Solved

Problems with BGP - need optimization

Posted on 2009-04-01
3
731 Views
Last Modified: 2013-12-29
Hi,

I have just inherited some BGP configuration and the current configuration seems inefficient. We have a hosting facility with 3 providers (A - 30MB, B -10MB, C -30MB). We have 2 Core routers that are interconnected to each other.

Core A has BGP peering with Provider A.
Core B has BGP peering with Provider B and C.

Both core routers have redundant links to downstream Cisco switches running OSPF for redistribution of the WAN IP blocks into individual VLAN/servers.

I have attached the two configs from each Core router, and we have used AS10000 (hypothetically) as our ASN.

-------------------------- CORE ROUTER A --------------------------
router bgp 10000
 bgp router-id 60.60.60.1
 bgp log-neighbor-changes
 network 65.80.31.0/24
 aggregate-address 74.66.0.0/23 summary-only
 aggregate-address 206.85.20.0/24 summary-only
 aggregate-address 200.78.145.0/24 summary-only
 redistribute kernel route-map KERNEL-IN
 redistribute ospf route-map local-to-bgp
 neighbor 60.60.60.2 remote-as 19094
 neighbor 60.60.60.2 description ISP A - 30MB
 neighbor 60.60.60.2 soft-reconfiguration inbound
 neighbor 60.60.60.2 route-map PEER_ISP_A_in in
 neighbor 60.60.60.2 route-map PEER_ISP_A_out out
 neighbor 50.50.50.2 remote-as 10000
 neighbor 50.50.50.2 description Connection to Core Router B
 neighbor 50.50.50.2 next-hop-self
 neighbor 50.50.50.2 soft-reconfiguration inbound
!
!
ip prefix-list KERNEL-IN seq 5 permit 65.80.31.0/24
ip prefix-list KERNEL-IN seq 10 permit 0.0.0.0/0
ip prefix-list KERNEL-IN seq 15 deny any
ip prefix-list local-to-bgp description Do not allow this router's local IPs into BGP, mess-up aggregation
ip prefix-list local-to-bgp seq 5 deny 200.78.145.28/30
ip prefix-list local-to-bgp seq 10 deny 200.78.145.32/30
ip prefix-list local-to-bgp seq 15 permit 74.66.0.0/23 le 32
ip prefix-list local-to-bgp seq 20 permit 206.85.20.0/24 le 32
ip prefix-list local-to-bgp seq 25 permit 200.78.145.0/24 le 32
ip prefix-list local-to-bgp seq 30 permit 65.80.31.0/24
ip prefix-list local-to-bgp seq 99 deny any
ip prefix-list pl_peer_1_out seq 5 permit 200.78.145.0/24
ip prefix-list pl_peer_1_out seq 10 permit 65.80.31.0/24
ip prefix-list pl_peer_1_out seq 15 permit 206.85.20.0/24
ip prefix-list pl_peer_1_out seq 20 permit 74.66.0.0/23


route-map PEER_ISP_A_out permit 5
 match ip address prefix-list pl_peer_1_out
!
route-map KERNEL-IN permit 10
 match ip address prefix-list KERNEL-IN
!
route-map PEER_ISP_A_in permit 10
 set as-path prepend 19094
!
-------------------------- CORE ROUTER B --------------------------
router bgp 10000
 bgp router-id 70.70.70.1
 bgp log-neighbor-changes
 network 72.159.110.0/28
 aggregate-address 74.66.0.0/23 summary-only
 aggregate-address 206.85.20.0/24 summary-only
 aggregate-address 200.78.145.0/24 summary-only
 redistribute ospf route-map local-to-bgp
 neighbor 70.70.70.2 remote-as 7893
 neighbor 70.70.70.2 description ISP B - 10MB
 neighbor 70.70.70.2 soft-reconfiguration inbound
 neighbor 70.70.70.2 route-map PEER_ISP_B_in in
 neighbor 70.70.70.2 route-map PEER_ISP_B_out out
 neighbor 80.80.80.2 remote-as 23126
 neighbor 80.80.80.2 description ISP C - 30 MB
 neighbor 80.80.80.2 soft-reconfiguration inbound
 neighbor 80.80.80.2 route-map PEER_ISP_C_out out
 neighbor 50.50.50.1 remote-as 10000
 neighbor 50.50.50.1 description Connection to Core Router A
 neighbor 50.50.50.1 next-hop-self
 neighbor 50.50.50.1 soft-reconfiguration inbound



ip prefix-list ISP-C-TEST seq 10 permit 74.66.0.0/23 le 24
ip prefix-list ISP-C-TEST seq 99 deny any
ip prefix-list local-to-bgp description Do not allow this router's local IPs into BGP, mess-up aggregation
ip prefix-list local-to-bgp seq 5 deny 200.78.145.36/30
ip prefix-list local-to-bgp seq 10 deny 200.78.145.40/30
ip prefix-list local-to-bgp seq 15 permit 74.66.0.0/23 le 32
ip prefix-list local-to-bgp seq 20 permit 206.85.20.0/24 le 32
ip prefix-list local-to-bgp seq 25 permit 200.78.145.0/24 le 32
ip prefix-list local-to-bgp seq 30 permit 65.80.31.0/24
ip prefix-list local-to-bgp seq 99 deny any
ip prefix-list pl_peer_1_out seq 5 permit 200.78.145.0/24
ip prefix-list pl_peer_1_out seq 10 permit 65.80.31.0/24
ip prefix-list pl_peer_1_out seq 15 permit 206.85.20.0/24
ip prefix-list pl_peer_1_out seq 20 permit 74.66.0.0/23
!
ip as-path access-list ISP_B_Paths permit _1239$
ip as-path access-list ISP_B_Paths permit _11530$
ip as-path access-list ISP_B_Paths permit 7893_6389_7018_1239_[0-9]*$
ip as-path access-list ISP_B_Paths permit _7018$
!

