verssa
asked on
Problems with BGP - need optimization
Hi,
I have just inherited some BGP configuration and the current configuration seems inefficient. We have a hosting facility with 3 providers (A - 30MB, B -10MB, C -30MB). We have 2 Core routers that are interconnected to each other.
Core A has BGP peering with Provider A.
Core B has BGP peering with Provider B and C.
Both core routers have redundant links to downstream Cisco switches running OSPF for redistribution of the WAN IP blocks into individual VLAN/servers.
I have attached the two configs from each Core router, and we have used AS10000 (hypothetically) as our ASN.
--------------------------
router bgp 10000
bgp router-id 60.60.60.1
bgp log-neighbor-changes
network 65.80.31.0/24
aggregate-address 74.66.0.0/23 summary-only
aggregate-address 206.85.20.0/24 summary-only
aggregate-address 200.78.145.0/24 summary-only
redistribute kernel route-map KERNEL-IN
redistribute ospf route-map local-to-bgp
neighbor 60.60.60.2 remote-as 19094
neighbor 60.60.60.2 description ISP A - 30MB
neighbor 60.60.60.2 soft-reconfiguration inbound
neighbor 60.60.60.2 route-map PEER_ISP_A_in in
neighbor 60.60.60.2 route-map PEER_ISP_A_out out
neighbor 50.50.50.2 remote-as 10000
neighbor 50.50.50.2 description Connection to Core Router B
neighbor 50.50.50.2 next-hop-self
neighbor 50.50.50.2 soft-reconfiguration inbound
!
!
ip prefix-list KERNEL-IN seq 5 permit 65.80.31.0/24
ip prefix-list KERNEL-IN seq 10 permit 0.0.0.0/0
ip prefix-list KERNEL-IN seq 15 deny any
ip prefix-list local-to-bgp description Do not allow this router's local IPs into BGP, mess-up aggregation
ip prefix-list local-to-bgp seq 5 deny 200.78.145.28/30
ip prefix-list local-to-bgp seq 10 deny 200.78.145.32/30
ip prefix-list local-to-bgp seq 15 permit 74.66.0.0/23 le 32
ip prefix-list local-to-bgp seq 20 permit 206.85.20.0/24 le 32
ip prefix-list local-to-bgp seq 25 permit 200.78.145.0/24 le 32
ip prefix-list local-to-bgp seq 30 permit 65.80.31.0/24
ip prefix-list local-to-bgp seq 99 deny any
ip prefix-list pl_peer_1_out seq 5 permit 200.78.145.0/24
ip prefix-list pl_peer_1_out seq 10 permit 65.80.31.0/24
ip prefix-list pl_peer_1_out seq 15 permit 206.85.20.0/24
ip prefix-list pl_peer_1_out seq 20 permit 74.66.0.0/23
route-map PEER_ISP_A_out permit 5
match ip address prefix-list pl_peer_1_out
!
route-map KERNEL-IN permit 10
match ip address prefix-list KERNEL-IN
!
route-map PEER_ISP_A_in permit 10
set as-path prepend 19094
!
