public Looking Glass router.

And you would need a Policy-based routing on your Corpotare router forwarding the traffic originated from  1.1.1.1/32 to the Tunnel 200.

BR,

Milan

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card