Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 291
  • Last Modified:

BGP route

Hello folks,
    I have a eBGP linux box (using quagga) and I experience the following issue:
traffic to/from external network  x.y.z.0/24  is slow through one of the two BGP peers that I have (call it B1), and which seems to be the default in x.y.z's network route table.
    No problem I said, I will push a route rule "by hand", so that traffic with said class should be handled by my other bgp peer (B2). However, the problem persists, because even though I send packets to x.y.z.0/24 using B2 , the response comes through B1, thus laggy.
    Putting peer B1 in shutdown will force x.y.z. network to talk to me through B2 and all is fine, but this is obviously no solution.
    Any ideas?
0
kronostm
Asked:
kronostm
  • 2
  • 2
  • 2
  • +1
2 Solutions
 
mikebernhardtCommented:
It sounds like you want to set B2 as the better path from the internet to your network in order to avoid B1. To do that correctly, you have to do an AS prepend on the route your are sending out through the B1 router. the longer AS path will make it less desirable. So whereas (assuming your AS is 65001) your AS path via B2 would look like this:
65001 ?
The one via B1 would look like this
65001 65001 65001 ?

the AS path is simply a string. You'll have to look at your documentation to see how to add "65001 65001" to the path sent by your B1 router.
0
 
pergrCommented:
I assume what you did was to set the local preference on the route that you RECEIVED. That affects your outgoing traffic.

If you want to affect your incoming traffic too, you must also do something with the routes you ADVERTISE. As mentioned that could be to add prepends. Keep in mind that this is prepends on routes to your networks, and so affects traffic from the whole internet, and not only from that /24.

There may be other ways than prepends, such as using specific communities published by that networks between you, or you may talk to the admin of that /24 and have them stear the traffic just as you have done.
0
 
kronostmAuthor Commented:
Mike, pergr, thank you for your answers.
Contacting the admin of that particular network is not an option as we are talking about a big organisation ( /24 was used as an example, the network is much bigger and pretty important, they would never lift a finger to my requests).
Using prepend will alter all my international routes, not just the one I am targeting, thing that I cannot do.

I'm afraid there might be no solution to my problem, but I'll leave this topic open for a few more days .... hope dies last.

kind regards
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
pergrCommented:
If it is a very large organisation, perhaps you can find a Looking Glass, where you can see their BGP routes.

http://www.traceroute.org/#Looking%20Glass

You can there see what AS numbers they have in their path to you.


Next you can check with your uplinks, or some networks on that path toward the large organisation, and see if they accept communities that will add prepends, like for example:

http://www.onesc.net/communities/as3356/

Perhaps even that "large organisation" also accepts communities that will be translated to prepends.

You would then add these communities when advertising to your B1 uplinks - instead of prepends. It means the prepends will be added closer to the "/24", and not affect all your traffic.
0
 
mikebernhardtCommented:
I missed that it was only that net which you wanted through B2.

Are both of your uplinks to the same ISP, or to different ISPs? If it's the same ISP then you may be able work with them to create a local pref policy that prefers to forward traffic from just that network to B2. Otherwise, you are probably out of luck.
0
 
skullnobrainsCommented:
simple answer is you can't

longer answer would require tricks. for example, if you have or can manage to have an extra wan address specific to the second link, you could NAT your outgoing traffic to that network. this should be acceptable if you are not an ISP.
0
 
kronostmAuthor Commented:
It looks like there is no simple solution though some workarounds might work. In current setup I am unable to use that workarounds, however I will accept pergr's answer regarding communities as solution, cause it looks like the closest thing to an answer to an impossible question. I will also award some points to mike.

many thanks
0

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

  • 2
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now