cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1240
Views
1
Helpful
11
Replies

Prepend AS_Path: Configuration Assistance

dcanady55
Level 3
Level 3

Hello,

I have two site-to-site VPN tunnels coming off two FTD 2110s using BGP to a third party. One tunnel is primary, with the other being backup. The third party's documentation suggests that in order to control tunnel selection, I must do the following: Set a higher local preference, which I have done, and

prepend AS_Paths

to force a lower preference. I'm stuck on the

AS_Path

, as I'm not really sure where this is done. Under General Settings->BGP, then General again, I tried editing the "Number of AS numbers in the

AS_Path attribute of received routes

from none to 1 on my primary and 10 on my secondary. This did not resolve my asymmetric routing issue, as my requests are leaving my network and going out of the primary VPN as it is designed to do, but my third party is sending responses back to my backup VPN. This was working fine for 2-3 weeks, then something must have changed on their side, and they see my backup as the preferred route for some reason. If someone could share where I go to

prepend the
AS_Paths

,it would be greatly appreciated, or confirm that the section I modified was correct and I can go back to the third party.

Thanks,

1 Accepted Solution

Accepted Solutions

Hello
Are they within the same bgp ASN, as such do they have and IBGP peering with each other, if so then id would use local preference instead of weight and yes use the

route-map for as-prepending



Example2:

FW1


route-map LP_rm
set local-preference 10000


router bgp 10
neigbour <Fw2> remote-as 10
neigbour <Fw2> next-hop self
neigbour <primary isp> route-map LP in




FW2
route-map PrePend_rm
set as-path prepend 10 10 10

router bgp 10
neigbour <Fw1> remote-as 10
neigbour <Fw1> next-hop self

neigbour <backup isp> route-map PrePend_rm OUT

 




Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

11 Replies 11

the Local Perference control the outbound traffic 
the

AS_PATH 

control the inbound traffic 
check this 

  1. Enter the Number of AS numbers in

    AS_PATH

    attribute. An

     AS _PATH

    attribute is a sequence of intermediate AS numbers between source and destination routers that form a directed route for packets to travel. Valid values are between 1 and 254. The default value is None.

M02@rt37
VIP
VIP

Hello @dcanady55,

To control how to enter in your AS for a particular subnet you can configure

AS prepend

. On the other hand, to influence how to exit from your AS for a particular Subnet (outbound) you configure Local-Preference (iBGP conserve the local pref value, not eBGP).As concerned,

AS_PATH

attribute you can increase the value on the "secondary" side. Note, that some provider dont accept more than 10 value. Add twice your

AS_PATH

should be good to influence as you wish. To have symetric flow, configure the local pref consequently. Default value is 100, greater is this value, better choice you have.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

Hello


@dcanady55 wrote:

Hello,

I have two site-to-site VPN tunnels coming off two FTD 2110s using BGP to a third party. One tunnel is primary, with the other being backup.



I assume then these two boxes are in a HA configuration as such it will be seen as a single logical unit with two EBGP peering towards the ISPs.

If this is the case then would suggest:

Egress traffic

use weight attribute towards your isps peers (higher value most preferred)

Ingress traffic

- use

AS-Path prepending

out towards the least preferred isp (backup) peer)

Example:

route-map PrePend_rm


set as-path prepend 10 10 10 router bgp 10
neigbour <primary isp> weight 60000
neigbour <backup isp> weight 40000
neigbour <backup isp> route-map PrePend_rm OUT


clear ip bgp * soft




 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Hi Paul,

No, these two FTDs are in separate DCs. They both are a part of an HA group within their respective DC though. Would you still recommend a route map? 

the issue is using

AS_PATH
prepend

or it missing from FMC/FDM ?

The issue was I couldn't find anything on the FMC under BGP related to

prepending

the

 AS_Path

. I know now from Paul's post that this is found within a

route map

Yes but I think you need to use

route-map

with flexconfig. 
or there is other

route-map

?
did you check as

attribute

?

Hello
Are they within the same bgp ASN, as such do they have and IBGP peering with each other, if so then id would use local preference instead of weight and yes use the

route-map for as-prepending



Example2:

FW1


route-map LP_rm
set local-preference 10000


router bgp 10
neigbour <Fw2> remote-as 10
neigbour <Fw2> next-hop self
neigbour <primary isp> route-map LP in




FW2
route-map PrePend_rm
set as-path prepend 10 10 10

router bgp 10
neigbour <Fw1> remote-as 10
neigbour <Fw1> next-hop self

neigbour <backup isp> route-map PrePend_rm OUT

 




Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Hi Friend, Other Cisco community member face same issue with BGP, he need to use

route-map

in flexconfig to modify MED/

AS-Prepend

can you share the flexconfig you use. 
Thanks 
MHM

No flexconfig needed. I built a standard ACL then created a

route map

attaching the ACL to it. Inside that

route map

is where you can

prepend the AS path

under set clauses. Then you go back into BGP under routing and under neighbor you add the

route map out

thanks a lot I get the idea, 
have a nice day 
MHM

Review Cisco Networking for a $25 gift card