Solved

Move inbound traffic from one ISP to second ISP using BGP

Posted on 2011-03-09
13
499 Views
Last Modified: 2012-05-11
I have two isp's providing me connectivity. I need to get most to all of the inbound traffic to come in via only one ISP as the second ISP has me on a plan that limits my bandwidth. I only really want to use the second ISP when the first goes down.

I have used a prepend statement, but that has not made any measurable change.

One item of note is the ip addresses I am using and advertising via BGP are two /24's supplied by ISP #2.  Could that be causing part of my grief?  

What can I do to get the inbound traffic to come in via ISP #1

router bgp 999
 no synchronization
 bgp log-neighbor-changes
 bgp graceful-restart restart-time 120
 bgp graceful-restart stalepath-time 360
 bgp graceful-restart
 network 2.2.144.0
 network 2.2.145.0
 neighbor 1.1.218.53 remote-as 111
 neighbor 1.1.218.53 send-community
 neighbor 1.1.218.53 soft-reconfiguration inbound
 neighbor 1.1.218.53 route-map isp1-out out
 neighbor 2.2.138.17 remote-as 222
 neighbor 2.2.138.17 send-community
 neighbor 2.2.138.17 soft-reconfiguration inbound
 neighbor 2.2.138.17 route-map isp2-out out
 no auto-summary


route-map isp1-out permit 10
 match ip address prefix-list isp1-out
 set local-preference 120
!
route-map isp2-in permit 20
 match ip address prefix-list isp2-in
!
route-map isp1-in permit 10
 match ip address prefix-list isp1-in
!
route-map isp2-out permit 20
 match ip address prefix-list isp2-out
 set local-preference 110
 set as-path prepend 999 999 999 999 999

Open in new window

0
Comment
Question by:claytarget
  • 6
  • 5
  • 2
13 Comments
 
LVL 28

Expert Comment

by:Jan Springer
ID: 35085131
ISP2, if configured properly, should always prefer the customer connection over sending the data off-net.

It would be helpful to supply the /24s in question so that I could look at the routing table.
0
 

Author Comment

by:claytarget
ID: 35085833
jesper - I am not sure if I understood you correctly. We want the bulk of the traffic to go in and out of ISP 1. Currently we have all outbound traffic going through ISP1, but only 50% of the inbound traffic.

216.130.144.0
216.130.145.0
0
 
LVL 28

Expert Comment

by:Jan Springer
ID: 35086010
First of all, check with the ISP AS20382, they are announcing your routes (as if they originate from them).

Also, did you do a 'clear ip bgp IP_OF_ISP2' to apply the new route-map?
0
 

Author Comment

by:claytarget
ID: 35086469
'clear ip bgp IP_OF_ISP2' - just did that
0
 

Author Comment

by:claytarget
ID: 35086507
One more question - how did you determine AS20382 are announcing the routes?
0
 
LVL 28

Accepted Solution

by:
Jan Springer earned 500 total points
ID: 35086592
"sho ip bgp 216.130.144.0"

What is the output of "sho ip bgp <neighbor ip> adv" ?

Shows me who is originating that prefix.  The as-path prepend will never work while ISP2 is announcing the routes (at the /24 level) on your behalf.

So, you need to open a trouble ticket and ask them
  1) if they see your route advertisements
  2) if they will accept 216.130.144.0/23 from you (as an option)
  3) quit announcing those networks so that they originate from you
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 45

Expert Comment

by:Craig Beck
ID: 35086605
Can you use the bandwidth command on the interface that connects you to ISP2?
You could leave the interface on ISP1 at its default (100Mbps for example), and set the ISP2 interface to 20Mbps.

This would not limit the bandwidth to ISP2, just increase the routing metric.

Just a thought!

http://www.networkingblog.in/bgp-link-bandwidth-line-speed-question-2-10285
0
 
LVL 28

Expert Comment

by:Jan Springer
ID: 35086634
That question on line 2 should be the first line.  The third sentence clarifies the first.
0
 
LVL 28

Expert Comment

by:Jan Springer
ID: 35086678
Setting the bandwidth will not redistribute incoming traffic through ISP1.

The problem is that one of the providers is announcing the routes on his behalf.
0
 
LVL 45

Expert Comment

by:Craig Beck
ID: 35086713
Fair point - I read it wrong!
0
 

Author Comment

by:claytarget
ID: 35086849
jesper - I am waiting on ISP2 to confirm the three items you outlined above.

craigbeck - I dont think that will work (but we are going to try it) as I think jesper is right, as ISP2 is just announcing they have those networks and are ignoring all information we are advertising.
0
 

Author Comment

by:claytarget
ID: 35086925
Update: Just found out that this was working until some time in the recent past (days? weeks?) when ISP2 replaced a router. (great! now they tell me!)

Waiting on a phone call back from the engineers at ISP2.
0
 

Author Closing Comment

by:claytarget
ID: 35089246
ISP2 started fixed it so the announcements originated from me
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

In a WLAN, anything you broadcast over the air can be intercepted.  By default a wireless network is wide open to all until security is configured. Even when security is configured information can still be intercepted! It is very important that you …
Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now