Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
953
Views
0
Helpful
4
Replies

Influence inbound traffic routing with BGP AS_Path prepend based upon source AS

tyke96
Level 1
Level 1

‎03-14-2019 02:40 AM

Hi All,

I am trying to influence upstream routers paths into my AS, AS 1, using AS Path Prepend (See crudely drawn picture). However rather than in normal multi-homed scenarios whereby I would just apply a certain prepend on a certain interface connected to the "backup AS", leaving the other link to become the suggested preferred. I would like to influence the path selection for a AS that i'm not directly connected too, AS 4 in my case, whilst not influencing the routing of my directly connected AS, AS 2 and 3. So AS 2 and AS 3 will still route directly towards AS 1, but AS 4 would route via AS 3 all the time. Given that I only control AS 1 I can only configure my edge router and not set any local preference within AS 4. I have tried doing this using regular expressions to capture traffic from AS 4 and prepend my AS onto it, however I may be missing something vital to do with either capturing the correct packets or AS 2 and 3 only advertising there own routes.

 

 

Trail config :

ip as-path access-list 2 permit ­_4$

route-map asprepend permit 10

match as-path 2

set as-path prepend 1

route-map asprepend permit 20

router bgp 2

neighbor xxx.xxx.xxx.xxx route-map asprepend out

 

So what I have tried to do is capture any traffic which would have originated in AS 4, then prepend my AS 1, I have only applied this routemap towards the router in AS 2 as I would like traffic to come in via AS 3

Labels:
Preview file
10 KB
0 Helpful
4 Replies 4

milan.kulik
Level 10
Level 10

‎03-14-2019 07:11 AM

Hi,

 

if you simply prepend AS1 once to all prefixes advertised towards AS2, AS4 should prefer the path through AS3.

As long as AS2 and AS3 are not peering directly, everything would work fine.

In a case AS2 and 3 would be peering, you would need something more sophisticated.

Like "poisoning" the prefixes advertised to AS2 by prepending AS4 once (instead of AS1) and prepending AS1 once to prefixes advertised to AS3.

This a little "dirty" trick would make AS4 to drop your prefixes received via AS2 and always use the prefixes received via AS3 only.

 

BR,

Milan

0 Helpful

tyke96
Level 1
Level 1
In response to milan.kulik

‎03-14-2019 08:55 AM

Apologies yes AS2 and AS3 are peered, hence why I guess my first solution wasn't working. Understand the concept of your poisoning the path. Two questions is there any legal/ethical considerations to think about when doing this?

Secondly when testing this in the lab it would seem still not to work, config for edge router on AS1 below.

I have created the access-list to capture any packet originating from AS4

Then added the two routemaps to the different AS neighbouring, one adding AS4 to the peer to AS2, then the second adding AS1 to AS3.

 

R1-3#
R1-3#show running-config | section access
ip as-path access-list 2 permit _4$
R1-3#
R1-3#show running-config | section asprepend
 neighbor xx.x.2.1 route-map asprepend1 out
 neighbor xx.x.3.1 route-map asprepend out
route-map asprepend1 permit 10
 match as-path 2
 set as-path prepend 4
route-map asprepend1 permit 20
route-map asprepend permit 10
 match as-path 2
 set as-path prepend 1
route-map asprepend permit 20
R1-3#

 

 

0 Helpful

Sergey Lisitsin
VIP Alumni
VIP Alumni
In response to tyke96

‎03-14-2019 10:31 AM

tyke96,

 

Here is my solution for you, assuming you want AS4 to choose the path over AS2 to reach your AS:

 

1. Advertise specific prefixes to AS2

2. Advertise summary of these prefixes to AS3

3. Advertise specific prefixes to AS3, attaching a no-export community to them

 

Hopefully, if AS3 honours the communities, it will not further advertise these prefixes to AS2 and AS4, which will make AS4 receive two sets of the prefixes: one from AS2 with AS-path length of 2 and one from AS3 with AS-path length of 3. Iti will naturally select the path via AS2 as being a shorter path. AS3 on the other hand will not prefer the path via AS2, because it will have its own copy of the prefixes directly from AS1 with shorter AS-path.

 

That is again, assuming that AS3 honours the communities and will not propagate more specific routes to AS4.

0 Helpful

tyke96
Level 1
Level 1
In response to milan.kulik

‎03-15-2019 05:36 AM

Okay I think I have got it working by no longer trying to capture on the remote AS path number but now capturing on the local network I want to change the routing for and by using poisoning the relevant links everything routes as required.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card