Solved

BGP route

Posted on 2014-04-09
7
280 Views
Last Modified: 2014-04-14
Hello folks,
    I have a eBGP linux box (using quagga) and I experience the following issue:
traffic to/from external network  x.y.z.0/24  is slow through one of the two BGP peers that I have (call it B1), and which seems to be the default in x.y.z's network route table.
    No problem I said, I will push a route rule "by hand", so that traffic with said class should be handled by my other bgp peer (B2). However, the problem persists, because even though I send packets to x.y.z.0/24 using B2 , the response comes through B1, thus laggy.
    Putting peer B1 in shutdown will force x.y.z. network to talk to me through B2 and all is fine, but this is obviously no solution.
    Any ideas?
0
Comment
Question by:kronostm
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 28

Expert Comment

by:mikebernhardt
Comment Utility
It sounds like you want to set B2 as the better path from the internet to your network in order to avoid B1. To do that correctly, you have to do an AS prepend on the route your are sending out through the B1 router. the longer AS path will make it less desirable. So whereas (assuming your AS is 65001) your AS path via B2 would look like this:
65001 ?
The one via B1 would look like this
65001 65001 65001 ?

the AS path is simply a string. You'll have to look at your documentation to see how to add "65001 65001" to the path sent by your B1 router.
0
 
LVL 17

Expert Comment

by:pergr
Comment Utility
I assume what you did was to set the local preference on the route that you RECEIVED. That affects your outgoing traffic.

If you want to affect your incoming traffic too, you must also do something with the routes you ADVERTISE. As mentioned that could be to add prepends. Keep in mind that this is prepends on routes to your networks, and so affects traffic from the whole internet, and not only from that /24.

There may be other ways than prepends, such as using specific communities published by that networks between you, or you may talk to the admin of that /24 and have them stear the traffic just as you have done.
0
 
LVL 14

Author Comment

by:kronostm
Comment Utility
Mike, pergr, thank you for your answers.
Contacting the admin of that particular network is not an option as we are talking about a big organisation ( /24 was used as an example, the network is much bigger and pretty important, they would never lift a finger to my requests).
Using prepend will alter all my international routes, not just the one I am targeting, thing that I cannot do.

I'm afraid there might be no solution to my problem, but I'll leave this topic open for a few more days .... hope dies last.

kind regards
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 17

Accepted Solution

by:
pergr earned 400 total points
Comment Utility
If it is a very large organisation, perhaps you can find a Looking Glass, where you can see their BGP routes.

http://www.traceroute.org/#Looking%20Glass

You can there see what AS numbers they have in their path to you.


Next you can check with your uplinks, or some networks on that path toward the large organisation, and see if they accept communities that will add prepends, like for example:

http://www.onesc.net/communities/as3356/

Perhaps even that "large organisation" also accepts communities that will be translated to prepends.

You would then add these communities when advertising to your B1 uplinks - instead of prepends. It means the prepends will be added closer to the "/24", and not affect all your traffic.
0
 
LVL 28

Assisted Solution

by:mikebernhardt
mikebernhardt earned 100 total points
Comment Utility
I missed that it was only that net which you wanted through B2.

Are both of your uplinks to the same ISP, or to different ISPs? If it's the same ISP then you may be able work with them to create a local pref policy that prefers to forward traffic from just that network to B2. Otherwise, you are probably out of luck.
0
 
LVL 26

Expert Comment

by:skullnobrains
Comment Utility
simple answer is you can't

longer answer would require tricks. for example, if you have or can manage to have an extra wan address specific to the second link, you could NAT your outgoing traffic to that network. this should be acceptable if you are not an ISP.
0
 
LVL 14

Author Comment

by:kronostm
Comment Utility
It looks like there is no simple solution though some workarounds might work. In current setup I am unable to use that workarounds, however I will accept pergr's answer regarding communities as solution, cause it looks like the closest thing to an answer to an impossible question. I will also award some points to mike.

many thanks
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Join & Write a Comment

This article is in response to a question (http://www.experts-exchange.com/Networking/Network_Management/Network_Analysis/Q_28230497.html) here at Experts Exchange. The Original Poster (OP) requires a utility that will accept a list of IP addresses …
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now