Solved: what do most people do when having 2 internet connections from 2 isp's

carl_townshend · ‎03-28-2012

Hi all

I would like to know what most people do when having 2 internet connections to 2 different providers.

I spoke to somebody, they said that normally its best to get the full internet bgp table from both provider so the router can load share for different prefixes, as ISPA might have a lower AS path to a certain prefix.

- How do I make sure that im not a transit network between the providers? I saw something like a filter list saying permit ^$, Does that mean only advertise local originated networks to both providers ?

Also whats the best way of influencing the decision, would it be to use local pref or MED fro each prefix ?

cheers

Vasileios Bouloukos MSc, ITIL, CCIE · ‎03-29-2012

Hi Carl

You can find below the syntax of the command

ip as-path access-list access-list-number {permit | deny} as-regular-expression

neighbor {ip-address | peer-group-name} filter-list access-list-number {in | out}

The config could be the next

Router A config (e.g AS 300)

router bgp 300

neighbor 1.1.1.1 remote-as 100 ->ISP A

neighbor 1.1.1.1 filter-list 5 out

neighbor 2.2.2.2 remote-as 200 -> ISP B

neighbor 2.2.2.2 filter-list 5 out

ip as-path access-list 5 permit ^$

This config permits only paths with no AS path. So only the routes advertised by this router e.g. via network command, redistibution or via iBGP can be sent to the ISP routers. All the routes sent by the ISP have at least their AS number and so are not advertised by the customer router.

Hope that helps

Vasilis

View solution in original post

paolo bevilacqua · ‎03-28-2012

Yes, that is done with careful BGP configuration including but not limited to the techniques you mentioned.

A complete discussion really doesn't belong here as it fully covered in many books, documentation, white papers, training, etc.

Vasileios Bouloukos MSc, ITIL, CCIE · ‎03-28-2012

Hi Carl

Yes, the ^$ means that you advertise the BGP routes without any AS to the AS PATH. Since the internet routes pass via several AS the AS path have many entries. So, you filter the internet routes and to become your router transit.

To get the full internet routing depends on many parameters such as the CPU & memory of the router etc.

Hope that helps,

Vasilis

carl_townshend · ‎03-29-2012

hi Vasilis

Can you please explain a little more?, what this command does, say my router is router A, and I have router B which is ISP 1 and router B which is ISP 2, How would I only advertise the network I own to both providers, and not advertise each others, please explain using my scenario if possible, or a sample config

cheers

Vasileios Bouloukos MSc, ITIL, CCIE · ‎03-29-2012

Hi Carl

You can find below the syntax of the command

ip as-path access-list access-list-number {permit | deny} as-regular-expression

neighbor {ip-address | peer-group-name} filter-list access-list-number {in | out}

The config could be the next

Router A config (e.g AS 300)

router bgp 300

neighbor 1.1.1.1 remote-as 100 ->ISP A

neighbor 1.1.1.1 filter-list 5 out

neighbor 2.2.2.2 remote-as 200 -> ISP B

neighbor 2.2.2.2 filter-list 5 out

ip as-path access-list 5 permit ^$

This config permits only paths with no AS path. So only the routes advertised by this router e.g. via network command, redistibution or via iBGP can be sent to the ISP routers. All the routes sent by the ISP have at least their AS number and so are not advertised by the customer router.

Hope that helps

Vasilis

carl_townshend · ‎03-29-2012

Is this normal practice when dual homing to 2 seperate isp's?

thanks for your help by the way, much appreciated

Vasileios Bouloukos MSc, ITIL, CCIE · ‎03-29-2012

You are welcome.

This is one of the common methods. You can also use and other route filters such as prefix-list with route-maps, to the ISP BGP neighbor peers or with filtering of BGP assigned communities.

Thanks for the rate

Regards,

Vasilis