route-map PEER_ISP_B_out permit 5
 match ip address prefix-list pl_peer_1_out
 set as-path prepend 10000
!
route-map PEER_ISP_C_out permit 10
 match ip address prefix-list ISP-C-TEST
 set as-path prepend 10000 10000 10000
!
route-map PEER_ISP_B_in permit 5
 match as-path ISP_B_Paths
 set local-preference 110
!
route-map PEER_ISP_B_in permit 10
 set local-preference 100
!
------------------------------------------------------------------------


The problem I am facing is that I am having difficulty selecting specific providers for outbound traffic. The current configuration seems to favor all traffic going out through PROVIDER A. I need to know how to force bulk (if not all) outbound traffic through PROVIDER B and possibly load balance outbound traffic is possible. If Provider B goes down, then Provider A will keep up the slack, etc. I also would like to know how I can make incoming traffic to a specific subnet (74.66.0.0/23) mainly through Provider B, but will accessible via the remaining Providers if Provider B goes down.

Out of the 4 subnets we have, 3 of them are from Provider A, and one of them (206.85.20.0/24) is from Provider B. For Provider C, we do not have any assigned IP space and they are just accepting routes from us.

I'd appreciate if someone can revamp my config into a more efficient, simple config that will accomplish the objectives stated above. I am open to a full/fresh configuration if necessary. Thanks and let me know if you have any questions.

I am open to a full reconfiguration of the routers in order to optimize the BGP routes.
0
Comment
Question by:verssa
  • 2
3 Comments
 
LVL 2

Expert Comment

by:Reddustee
Comment Utility

i'm not going to try to rewrite your whole config, but here's some comments:

1) this code below is not needed - just adds extra processing. default local preference is already 100
route-map PEER_ISP_B_in permit 10
 set local-preference 100
2) are you receiving full routes from each of the 3 providers? any reason why you've only selected these as paths for preferred routes going out of provider B link? if you want all traffic to exit to provider B, then you should just set local pref 110 for all incoming routes, and not select specific ones.
ip as-path access-list ISP_B_Paths permit _1239$
ip as-path access-list ISP_B_Paths permit _11530$
ip as-path access-list ISP_B_Paths permit 7893_6389_7018_1239_[0-9]*$
ip as-path access-list ISP_B_Paths permit _7018$
 
3) this config below may not have very much effect. it's not usual practice to prepend on an route-map in. usually prepend only for advertisements out of the AS.
route-map PEER_ISP_A_in permit 10
 set as-path prepend 19094
!

4) >>make incoming traffic to a specific subnet (74.66.0.0/23) mainly through Provider B, but will accessible via the remaining Providers if Provider B goes down.
[reddustee] config below is good try. will also need to do similar prepending for the 74.66.0.0/23 subnet in router A. I assume you have already checked that your 3 providers accept such prepending and will add them on to the AS-path (some providers will remove the prepends). You can try adjusting the number of prepends to see the effect on balance on incoming traffic. or if your providers accept /24 routes, try advertising 74.66.0.0 in two separate /24 subnets out to Provider B only, and continue to advertise /23 to the other two Providers.
route-map PEER_ISP_C_out permit 10
 match ip address prefix-list ISP-C-TEST
 set as-path prepend 10000 10000 10000
 
0
 

Author Comment

by:verssa
Comment Utility
Hi Reddustee,

Thanks for the comments. Yes, we are receiving full routes from each providers. For 2), as far as the ISP_B_Paths as-path access-list is concerned, I am kinda confused myself as to why it was there originally (I kinda inherited the configuration just days ago). Thanks for your answer in 3). For 4) I will check with the providers to see whether they will accept the prependings.

How do we go on load balancing outbound traffic with preference to a specific provider?
0
 
LVL 2

Accepted Solution

by:
Reddustee earned 500 total points
Comment Utility

I suppose trying to control / load-balance outbound traffic was what your predecessor was attempting when he used these as-path access-list.
ip as-path access-list ISP_B_Paths permit _1239$
ip as-path access-list ISP_B_Paths permit _11530$
ip as-path access-list ISP_B_Paths permit 7893_6389_7018_1239_[0-9]*$
ip as-path access-list ISP_B_Paths permit _7018$
 
I'm sorry to say that I've not attempted this myself, but I have heard from one who has done it before (but more of balancing inbound traffic rather than outbound traffic) that it's a tedious process that needs constant review and adjustment (with changes to your user's patterns), and involves some of these activities:
a. reviewing current traffic profile (see where the traffic is heading to/from)
b. adjusting your bgp access list to include or exclude certain groups of traffic in the higher pref setting
Perhaps others can also give some advice?
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Wifi(LAN) GW being picked up 2 34
Failover VDSL Modems 3 21
Communication with an active RFID 7 34
HSRP needed? 4 25
Let’s list some of the technologies that enable smooth teleworking. 
If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now