ISP CE router config for dual internet dual router

carl_townshend · ‎07-04-2023

Hi Guys

I am configuring 2 routers that connect to provider A and one connects to provider B, we have our own AS number and PI block.

I want to force all traffic out of provider A.

The 2 routers will be IBGP neighbours and I also want to prevent any traffic potentially transiting us. IP addresses are made up.

Does the following config look OK, this is from router A which will be primary.

router bgp 123456 (ISP PE)
bgp router-id 44.44.44.44
bgp log-neighbor-changes
network 197.76.24.0
neighbor 81.55.55.55 remote-as 654321 (IBGP neighbour)
neighbor 81.55.55.55 soft-reconfiguration inbound

neighbor 192.168.1.1 remote-as 123456

neighbor 192.168.1.1 route-map SET-LOCAL-PREF out
neighbor 192.168.1.1 filter-list 1 out
neighbor 192.168.1.1 soft-reconfiguration inbound
neighbor 192.168.1.1 next-hop-self

ip prefix-list LOCAL-PREF seq 5 permit 0.0.0.0/0

route-map SET-LOCAL-PREF permit 10
match ip address prefix-list LOCAL-PREF
set local-preference 500

ip as-path access-list 1 permit ^$

The same config would be applied on router B except the local pref stuff.

Does this look OK?

MHM Cisco World · ‎07-04-2023

ip as-path access-list 1 permit ^$ <<- this correct and must config OUT in both edge router.

carl_townshend · ‎07-05-2023

Hi

I assume we apply this outbound towards the ISP ? and not between the IBGP internal routers ?

MHM Cisco World · ‎07-05-2023

Sure' only toward ISP neighbor.

If we use with iBGP then I loss path control.

Joseph W. Doherty · ‎07-05-2023

Some comments. . .

Your BGP peers don't support dynamic route refresh?

Any concern about router B being used for ingress while all traffic egressing router A?

BTW, certainly good practice to insure your AS not used as a transit but you ISPs should be doing that too.

carl_townshend · ‎07-05-2023

When you say dynamic route refresh, do you mean we don't need the command soft-reconfiguration inbound ?

Joseph W. Doherty · ‎07-05-2023

Correct.

Dynamic route refresh is a feature for that purpose.

Likely any but a fairly old BGP implementation would support it. A BGP peer supporting it is shown in one of the BGP show commands (sh ip bgp neighbor x.x.x.x).

Giuseppe Larosa · ‎07-05-2023

Hello @carl_townshend ,

>> neighbor 192.168.1.1 route-map SET-LOCAL-PREF out

this should be

neighbor 192.168.1.1 route-map SET-LOCAL-PREF in

if this is your eBGP neighbor you should increase local preference inbound as it will be propagated to the iBGP peer(s) within your AS.

if this an iBGP neighbor you should apply inbound the route-map to the eBGP peer. This is the best practice for rising the local preference.

if 192.168.1.1 is an iBGP peer you need to remove

no neighbor 192.168.1.1 filter-list 1 out

otherwise you are defeating the purpose of rising the local pref on eBGP route as it cannot be propagated to iBGP peer.

Note 2:

ip prefix-list LOCAL-PREF seq 5 permit 0.0.0.0/0

this prefix-list is an exact match for the default route no other prefixes is allowed are you only receiving the default route from upstream provider ?

Hope to help

Giuseppe

MHM Cisco World · ‎07-05-2023

IN/OUT id depend on which edge router need to be prefer.

carl_townshend · ‎07-05-2023

Hi,

so to confirm I need to apply the route map for the local pref inbound from my ebgp neighbour I.e my isp, this will be then propagated to the ibgp neighbour? Surely I could just do the same but apply it outbound to the ibgp neighbour, does it not do the same thing ?

also, to confirm I apply the as path filter list outbound to the isp ?

we only receive default from the isp

MHM Cisco World · ‎07-05-2023

first AS-path filter to prevent site from be transit site
you can see you have only one Option here is OUTbound there is no INbound because we want to prevent Site from advertise any prefix not origin from Site itself

second for LP you have two direction and two position
IOU1 with INbound and LP prefer make IOU6 prefer than IOU1
IOU1 with OUTbound and LP prefer make 1 prefer than IOU6

and same in for IOU6
so as I mention before it depend on which edge router you want to prefer ?

carl_townshend · ‎07-06-2023

Hi

So for local preference, if I want IOU5 to be the exit point, do I apply the route map on the IOU1 router to the ISP IOU5 neighbour inbound? this will then get propagated from the IOU1 to the IOU6 router via BGP?

cheers

MHM Cisco World · ‎07-06-2023

you confuse here, I will share lab for you.
dont worry

MHM Cisco World · ‎07-06-2023

in R4 (AS400) I push default route and 4.4.4.4
then I test filter-list config in both R2 and R1 (your Edge router) to see if R5 receive this LO 4.4.4.4 or not, if it receive then your AS is NOW transit between R4(AS400) and R5(AS500)
as see that filter list is success and ONLY prefix originate in AS is advertise to R5/R4

that was part 1
then I have two edge router, I need all traffic go out R1 not R2, here I config LP OUT in R1
this make any prefix advertise by R1 toward R2 have LP =500
R2 NOW have two path for default route
one via R4(AS400) other via R1(AS100)
the best path select path via R1 since it have LP higher than LP of path via R4(AS400)
and task finish

MHM Cisco World · ‎07-06-2023

same as before we want to make path via R1 but this time I want to config route-map (LP prefer) in R2 not in R1 ,
as I mention before you can do that by config route-map and make direction IN