--------------------------
router bgp 10000
bgp router-id 70.70.70.1
bgp log-neighbor-changes
network 72.159.110.0/28
aggregate-address 74.66.0.0/23 summary-only
aggregate-address 206.85.20.0/24 summary-only
aggregate-address 200.78.145.0/24 summary-only
redistribute ospf route-map local-to-bgp
neighbor 70.70.70.2 remote-as 7893
neighbor 70.70.70.2 description ISP B - 10MB
neighbor 70.70.70.2 soft-reconfiguration inbound
neighbor 70.70.70.2 route-map PEER_ISP_B_in in
neighbor 70.70.70.2 route-map PEER_ISP_B_out out
neighbor 80.80.80.2 remote-as 23126
neighbor 80.80.80.2 description ISP C - 30 MB
neighbor 80.80.80.2 soft-reconfiguration inbound
neighbor 80.80.80.2 route-map PEER_ISP_C_out out
neighbor 50.50.50.1 remote-as 10000
neighbor 50.50.50.1 description Connection to Core Router A
neighbor 50.50.50.1 next-hop-self
neighbor 50.50.50.1 soft-reconfiguration inbound
ip prefix-list ISP-C-TEST seq 10 permit 74.66.0.0/23 le 24
ip prefix-list ISP-C-TEST seq 99 deny any
ip prefix-list local-to-bgp description Do not allow this router's local IPs into BGP, mess-up aggregation
ip prefix-list local-to-bgp seq 5 deny 200.78.145.36/30
ip prefix-list local-to-bgp seq 10 deny 200.78.145.40/30
ip prefix-list local-to-bgp seq 15 permit 74.66.0.0/23 le 32
ip prefix-list local-to-bgp seq 20 permit 206.85.20.0/24 le 32
ip prefix-list local-to-bgp seq 25 permit 200.78.145.0/24 le 32
ip prefix-list local-to-bgp seq 30 permit 65.80.31.0/24
ip prefix-list local-to-bgp seq 99 deny any
ip prefix-list pl_peer_1_out seq 5 permit 200.78.145.0/24
ip prefix-list pl_peer_1_out seq 10 permit 65.80.31.0/24
ip prefix-list pl_peer_1_out seq 15 permit 206.85.20.0/24
ip prefix-list pl_peer_1_out seq 20 permit 74.66.0.0/23
!
ip as-path access-list ISP_B_Paths permit _1239$
ip as-path access-list ISP_B_Paths permit _11530$
ip as-path access-list ISP_B_Paths permit 7893_6389_7018_1239_[0-9]*
ip as-path access-list ISP_B_Paths permit _7018$
!
route-map PEER_ISP_B_out permit 5
match ip address prefix-list pl_peer_1_out
set as-path prepend 10000
!
route-map PEER_ISP_C_out permit 10
match ip address prefix-list ISP-C-TEST
set as-path prepend 10000 10000 10000
!
route-map PEER_ISP_B_in permit 5
match as-path ISP_B_Paths
set local-preference 110
!
route-map PEER_ISP_B_in permit 10
set local-preference 100
!
--------------------------
The problem I am facing is that I am having difficulty selecting specific providers for outbound traffic. The current configuration seems to favor all traffic going out through PROVIDER A. I need to know how to force bulk (if not all) outbound traffic through PROVIDER B and possibly load balance outbound traffic is possible. If Provider B goes down, then Provider A will keep up the slack, etc. I also would like to know how I can make incoming traffic to a specific subnet (74.66.0.0/23) mainly through Provider B, but will accessible via the remaining Providers if Provider B goes down.
Out of the 4 subnets we have, 3 of them are from Provider A, and one of them (206.85.20.0/24) is from Provider B. For Provider C, we do not have any assigned IP space and they are just accepting routes from us.
I'd appreciate if someone can revamp my config into a more efficient, simple config that will accomplish the objectives stated above. I am open to a full/fresh configuration if necessary. Thanks and let me know if you have any questions.
I am open to a full reconfiguration of the routers in order to optimize the BGP routes.
I have just inherited some BGP configuration and the current configuration seems inefficient. We have a hosting facility with 3 providers (A - 30MB, B -10MB, C -30MB). We have 2 Core routers that are interconnected to each other.
Core A has BGP peering with Provider A.
Core B has BGP peering with Provider B and C.
Both core routers have redundant links to downstream Cisco switches running OSPF for redistribution of the WAN IP blocks into individual VLAN/servers.
I have attached the two configs from each Core router, and we have used AS10000 (hypothetically) as our ASN.
--------------------------
router bgp 10000
bgp router-id 60.60.60.1
bgp log-neighbor-changes
network 65.80.31.0/24
aggregate-address 74.66.0.0/23 summary-only
aggregate-address 206.85.20.0/24 summary-only
aggregate-address 200.78.145.0/24 summary-only
redistribute kernel route-map KERNEL-IN
redistribute ospf route-map local-to-bgp
neighbor 60.60.60.2 remote-as 19094
neighbor 60.60.60.2 description ISP A - 30MB
neighbor 60.60.60.2 soft-reconfiguration inbound
neighbor 60.60.60.2 route-map PEER_ISP_A_in in
neighbor 60.60.60.2 route-map PEER_ISP_A_out out
neighbor 50.50.50.2 remote-as 10000
neighbor 50.50.50.2 description Connection to Core Router B
neighbor 50.50.50.2 next-hop-self
neighbor 50.50.50.2 soft-reconfiguration inbound
!
