1

I have the following config and understand what's happening pretty well with everything except the routes I'm advertising. In other words it's INBOUND traffic I have a question about. What I 'want' to happen is for all traffic to be routed to me through Qwest (AS209), and switch to Sprint (AS1239) ONLY if Qwest goes down.

The 'permit ^$' let's me advertise routes that originate within my AS. So what exactly is THAT route? How am I telling the world to route to me through Qwest?

Here is my config... THANKS!

router bgp 00000
 network 65.170.190.0 mask 255.255.255.0
 neighbor 160.81.69.97 remote-as 1239    !This is Sprint
 neighbor 160.81.69.97 filter-list 3 in  
 neighbor 160.81.69.97 filter-list 4 out
 neighbor 65.118.70.1 remote-as 209   !This is Qwest
 neighbor 65.118.70.1 filter-list 3 in
 neighbor 65.118.70.1 filter-list 4 out 

ip as-path access-list 3 deny .*
ip as-path access-list 4 permit ^$
ip as-path access-list 4 deny .*

ip route 0.0.0.0 0.0.0.0 FastEthernet3/0 !This sets Qwest as default
ip route 0.0.0.0 0.0.0.0 Serial0/0 10   !This sets Sprint as a backup only
Domino
  • 13
  • 2
  • I wanted to thank both you guys for your answers, the prepending was the right thing, and that is what Cisco ended up saying to do also, I gave Joris credit for the correct answer only because he was first, Jason you raised some very good points and I appreciate it. Thanks again! – Domino Apr 08 '11 at 13:05

3 Answers3

3

I'm not sure I'm following your entire question, but I'll make some notes about a few things:

1) You're denying all inbound routes from your ISP and manually setting a default. This is quite bad. What happens if something upstream in the Qwest network (your primary route) becomes unavailable? You never switch over to Sprint unless FA3/0 physically goes down. There are plenty of failure scenarios where you'd want to fail traffic over to Sprint that don't involve FA3/0 going down. Is your router capable of handling a full internet BGP table? If not you can request that the providers simply originate default routes towards you which is a much better idea than the floating static you are currently using - then you can assign local preference in BGP to prefer Qwest outbound so long as your router is still receiving a default route (or a full table). Not perfect but pretty good for the most part.

2) The route that originates in your own AS is defined in part by your network statement - you're advertising 65.170.190.0/24. If there are other routes learned by iBGP you will advertise those as well - based on your configuration I'm guessing this is your only iBGP router however.

3) You're advertising your 65.170.190.0/24 route equally costed to both Sprint and Qwest. You could prepend your own ASN a few times to Sprint to make it less preferable; though its hard to control exactly what happens deeper within the internet and the peering relationship between Sprint and Qwest. I guess the root of the question is this - why do you want all your inbound traffic to come via Qwest? I'm guessing based on your configuration that you have higher bandwidth to Qwest. In that case I think you're reasonable to prepend your own ASN a few times on your Sprint link which should work for the most part.

Jason Seemann
  • 1,120
  • 6
  • 9
2

What I 'want' to happen is for all traffic to be routed to me through Qwest (AS209), and switch to Sprint (AS1239) ONLY if Qwest goes down.

This is not a good idea. Not all providers will carry all routes (pretty slim, but still).

The classic solution is to keep advertising over both uplinks, but prepend our own asn multiple times over the least desirable uplink. This will cause very long paths and allmost all traffic will choose the desired uplink. Iirc renesys suggested 3 times is enough.

Also, you may (or may not) want to attract sprint's direct network via sprint.

Joris
  • 5,939
  • 1
  • 15
  • 13
0

Not sure about your config tbh. First question, does Qwest and Sprint both advertise a default route to you? If not, just ask them to do so. Having the static default routes is messy when you run BGP, you'd need to configure IP SLA trackers on the "primary" default route and add the second default route with a higher metric so it's only used when the SLA tracker fails.

If you prepend the remote-as a couple of times to the least preferred ISP it's routes will only be used if the "primary" fails. Also if you accept default route and only want one ISP unless it's down there isn't much use to take more than the default route.

router bgp 65010
 no synchronization
 bgp router-id 1.1.1.1
 bgp log-neighbor-changes
 bgp maxas-limit 40
 neighbor 67.x.x.77 remote-as 710
 neighbor 67.x.x.77 route-map ISP1-ACCEPT-AS-ONLY in
 neighbor 67.x.x.77 route-map ISP1-TO-INTERNET out
 neighbor 61.x.x.71 remote-as 720
 neighbor 61.x.x.71 route-map ISP2-ACCEPT-AS-ONLY in
 neighbor 61.x.x.71 route-map ISP2-TO-INTERNET out
 no auto-summary
!
! Accesslist with the networks you want to advertise to upstream.
!
ip access-list standard ROUTES-TO-INTERNET
 permit 25.25.0.0 0.0.255.255
!
ip as-path access-list 80 permit ^710$
ip as-path access-list 90 permit ^720$
!
route-map ISP1-AS-ONLY permit 10
 match as-path 80
 set as-path prepend 710 710
!
route-map ISP2-AS-ONLY permit 10
 match as-path 90
!
route-map ISP1-TO-INTERNET permit 10
 match ip address ROUTES-TO-INTERNET
 set as-path prepend 65010 65010
!
route-map ISP2-TO-INTERNET permit 10
 match ip address ROUTES-TO-INTERNET
!

In a sense this does go against the principles of BGP. If you have enough router CPU and memory, taking full routes will give you better performance.

HampusLi
  • 3,398
  • 15
  • 14