cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2321
Views
10
Helpful
32
Replies

Setting BGP metrics for neighbors

Steven Williams
Level 4
Level 4

Is there a way to mark different networks with different metrics in the same route-map for the same neighbor?

 

Like if I want to mark 10.10.10.0/24 with metric of 900 but want to mark 20.20.20.0/24 with metric of 100, can I do this in the same route map?

32 Replies 32

Francesco Molino
VIP Alumni
VIP Alumni
Hi
Hope i understood your question correctly.
You can use prefix-lists, 1 port subnet like:
ip prefix-list subnet1 permit 10.10.10.0/24
ip prefix-list subnet2 permit 20.20.20.0/25

Then you can have 1 route-map with 2 sequences like:
route-map test permit 10
matc ip add prefi subnet1
set metric 900
route-map test permit 20
matc ip add prefi subnet2
set metric 100

And then you can apply your route-map as usual.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question


you may need (or not) "empty route map" statement to let other routes , like route-map test permit 50

Hello Martin,

you are right with route-maps depending on the way we use them we need to deal with the implicit deny any logic at the end of route-map.

The implicit deny any of route-maps have no effect only when using a route-map for PBR, because it means standard destination based routing.

In this context, an explicit last route-map block with permit may be needed to avoid unwanted filtering.

 

Final note: BGP MED is intended to be used in eBGP with directly connected AS and not in iBGP.

 

Best Regards

Giuseppe

 

What is the recommendation for iBGP then to influence inbound paths from other peers?

In you want to influence learned routes, you can use other attributes like weight, local-preference which are the more common for example.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Question: If it is all internal BGP why does it matter what attribute you use? Does one offer something more than the other?

It depends on what is configured and what you're learning and ...
It's important to choose the right attribute to prefer or not a prefix that follows BGP algorithm path selection. You can find the path selection algorithm here: https://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/13753-25.html

Let's take a basic examples:
You have prefix A and B. let's assume as-path for prefix A from router 1 is 65000 and prefix B from router 1 is 65000 65001. Also we assume we're learning prefix A from router 2 with as-path of 65000 65001 and prefix B from router 2 with as-path of 65000.
Based on this, we should get prefix A installed into RIB with a next-hop on router 1 and prefix B installed into RIB with next-hop on router 2. (assuming the previous attributes looked at by BGP are the same).
Now if we apply a local-pref on both prefixes coming from router 1 with a value of 200 (100 being the default). Both prefixes coming from router 1 will be installed into RIB. This shows that we used an attribute that is looked before the as-path and BGP will prefer it (local-pref) over the as-path. It's a quick and dirty explanation, hope it answers your question

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

So the issue I am having is a full mesh iBGP relationship between two firewalls and two core switches, all peering with Loopback addresses. The Core switches running HSRP alternating hsrp groups each northbound firewall is always going to choose core switch #1 without any attributes due to lowest router ID. The issue is I want the firewalls to choose the core switch that is the active hsrp node for a said vlan. So I was trying to change the metric to 900 for routes that are standby on each node so the firewalls would always head toward the active hsrp node for that vlan.

Hello Steven,

I remember your network scenario it was difficult to demonstrate that iBGP multipath was working.

However, I remember your firewalls are Palo Alto and may not support iBGP multipath.

 

If you want to influence only the firewalls choices you should look for the equivalent of Cisco weight.

If Palo Alto follows the Juniper way you should look to play with  route preference ( equivalent to Cisco AD but a 32 bit value).

 

If you change the MED on core switches you are going to break the iBGP multipath also on other devices that could use it.

 

If it is acceptable for you to build a load sharing solution based on IP subnets, because in all cases you need to go via the firewalls,  the suggested route-map can work also in iBGP. Pay attention to the way you close the route-map (if you need to pass some routes without changes in attributes).

 

Hope to help

Giuseppe

 

So the Palos do multi-path and they do it well. Really the issue is HSRP due to the fact both peers have interfaces for the same network on each and are connected networks so without some HSRP trickery each Palo is always going to select core sw #1 due to lowest router-id.

So you are saying look at the palo altos and try and configure them to select which node they want? I am not actually sure that is possible since they are learning the routes via BGP and I would think the routes they learn need to already be adjusted when learned.

If you want your upstream device to prefer a prefix from the active HSRP, I would do an EEM triggered on HSRP that will change a route-map modifying outbount as-path (prepend). If HSRP active no prepend and if standby then prepend. When it will be learned on your upstream device, it will prefer the one no prepended or with the shortest as-path


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Oh boy. sounds like something I will need to learn and lab. good references or article recommendations?

Don't have any doc right now to refer to but if you give your config sample, I can build something for you.

Give me a little bit of time to do so as I'm working on several projects at the same time.


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

What sample of config would you need? Or what should I include?
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: