Solved

BGP Question on ISP exclusion for a route

Posted on 2010-11-29
25
468 Views
Last Modified: 2012-05-10
We want to exclude an ISP and want the traffic to choose the second ISP for route to corp HQ because of the latency reasons. Rest of the stuff we want to remain same. How can I do that with BGP?
0
Comment
Question by:totaram
  • 12
  • 11
  • 2
25 Comments
 
LVL 61

Expert Comment

by:gheist
ID: 34238232
add metric
0
 
LVL 17

Expert Comment

by:rochey2009
ID: 34239004
Hi,

Are you running iBGP or are you redistributing into an IGP onto your internal network?
0
 

Author Comment

by:totaram
ID: 34239329
Just running BGP, with ISPs getting the traffic out,,, no reditribution
0
 
LVL 61

Expert Comment

by:gheist
ID: 34239405
you also get traffic in and it might come from the unpreferred peer.
setting small weight of route will ensure it gets less traffic TO the peer.
0
 
LVL 17

Expert Comment

by:rochey2009
ID: 34239434
Just a single router connected to two ISPs?
0
 

Author Comment

by:totaram
ID: 34239755
Yes, single router connected to two ISPs..

We are not much concerned about the incoming traffic, only outbound, that too to only one location and specific IP address prefix.

Speaking of prfix, can one use prepend as in the following:
 'neighbor aa.bb.cc.dd prefix-list Outbound out prepend <asn_num>'
0
 
LVL 17

Expert Comment

by:rochey2009
ID: 34240046
no I don't think so, you need to set a route-map to do AS prepending, but you don't need that in this case because you'd do that to influence which ISP inbound traffic would take. For outbound traffic you can use a bgp inbound route-map to set the weight of the preferred route to HQ.

please can you post your BGP configuration
0
 

Author Comment

by:totaram
ID: 34259941
Could you provide a example on how to set weight for the preferred route? IDo you mean the community string for the route-map?
0
 
LVL 17

Expert Comment

by:rochey2009
ID: 34260728
example

router bgp 65000
 neighbor 192.168.0.1 remote-as 65001
 neighbor 192.168.0.1 route-map PREF_ROUTES in

// for routes via ASN 65001
ip as-path access-list 1 permit _65001_

// put the routes which your prefer to use AS 65001 in a prefix list
ip prefix-list PREF_ROUTE seq 5 permit 10.0.0.0/8

// the routes must match 10.0.0.0/8 and they must be though AS 65001
route-map PREF_ROUTES permit 10
 match ip address prefix-list PREF_ROUTES
 match as-path 1
 set weight 100
!
// let other routes through unchanged (without this other routes will be filtered)
route-map PREF_ROUTES permit 20

the default weight is 0 and the route with highest weight will be considered best
0
 
LVL 17

Accepted Solution

by:
rochey2009 earned 250 total points
ID: 34260822
Sorry, I made an error in my previous post, you don't need the ip as-path since the configuration is specific to a the neighbor that you want to set the weight. I've removed the parts that were in error.

example

router bgp 65000
 neighbor 192.168.0.1 remote-as 65001
 neighbor 192.168.0.1 route-map PREF_ROUTES in

// put the routes which your prefer to use AS 65001 in a prefix list
ip prefix-list PREF_ROUTE seq 5 permit 10.0.0.0/8

// the routes must match 10.0.0.0/8
route-map PREF_ROUTES permit 10
 match ip address prefix-list PREF_ROUTES
 set weight 100
!
// let other routes through unchanged (without this other routes will be filtered)
route-map PREF_ROUTES permit 20

the default weight is 0 and the route with highest weight will be considered best
0
 

Author Comment

by:totaram
ID: 34262157
Should it not be PREF_ROUTE instead of PREF_ROUTES in the following stmt:

match ip address prefix-list PREF_ROUTES
0
 
LVL 17

Expert Comment

by:rochey2009
ID: 34262250
sorry, yes it should be.
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 

Author Comment

by:totaram
ID: 34267921
Couple of more doubts Rocckey2009,

1. How is your scheme better than prepending the undesirable route?

2. You made use of weights, how is it different from setting commuity string in the route-map? Can one use both community-string and weight??
0
 
LVL 17

Expert Comment

by:rochey2009
ID: 34268036
Which location are you intending to make the change - HQ or a remote site?
0
 

Author Comment

by:totaram
ID: 34269122
Remote site.. coming in HQ
0
 
LVL 17

Expert Comment

by:rochey2009
ID: 34269600
The remote site is receiving a route for HQ from two BGP peers, one peer to ISP A and the other to ISP B. You want to route towards HQ via ISP B for example just for the HQ network. On the remote router you set the weight for ISP B to a higher value than ISP A (default weight is 0 so no need to set it for this peer) for the HQ route. Weight is the first BGP attribute that gets checked. I've tested this in a lab and this works. Have I understood your requirements?
0
 

Author Comment

by:totaram
ID: 34269888
Yes.. it is the exact scenario.... ISP A B provide the redundance
0
 
LVL 17

Expert Comment

by:rochey2009
ID: 34270127
as path prepending would be used if we were originating a prefix to both ISPs and we wanted to make the prefix undesirable by giving it a longer path. We're not doing that in this case. We're modify prefixes received.

You don't have any other routers running BGP so setting the weight will achieve your goals.
0
 

Author Comment

by:totaram
ID: 34272150
Roochy2002;

If we have something like following in the config at remote, would it not delay 3 AS-Distance in comcast route, the ISP B (preferred) would go normal:

route-map Comcast_route permit 10
 match ip address prefix-list Comcast_outbound
set as-path prepend 29710 29710 29710

router bgp 29710
neighbor comcast_peer_ip_addr route-map Comcast_route out
0
 
LVL 17

Expert Comment

by:rochey2009
ID: 34273629
Which prefix is defined in the Comcast_outbound prefix-list?
0
 

Author Comment

by:totaram
ID: 34276269
The prefix that originates from the remote site, it is prefixed for both preferred and non-preferred paths but with route-map comcast_outbound, it has been made unpreferred.
0
 

Author Comment

by:totaram
ID: 34276272
The same prifix for both the ISP...
0
 
LVL 17

Expert Comment

by:rochey2009
ID: 34277469
Which site does the prefix belong to?
0
 

Author Comment

by:totaram
ID: 34277688
remote... when we are advertising from remote, it can only advt its prefixes.
0
 
LVL 17

Expert Comment

by:rochey2009
ID: 34278145
Ok but I thought you were only interested in changing the route for HQ and not the route into remote. In that case the AS-PATH prepending should do the trick.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Wireless WAP School 4 54
RIP Routing 5 47
NSD FAIL 2 22
EIGRP Configuration 2 14
Hello , This is a short article on how would you go about enabling traceoptions on a Juniper router . Traceoptions are similar to Cisco debug commands but these traceoptions are implemented in Juniper networks router . The following demonstr…
The article explains the protocols and technology which is involved when two computers on different TCP/IP networks communicate with each other. In the diagram, a router is used to segregate two networks. The networks are 192.168.1.0/24 and 192…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now