ā07-17-2024 08:16 PM
hi, we have multiple internet lines and some public IP address blocks (subnet A, and subnet B). Now we chose one Internet line as primary link and another internet line as backup line,and configured route-map with prepend local AS x x x when advertising public subnet A and B to ISP via bgp, but we still see the asymmetric routing issue. Outbound traffics are routed via Internet line 1, and return traffics are routed via internet 2. We want to update the as-path prepend in the route-map with add more local AS numbers. Can anyone please advise whether there will be any issue at ISP side if adding too local AS numbers? What is the max as-path length of BGP? Thanks in advance.
Set clauses:
as-path prepend 3xxxx 3xxx 3xxx 3xxx 3xxx 3xxx
Solved! Go to Solution.
ā07-17-2024 08:43 PM
Check this document. It depends on if other ISPs have this configured later in the path.
Cisco IOS IP Routing: BGP Command Reference - BGP Commands: A through B [Support] - Cisco
-David
ā07-17-2024 09:28 PM - edited ā07-17-2024 10:04 PM
Hi @Herman2018 ,
Setting a longer AS path on the backup link does not always guarantee that traffic will come back via the primary link. This is because other BGP attributes are used to determine the best path.
For instance most service providers (SP) will prefer customers routes over peer routes and peer routes over transit routes. They do that by setting the local preference accordingly. This obviously takes precedence over the AS path length, as the local preference is evaluated before in the BGP best path selection process.
A safer approach is to use the BGP conditional advertisement feature. This feature causes the local prefixes (subnet A and B) to be advertised to the secondary SP only if you stop receiving certain routes from the primary SP. This will ensure that trafic from the Internet returns through the primary SP as long as it is available and uses the secondary SP only in case the primary fails.
Please refer to the following document for more information on how to configure this feature.
https://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/16137-cond-adv.html
Regards,
ā07-18-2024 05:47 AM
Hey @Herman2018 !
Asymmetric routing can be a real head-scratcher, especially when you've tried tactics like AS path prepending and still see return traffic taking the backup link. Here's the thing: BGP considers multiple factors beyond just AS path length when choosing the "best" route.
Think of it like this: Service providers (SPs) often prioritize their customers' routes over others. They do this by setting a higher "local preference" value for customer routes. This effectively trumps AS path length because it's evaluated earlier in the BGP decision-making process.
So, relying solely on prepending might not always get the desired outcome. Here's a cooler approach you can try: BGP conditional advertisement.
This nifty feature lets you advertise your prefixes (subnet A and B) to the secondary SP only when specific routes from the primary SP go missing. This ensures traffic returns through the primary link as long as it's healthy, and only utilizes the backup if the primary falters.
ā07-18-2024 06:53 AM
As most of the other replies have described, prepending ASs doesn't guarantee your preferred ingress path.
The suggestion to use conditional advertisement will guarantee ingress path choice for the simple reason external ASs will only see one active path at the same time. One possible downside, when your site switches to a backup path, recognition of the change, by the rest of the Internet, might be a bit sluggish.
Do you have you own AS and address block? (I suspect you might, otherwise how would other ASs potentially have multiple path choices to your site?)
If you do have your own AS, you might discuss your preference to use one path first, if available, with your ISPs.
Also, there are multiple valid reasons to prefer one path, exclusively, over another, but, hopefully, not because asymmetrical routing is implicitly bad/evil.
If you do pursue discussions with your ISPs, you might find you have options to use your multiple paths as you think best.
ā07-17-2024 08:43 PM
Check this document. It depends on if other ISPs have this configured later in the path.
Cisco IOS IP Routing: BGP Command Reference - BGP Commands: A through B [Support] - Cisco
-David
ā07-17-2024 11:18 PM
thanks @David Ruess for your advice!
ā07-17-2024 09:28 PM - edited ā07-17-2024 10:04 PM
Hi @Herman2018 ,
Setting a longer AS path on the backup link does not always guarantee that traffic will come back via the primary link. This is because other BGP attributes are used to determine the best path.
For instance most service providers (SP) will prefer customers routes over peer routes and peer routes over transit routes. They do that by setting the local preference accordingly. This obviously takes precedence over the AS path length, as the local preference is evaluated before in the BGP best path selection process.
A safer approach is to use the BGP conditional advertisement feature. This feature causes the local prefixes (subnet A and B) to be advertised to the secondary SP only if you stop receiving certain routes from the primary SP. This will ensure that trafic from the Internet returns through the primary SP as long as it is available and uses the secondary SP only in case the primary fails.
Please refer to the following document for more information on how to configure this feature.
https://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/16137-cond-adv.html
Regards,
ā07-17-2024 11:16 PM
Thanks a lot @Harold Ritter for your kind advice!
ā07-18-2024 02:48 PM
You are very welcome @Herman2018 and thanks for the feedback
ā07-18-2024 05:39 AM
https://sec.cloudapps.cisco.com/security/center/resources/protecting_border_gateway_protocol#11
one of BGP protection is use as path limit
you know how many AS between you and your SP so you can add as path limit to protect your network from BGP attack
MHM
ā07-18-2024 05:47 AM
Hey @Herman2018 !
Asymmetric routing can be a real head-scratcher, especially when you've tried tactics like AS path prepending and still see return traffic taking the backup link. Here's the thing: BGP considers multiple factors beyond just AS path length when choosing the "best" route.
Think of it like this: Service providers (SPs) often prioritize their customers' routes over others. They do this by setting a higher "local preference" value for customer routes. This effectively trumps AS path length because it's evaluated earlier in the BGP decision-making process.
So, relying solely on prepending might not always get the desired outcome. Here's a cooler approach you can try: BGP conditional advertisement.
This nifty feature lets you advertise your prefixes (subnet A and B) to the secondary SP only when specific routes from the primary SP go missing. This ensures traffic returns through the primary link as long as it's healthy, and only utilizes the backup if the primary falters.
ā07-18-2024 06:53 AM
As most of the other replies have described, prepending ASs doesn't guarantee your preferred ingress path.
The suggestion to use conditional advertisement will guarantee ingress path choice for the simple reason external ASs will only see one active path at the same time. One possible downside, when your site switches to a backup path, recognition of the change, by the rest of the Internet, might be a bit sluggish.
Do you have you own AS and address block? (I suspect you might, otherwise how would other ASs potentially have multiple path choices to your site?)
If you do have your own AS, you might discuss your preference to use one path first, if available, with your ISPs.
Also, there are multiple valid reasons to prefer one path, exclusively, over another, but, hopefully, not because asymmetrical routing is implicitly bad/evil.
If you do pursue discussions with your ISPs, you might find you have options to use your multiple paths as you think best.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide