Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 743
  • Last Modified:

Problems with BGP - need optimization

Hi,

I have just inherited some BGP configuration and the current configuration seems inefficient. We have a hosting facility with 3 providers (A - 30MB, B -10MB, C -30MB). We have 2 Core routers that are interconnected to each other.

Core A has BGP peering with Provider A.
Core B has BGP peering with Provider B and C.

Both core routers have redundant links to downstream Cisco switches running OSPF for redistribution of the WAN IP blocks into individual VLAN/servers.

I have attached the two configs from each Core router, and we have used AS10000 (hypothetically) as our ASN.

-------------------------- CORE ROUTER A --------------------------
router bgp 10000
 bgp router-id 60.60.60.1
 bgp log-neighbor-changes
 network 65.80.31.0/24
 aggregate-address 74.66.0.0/23 summary-only
 aggregate-address 206.85.20.0/24 summary-only
 aggregate-address 200.78.145.0/24 summary-only
 redistribute kernel route-map KERNEL-IN
 redistribute ospf route-map local-to-bgp
 neighbor 60.60.60.2 remote-as 19094
 neighbor 60.60.60.2 description ISP A - 30MB
 neighbor 60.60.60.2 soft-reconfiguration inbound
 neighbor 60.60.60.2 route-map PEER_ISP_A_in in
 neighbor 60.60.60.2 route-map PEER_ISP_A_out out
 neighbor 50.50.50.2 remote-as 10000
 neighbor 50.50.50.2 description Connection to Core Router B
 neighbor 50.50.50.2 next-hop-self
 neighbor 50.50.50.2 soft-reconfiguration inbound
!
!
ip prefix-list KERNEL-IN seq 5 permit 65.80.31.0/24
ip prefix-list KERNEL-IN seq 10 permit 0.0.0.0/0
ip prefix-list KERNEL-IN seq 15 deny any
ip prefix-list local-to-bgp description Do not allow this router's local IPs into BGP, mess-up aggregation
ip prefix-list local-to-bgp seq 5 deny 200.78.145.28/30
ip prefix-list local-to-bgp seq 10 deny 200.78.145.32/30
ip prefix-list local-to-bgp seq 15 permit 74.66.0.0/23 le 32
ip prefix-list local-to-bgp seq 20 permit 206.85.20.0/24 le 32
ip prefix-list local-to-bgp seq 25 permit 200.78.145.0/24 le 32
ip prefix-list local-to-bgp seq 30 permit 65.80.31.0/24
ip prefix-list local-to-bgp seq 99 deny any
ip prefix-list pl_peer_1_out seq 5 permit 200.78.145.0/24
ip prefix-list pl_peer_1_out seq 10 permit 65.80.31.0/24
ip prefix-list pl_peer_1_out seq 15 permit 206.85.20.0/24
ip prefix-list pl_peer_1_out seq 20 permit 74.66.0.0/23


route-map PEER_ISP_A_out permit 5
 match ip address prefix-list pl_peer_1_out
!
route-map KERNEL-IN permit 10
 match ip address prefix-list KERNEL-IN
!
route-map PEER_ISP_A_in permit 10
 set as-path prepend 19094
!
-------------------------- CORE ROUTER B --------------------------
router bgp 10000
 bgp router-id 70.70.70.1
 bgp log-neighbor-changes
 network 72.159.110.0/28
 aggregate-address 74.66.0.0/23 summary-only
 aggregate-address 206.85.20.0/24 summary-only
 aggregate-address 200.78.145.0/24 summary-only
 redistribute ospf route-map local-to-bgp
 neighbor 70.70.70.2 remote-as 7893
 neighbor 70.70.70.2 description ISP B - 10MB
 neighbor 70.70.70.2 soft-reconfiguration inbound
 neighbor 70.70.70.2 route-map PEER_ISP_B_in in
 neighbor 70.70.70.2 route-map PEER_ISP_B_out out
 neighbor 80.80.80.2 remote-as 23126
 neighbor 80.80.80.2 description ISP C - 30 MB
 neighbor 80.80.80.2 soft-reconfiguration inbound
 neighbor 80.80.80.2 route-map PEER_ISP_C_out out
 neighbor 50.50.50.1 remote-as 10000
 neighbor 50.50.50.1 description Connection to Core Router A
 neighbor 50.50.50.1 next-hop-self
 neighbor 50.50.50.1 soft-reconfiguration inbound



ip prefix-list ISP-C-TEST seq 10 permit 74.66.0.0/23 le 24
ip prefix-list ISP-C-TEST seq 99 deny any
ip prefix-list local-to-bgp description Do not allow this router's local IPs into BGP, mess-up aggregation
ip prefix-list local-to-bgp seq 5 deny 200.78.145.36/30
ip prefix-list local-to-bgp seq 10 deny 200.78.145.40/30
ip prefix-list local-to-bgp seq 15 permit 74.66.0.0/23 le 32
ip prefix-list local-to-bgp seq 20 permit 206.85.20.0/24 le 32
ip prefix-list local-to-bgp seq 25 permit 200.78.145.0/24 le 32
ip prefix-list local-to-bgp seq 30 permit 65.80.31.0/24
ip prefix-list local-to-bgp seq 99 deny any
ip prefix-list pl_peer_1_out seq 5 permit 200.78.145.0/24
ip prefix-list pl_peer_1_out seq 10 permit 65.80.31.0/24
ip prefix-list pl_peer_1_out seq 15 permit 206.85.20.0/24
ip prefix-list pl_peer_1_out seq 20 permit 74.66.0.0/23
!
ip as-path access-list ISP_B_Paths permit _1239$
ip as-path access-list ISP_B_Paths permit _11530$
ip as-path access-list ISP_B_Paths permit 7893_6389_7018_1239_[0-9]*$
ip as-path access-list ISP_B_Paths permit _7018$
!

route-map PEER_ISP_B_out permit 5
 match ip address prefix-list pl_peer_1_out
 set as-path prepend 10000
!
route-map PEER_ISP_C_out permit 10
 match ip address prefix-list ISP-C-TEST
 set as-path prepend 10000 10000 10000
!
route-map PEER_ISP_B_in permit 5
 match as-path ISP_B_Paths
 set local-preference 110
!
route-map PEER_ISP_B_in permit 10
 set local-preference 100
!
------------------------------------------------------------------------


The problem I am facing is that I am having difficulty selecting specific providers for outbound traffic. The current configuration seems to favor all traffic going out through PROVIDER A. I need to know how to force bulk (if not all) outbound traffic through PROVIDER B and possibly load balance outbound traffic is possible. If Provider B goes down, then Provider A will keep up the slack, etc. I also would like to know how I can make incoming traffic to a specific subnet (74.66.0.0/23) mainly through Provider B, but will accessible via the remaining Providers if Provider B goes down.

Out of the 4 subnets we have, 3 of them are from Provider A, and one of them (206.85.20.0/24) is from Provider B. For Provider C, we do not have any assigned IP space and they are just accepting routes from us.

I'd appreciate if someone can revamp my config into a more efficient, simple config that will accomplish the objectives stated above. I am open to a full/fresh configuration if necessary. Thanks and let me know if you have any questions.

I am open to a full reconfiguration of the routers in order to optimize the BGP routes.
0
verssa
Asked:
verssa
  • 2
1 Solution
 
ReddusteeCommented:

i'm not going to try to rewrite your whole config, but here's some comments:

1) this code below is not needed - just adds extra processing. default local preference is already 100
route-map PEER_ISP_B_in permit 10
 set local-preference 100
2) are you receiving full routes from each of the 3 providers? any reason why you've only selected these as paths for preferred routes going out of provider B link? if you want all traffic to exit to provider B, then you should just set local pref 110 for all incoming routes, and not select specific ones.
ip as-path access-list ISP_B_Paths permit _1239$
ip as-path access-list ISP_B_Paths permit _11530$
ip as-path access-list ISP_B_Paths permit 7893_6389_7018_1239_[0-9]*$
ip as-path access-list ISP_B_Paths permit _7018$
 
3) this config below may not have very much effect. it's not usual practice to prepend on an route-map in. usually prepend only for advertisements out of the AS.
route-map PEER_ISP_A_in permit 10
 set as-path prepend 19094
!

4) >>make incoming traffic to a specific subnet (74.66.0.0/23) mainly through Provider B, but will accessible via the remaining Providers if Provider B goes down.
[reddustee] config below is good try. will also need to do similar prepending for the 74.66.0.0/23 subnet in router A. I assume you have already checked that your 3 providers accept such prepending and will add them on to the AS-path (some providers will remove the prepends). You can try adjusting the number of prepends to see the effect on balance on incoming traffic. or if your providers accept /24 routes, try advertising 74.66.0.0 in two separate /24 subnets out to Provider B only, and continue to advertise /23 to the other two Providers.
route-map PEER_ISP_C_out permit 10
 match ip address prefix-list ISP-C-TEST
 set as-path prepend 10000 10000 10000
 
0
 
verssaAuthor Commented:
Hi Reddustee,

Thanks for the comments. Yes, we are receiving full routes from each providers. For 2), as far as the ISP_B_Paths as-path access-list is concerned, I am kinda confused myself as to why it was there originally (I kinda inherited the configuration just days ago). Thanks for your answer in 3). For 4) I will check with the providers to see whether they will accept the prependings.

How do we go on load balancing outbound traffic with preference to a specific provider?
0
 
ReddusteeCommented:

I suppose trying to control / load-balance outbound traffic was what your predecessor was attempting when he used these as-path access-list.
ip as-path access-list ISP_B_Paths permit _1239$
ip as-path access-list ISP_B_Paths permit _11530$
ip as-path access-list ISP_B_Paths permit 7893_6389_7018_1239_[0-9]*$
ip as-path access-list ISP_B_Paths permit _7018$
 
I'm sorry to say that I've not attempted this myself, but I have heard from one who has done it before (but more of balancing inbound traffic rather than outbound traffic) that it's a tedious process that needs constant review and adjustment (with changes to your user's patterns), and involves some of these activities:
a. reviewing current traffic profile (see where the traffic is heading to/from)
b. adjusting your bgp access list to include or exclude certain groups of traffic in the higher pref setting
Perhaps others can also give some advice?
0

Featured Post

[Video] Create a Disruption-Free Workspace

Open offices have their challenges. And Sometimes, it's even hard to work at work. It's time to reclaim your office and create a disruption-free workspace. With the MB 660, you can:

-Increase Concentration
-Improve well-being
-Boost Productivity

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now