!
ip prefix-list KERNEL-IN seq 5 permit 65.80.31.0/24
ip prefix-list KERNEL-IN seq 10 permit 0.0.0.0/0
ip prefix-list KERNEL-IN seq 15 deny any
ip prefix-list local-to-bgp description Do not allow this router's local IPs into BGP, mess-up aggregation
ip prefix-list local-to-bgp seq 5 deny 200.78.145.28/30
ip prefix-list local-to-bgp seq 10 deny 200.78.145.32/30
ip prefix-list local-to-bgp seq 15 permit 74.66.0.0/23 le 32
ip prefix-list local-to-bgp seq 20 permit 206.85.20.0/24 le 32
ip prefix-list local-to-bgp seq 25 permit 200.78.145.0/24 le 32
ip prefix-list local-to-bgp seq 30 permit 65.80.31.0/24
ip prefix-list local-to-bgp seq 99 deny any
ip prefix-list pl_peer_1_out seq 5 permit 200.78.145.0/24
ip prefix-list pl_peer_1_out seq 10 permit 65.80.31.0/24
ip prefix-list pl_peer_1_out seq 15 permit 206.85.20.0/24
ip prefix-list pl_peer_1_out seq 20 permit 74.66.0.0/23
route-map PEER_ISP_A_out permit 5
match ip address prefix-list pl_peer_1_out
!
route-map KERNEL-IN permit 10
match ip address prefix-list KERNEL-IN
!
route-map PEER_ISP_A_in permit 10
set as-path prepend 19094
!
--------------------------
router bgp 10000
bgp router-id 70.70.70.1
bgp log-neighbor-changes
network 72.159.110.0/28
aggregate-address 74.66.0.0/23 summary-only
aggregate-address 206.85.20.0/24 summary-only
aggregate-address 200.78.145.0/24 summary-only
redistribute ospf route-map local-to-bgp
neighbor 70.70.70.2 remote-as 7893
neighbor 70.70.70.2 description ISP B - 10MB
neighbor 70.70.70.2 soft-reconfiguration inbound
neighbor 70.70.70.2 route-map PEER_ISP_B_in in
neighbor 70.70.70.2 route-map PEER_ISP_B_out out
neighbor 80.80.80.2 remote-as 23126
neighbor 80.80.80.2 description ISP C - 30 MB
neighbor 80.80.80.2 soft-reconfiguration inbound
neighbor 80.80.80.2 route-map PEER_ISP_C_out out
neighbor 50.50.50.1 remote-as 10000
neighbor 50.50.50.1 description Connection to Core Router A
neighbor 50.50.50.1 next-hop-self
neighbor 50.50.50.1 soft-reconfiguration inbound
ip prefix-list ISP-C-TEST seq 10 permit 74.66.0.0/23 le 24
ip prefix-list ISP-C-TEST seq 99 deny any
ip prefix-list local-to-bgp description Do not allow this router's local IPs into BGP, mess-up aggregation
ip prefix-list local-to-bgp seq 5 deny 200.78.145.36/30
ip prefix-list local-to-bgp seq 10 deny 200.78.145.40/30
ip prefix-list local-to-bgp seq 15 permit 74.66.0.0/23 le 32
ip prefix-list local-to-bgp seq 20 permit 206.85.20.0/24 le 32
ip prefix-list local-to-bgp seq 25 permit 200.78.145.0/24 le 32
ip prefix-list local-to-bgp seq 30 permit 65.80.31.0/24
ip prefix-list local-to-bgp seq 99 deny any
ip prefix-list pl_peer_1_out seq 5 permit 200.78.145.0/24
ip prefix-list pl_peer_1_out seq 10 permit 65.80.31.0/24
ip prefix-list pl_peer_1_out seq 15 permit 206.85.20.0/24
ip prefix-list pl_peer_1_out seq 20 permit 74.66.0.0/23
!
