Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1239
Views
1
Helpful
11
Replies

Prepend AS_Path: Configuration Assistance

Go to solution
dcanady55
Level 3
Level 3

‎05-22-2023 07:26 AM - last edited on ‎06-22-2023 03:28 AM by Community Manager

Hello,

I have two site-to-site VPN tunnels coming off two FTD 2110s using BGP to a third party. One tunnel is primary, with the other being backup. The third party's documentation suggests that in order to control tunnel selection, I must do the following: Set a higher local preference, which I have done, and

prepend AS_Paths

to force a lower preference. I'm stuck on the

AS_Path

, as I'm not really sure where this is done. Under General Settings->BGP, then General again, I tried editing the "Number of AS numbers in the

AS_Path attribute of received routes

from none to 1 on my primary and 10 on my secondary. This did not resolve my asymmetric routing issue, as my requests are leaving my network and going out of the primary VPN as it is designed to do, but my third party is sending responses back to my backup VPN. This was working fine for 2-3 weeks, then something must have changed on their side, and they see my backup as the preferred route for some reason. If someone could share where I go to

prepend the
AS_Paths

,it would be greatly appreciated, or confirm that the section I modified was correct and I can go back to the third party.

Thanks,

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
paul driver
VIP
VIP
In response to dcanady55

‎05-24-2023 01:03 AM - last edited on ‎06-22-2023 04:18 AM by Community Manager

Hello
Are they within the same bgp ASN, as such do they have and IBGP peering with each other, if so then id would use local preference instead of weight and yes use the

route-map for as-prepending



Example2:

FW1


route-map LP_rm
set local-preference 10000

router bgp 10
neigbour <Fw2> remote-as 10
neigbour <Fw2> next-hop self
neigbour <primary isp> route-map LP in



FW2
route-map PrePend_rm
set as-path prepend 10 10 10

router bgp 10
neigbour <Fw1> remote-as 10
neigbour <Fw1> next-hop self
neigbour <backup isp> route-map PrePend_rm OUT

 




Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

0 Helpful
11 Replies 11

Go to solution
MHM Cisco World
VIP
VIP

‎05-22-2023 07:39 AM - last edited on ‎06-07-2023 02:13 AM by Community Manager

the Local Perference control the outbound traffic 
the

AS_PATH

control the inbound traffic 
check this 

  1. Enter the Number of AS numbers in

    AS_PATH

    attribute. An

     AS _PATH

    attribute is a sequence of intermediate AS numbers between source and destination routers that form a directed route for packets to travel. Valid values are between 1 and 254. The default value is None.

0 Helpful

Go to solution
M02@rt37
VIP
VIP

‎05-22-2023 07:58 AM - last edited on ‎06-22-2023 03:01 AM by Community Manager

Hello @dcanady55,

To control how to enter in your AS for a particular subnet you can configure

AS prepend

. On the other hand, to influence how to exit from your AS for a particular Subnet (outbound) you configure Local-Preference (iBGP conserve the local pref value, not eBGP).As concerned,

AS_PATH

attribute you can increase the value on the "secondary" side. Note, that some provider dont accept more than 10 value. Add twice your

AS_PATH

should be good to influence as you wish. To have symetric flow, configure the local pref consequently. Default value is 100, greater is this value, better choice you have.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.
0 Helpful

Go to solution
paul driver
VIP
VIP

‎05-22-2023 02:51 PM - last edited on ‎06-22-2023 04:23 AM by Community Manager

Hello

@dcanady55 wrote:

Hello,

I have two site-to-site VPN tunnels coming off two FTD 2110s using BGP to a third party. One tunnel is primary, with the other being backup.


I assume then these two boxes are in a HA configuration as such it will be seen as a single logical unit with two EBGP peering towards the ISPs.

If this is the case then would suggest:

Egress traffic

use weight attribute towards your isps peers (higher value most preferred)

Ingress traffic

- use

AS-Path prepending

out towards the least preferred isp (backup) peer)

Example:

route-map PrePend_rm


set as-path prepend 10 10 10 router bgp 10
neigbour <primary isp> weight 60000
neigbour <backup isp> weight 40000
neigbour <backup isp> route-map PrePend_rm OUT


clear ip bgp * soft




 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Go to solution
dcanady55
Level 3
Level 3
In response to paul driver

‎05-23-2023 05:28 AM

Hi Paul,

No, these two FTDs are in separate DCs. They both are a part of an HA group within their respective DC though. Would you still recommend a route map? 

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to dcanady55

‎05-23-2023 05:38 AM - last edited on ‎06-22-2023 02:16 AM by Community Manager

the issue is using

AS_PATH
prepend

or it missing from FMC/FDM ?

0 Helpful

Go to solution
dcanady55
Level 3
Level 3
In response to MHM Cisco World

‎05-23-2023 05:49 AM - last edited on ‎06-22-2023 02:19 AM by Community Manager

The issue was I couldn't find anything on the FMC under BGP related to

prepending

the

 AS_Path

. I know now from Paul's post that this is found within a

route map

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to dcanady55

‎05-23-2023 06:14 AM - last edited on ‎06-22-2023 03:20 AM by Community Manager

Yes but I think you need to use

route-map

with flexconfig. 
or there is other

route-map

?
did you check as

attribute

?

0 Helpful

Go to solution
paul driver
VIP
VIP
In response to dcanady55

‎05-24-2023 01:03 AM - last edited on ‎06-22-2023 04:18 AM by Community Manager

Hello
Are they within the same bgp ASN, as such do they have and IBGP peering with each other, if so then id would use local preference instead of weight and yes use the

route-map for as-prepending



Example2:

FW1


route-map LP_rm
set local-preference 10000

router bgp 10
neigbour <Fw2> remote-as 10
neigbour <Fw2> next-hop self
neigbour <primary isp> route-map LP in



FW2
route-map PrePend_rm
set as-path prepend 10 10 10

router bgp 10
neigbour <Fw1> remote-as 10
neigbour <Fw1> next-hop self
neigbour <backup isp> route-map PrePend_rm OUT

 




Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Go to solution
MHM Cisco World
VIP
VIP

‎06-03-2023 01:32 PM - last edited on ‎06-22-2023 03:24 AM by Community Manager

Hi Friend, Other Cisco community member face same issue with BGP, he need to use

route-map

in flexconfig to modify MED/

AS-Prepend

can you share the flexconfig you use. 
Thanks 
MHM

0 Helpful

Go to solution
dcanady55
Level 3
Level 3
In response to MHM Cisco World

‎06-12-2023 07:22 AM - last edited on ‎06-22-2023 03:26 AM by Community Manager

No flexconfig needed. I built a standard ACL then created a

route map

attaching the ACL to it. Inside that

route map

is where you can

prepend the AS path

under set clauses. Then you go back into BGP under routing and under neighbor you add the

route map out

Go to solution
MHM Cisco World
VIP
VIP
In response to dcanady55

‎06-12-2023 07:35 AM

thanks a lot I get the idea, 
have a nice day 
MHM

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card