Solved

BGP Prepend

Posted on 2010-09-22
6
1,327 Views
Last Modified: 2013-12-14
We have two WAN service providers and there is always some maintainance going on one or the other. During the time, I have to shutdown at neighbor peer to have no impact and then re-connect when the WAN connection to the provider comes up. I have heard that On router one can usually configure prepends to move both in and out traffic from one connection to another. Both in and out route-maps have to be configured for BGP peers to configure prepends.
0
Comment
Question by:totaram
  • 2
  • 2
  • 2
6 Comments
 
LVL 24

Expert Comment

by:rfc1180
ID: 33736045
>I have heard that On router one can usually configure prepends to move both in and out traffic from one connection to another. Both in and out route-maps have to be configured for BGP peers to configure prepends.

you would be advertising the prepends, so if you are advertising out a link that is having maintenance, there will be issues. It is always best practice to just shutdown the peer that is having maintenance.  

Billy
0
 

Author Comment

by:totaram
ID: 33737334
rfc1180;
Like always, it is a pleasure working w/ you.. well, when we have two WAN providers, and if one (say A) going thro' some maintainance... we are solely depending on other(say B).

So during maintainance, instead of shuting down the peer neighbor, if we can somehow present to BGP configuration, one stream (irrespective of two neighbors) under under 'router BGP <AS number>'. That (I think) is possible with prepends and henceforth we do not have to worry about the maintainance/sudden jerks/interruption with one of the providers.
0
 
LVL 24

Expert Comment

by:rfc1180
ID: 33739419
>So during maintainance, instead of shuting down the peer neighbor, if we can somehow present to BGP configuration, one stream (irrespective of two neighbors) under under 'router BGP <AS number>'. That (I think) is possible with prepends and henceforth we do not have to worry about the maintainance/sudden jerks/interruption with one of the providers.

>we are solely depending on other(say B).
This is the whole point of redundancy and is based on your business case;

If the maintenance window is intrusive, you can potentially run into is other service providers that have flap-dampening enabled, dampen routes received from your AS if BGP experience route flapping. This can cause routing issues, latency, and in some cases loss of connectivity.

I would highly recommend that any provider maintenance, you shutdown BGP with that peer; I would not have it any other way; if you are solely depending on provider B and can not afford to be down, sounds like you need to get another peer.

Billy
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 28

Expert Comment

by:mikebernhardt
ID: 33756803
AS Prepend is for inbound traffic, as it advertises a less-preferred path to your network. It lets you control which path to your network should be the primary one. It has no impact on outbound traffic FROM your network.

If your provider does scheduled maintenance then the best thing is to just shut down the link while they're doing it. If you have an unscheduled outage, then the other provider should take over automatically whether or not you are using AS-prepend.
0
 

Author Comment

by:totaram
ID: 33759014
OK... thanks for your posting.. So, with AS prepend I can choose the primary WAN provider... Can you please give a sample example of how you would do that, I run into the issue all the time, One pipe we have is bigger and better than second and would like that to be the primary, as opposed to the BGP algorithm (load sharing) to decide which circuit to take.
0
 
LVL 28

Accepted Solution

by:
mikebernhardt earned 125 total points
ID: 33771553
BGP does NOT do load sharing. It picks one best path even if 2 are equal, unless you use the max-paths command in your bgp configuration.

Also as I said, AS prepend only helps control the path of inbound traffic (due to how you advertise your routes). To control the path of outbound traffic you have other options, some of which can probably be done in coordination with your ISPs (by managing the routes you receive). As I don't know your exact topology it's hard to tell you what to do. The easiest way is you use local preference.


An example of using AS prepend for outbound routes and local pref for inbound routes:
router bgp 65000
 neighbor 4.5.6.7 remote-as 65500
 neighbor 4.5.6.7 route-map as-add out
 neighbor 4.5.6.7 route-map set-pref in

access-list 10 permit any

route-map as-add permit 10
 match ip 10
 set as-path prepend 65000 65000 65000

route-map set-pref permit 10
 match ip 10
 set local-preference 90

Route map "as-path" will add "65000 65000 65000" to all routes sent to AS 65500. this makes the path longer so that it will be less preferred. You would do this to the backup ISP.

Route map "set-pref" will set the local preference to 90 for routes coming in from the backup ISP. Since the default local pref is 100, this will make routes coming from the backup ISP less preferred (higher pref is better).
 
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
jump server vs push server 6 94
What is UDP port 389 used for? 5 62
IS my DSL Speed good enough? 9 89
Network Config 9 58
SSL is a very common protocol used these days when browsing the web.  The purpose is to provide security to communication, but how does it do it?  There are several pieces at work that have to be setup before SSL will even work and it requires both …
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now