ip as-path access-list ISP_B_Paths permit _1239$
ip as-path access-list ISP_B_Paths permit _11530$
ip as-path access-list ISP_B_Paths permit 7893_6389_7018_1239_[0-9]*
ip as-path access-list ISP_B_Paths permit _7018$
!
route-map PEER_ISP_B_out permit 5
match ip address prefix-list pl_peer_1_out
set as-path prepend 10000
!
route-map PEER_ISP_C_out permit 10
match ip address prefix-list ISP-C-TEST
set as-path prepend 10000 10000 10000
!
route-map PEER_ISP_B_in permit 5
match as-path ISP_B_Paths
set local-preference 110
!
route-map PEER_ISP_B_in permit 10
set local-preference 100
!
--------------------------
The problem I am facing is that I am having difficulty selecting specific providers for outbound traffic. The current configuration seems to favor all traffic going out through PROVIDER A. I need to know how to force bulk (if not all) outbound traffic through PROVIDER B and possibly load balance outbound traffic is possible. If Provider B goes down, then Provider A will keep up the slack, etc. I also would like to know how I can make incoming traffic to a specific subnet (74.66.0.0/23) mainly through Provider B, but will accessible via the remaining Providers if Provider B goes down.
Out of the 4 subnets we have, 3 of them are from Provider A, and one of them (206.85.20.0/24) is from Provider B. For Provider C, we do not have any assigned IP space and they are just accepting routes from us.
I'd appreciate if someone can revamp my config into a more efficient, simple config that will accomplish the objectives stated above. I am open to a full/fresh configuration if necessary. Thanks and let me know if you have any questions.
I am open to a full reconfiguration of the routers in order to optimize the BGP routes.
ASKER
Hi Reddustee,
Thanks for the comments. Yes, we are receiving full routes from each providers. For 2), as far as the ISP_B_Paths as-path access-list is concerned, I am kinda confused myself as to why it was there originally (I kinda inherited the configuration just days ago). Thanks for your answer in 3). For 4) I will check with the providers to see whether they will accept the prependings.
How do we go on load balancing outbound traffic with preference to a specific provider?
Thanks for the comments. Yes, we are receiving full routes from each providers. For 2), as far as the ISP_B_Paths as-path access-list is concerned, I am kinda confused myself as to why it was there originally (I kinda inherited the configuration just days ago). Thanks for your answer in 3). For 4) I will check with the providers to see whether they will accept the prependings.
How do we go on load balancing outbound traffic with preference to a specific provider?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
i'm not going to try to rewrite your whole config, but here's some comments:
1) this code below is not needed - just adds extra processing. default local preference is already 100
route-map PEER_ISP_B_in permit 10
set local-preference 100
2) are you receiving full routes from each of the 3 providers? any reason why you've only selected these as paths for preferred routes going out of provider B link? if you want all traffic to exit to provider B, then you should just set local pref 110 for all incoming routes, and not select specific ones.
ip as-path access-list ISP_B_Paths permit _1239$
ip as-path access-list ISP_B_Paths permit _11530$
ip as-path access-list ISP_B_Paths permit 7893_6389_7018_1239_[0-9]*
ip as-path access-list ISP_B_Paths permit _7018$
3) this config below may not have very much effect. it's not usual practice to prepend on an route-map in. usually prepend only for advertisements out of the AS.
route-map PEER_ISP_A_in permit 10
set as-path prepend 19094
!
4) >>make incoming traffic to a specific subnet (74.66.0.0/23) mainly through Provider B, but will accessible via the remaining Providers if Provider B goes down.
[reddustee] config below is good try. will also need to do similar prepending for the 74.66.0.0/23 subnet in router A. I assume you have already checked that your 3 providers accept such prepending and will add them on to the AS-path (some providers will remove the prepends). You can try adjusting the number of prepends to see the effect on balance on incoming traffic. or if your providers accept /24 routes, try advertising 74.66.0.0 in two separate /24 subnets out to Provider B only, and continue to advertise /23 to the other two Providers.
route-map PEER_ISP_C_out permit 10
match ip address prefix-list ISP-C-TEST
set as-path prepend 10000 10000 10000