Re: Influence inbound traffic routing with BGP AS_Path prepend based upon source AS

tyke96 · ‎03-14-2019

Hi All,

I am trying to influence upstream routers paths into my AS, AS 1, using AS Path Prepend (See crudely drawn picture). However rather than in normal multi-homed scenarios whereby I would just apply a certain prepend on a certain interface connected to the "backup AS", leaving the other link to become the suggested preferred. I would like to influence the path selection for a AS that i'm not directly connected too, AS 4 in my case, whilst not influencing the routing of my directly connected AS, AS 2 and 3. So AS 2 and AS 3 will still route directly towards AS 1, but AS 4 would route via AS 3 all the time. Given that I only control AS 1 I can only configure my edge router and not set any local preference within AS 4. I have tried doing this using regular expressions to capture traffic from AS 4 and prepend my AS onto it, however I may be missing something vital to do with either capturing the correct packets or AS 2 and 3 only advertising there own routes.

Trail config :

ip as-path access-list 2 permit _4$

route-map asprepend permit 10

match as-path 2

set as-path prepend 1

route-map asprepend permit 20

router bgp 2

neighbor xxx.xxx.xxx.xxx route-map asprepend out

So what I have tried to do is capture any traffic which would have originated in AS 4, then prepend my AS 1, I have only applied this routemap towards the router in AS 2 as I would like traffic to come in via AS 3

milan.kulik · ‎03-14-2019

Hi,

if you simply prepend AS1 once to all prefixes advertised towards AS2, AS4 should prefer the path through AS3.

As long as AS2 and AS3 are not peering directly, everything would work fine.

In a case AS2 and 3 would be peering, you would need something more sophisticated.

Like "poisoning" the prefixes advertised to AS2 by prepending AS4 once (instead of AS1) and prepending AS1 once to prefixes advertised to AS3.

This a little "dirty" trick would make AS4 to drop your prefixes received via AS2 and always use the prefixes received via AS3 only.

BR,

Milan

tyke96 · ‎03-14-2019

Apologies yes AS2 and AS3 are peered, hence why I guess my first solution wasn't working. Understand the concept of your poisoning the path. Two questions is there any legal/ethical considerations to think about when doing this?

Secondly when testing this in the lab it would seem still not to work, config for edge router on AS1 below.

I have created the access-list to capture any packet originating from AS4

Then added the two routemaps to the different AS neighbouring, one adding AS4 to the peer to AS2, then the second adding AS1 to AS3.

R1-3#
R1-3#show running-config | section access
ip as-path access-list 2 permit _4$
R1-3#
R1-3#show running-config | section asprepend
neighbor xx.x.2.1 route-map asprepend1 out
neighbor xx.x.3.1 route-map asprepend out
route-map asprepend1 permit 10
match as-path 2
set as-path prepend 4
route-map asprepend1 permit 20
route-map asprepend permit 10
match as-path 2
set as-path prepend 1
route-map asprepend permit 20
R1-3#

Sergey Lisitsin · ‎03-14-2019

tyke96,

Here is my solution for you, assuming you want AS4 to choose the path over AS2 to reach your AS:

1. Advertise specific prefixes to AS2

2. Advertise summary of these prefixes to AS3

3. Advertise specific prefixes to AS3, attaching a no-export community to them

Hopefully, if AS3 honours the communities, it will not further advertise these prefixes to AS2 and AS4, which will make AS4 receive two sets of the prefixes: one from AS2 with AS-path length of 2 and one from AS3 with AS-path length of 3. Iti will naturally select the path via AS2 as being a shorter path. AS3 on the other hand will not prefer the path via AS2, because it will have its own copy of the prefixes directly from AS1 with shorter AS-path.

That is again, assuming that AS3 honours the communities and will not propagate more specific routes to AS4.

tyke96 · ‎03-15-2019

Okay I think I have got it working by no longer trying to capture on the remote AS path number but now capturing on the local network I want to change the routing for and by using poisoning the relevant links everything routes as required.