Inbound traffic control with BGP prepending
Border Gateway Protocol has a rich set of attributes and combines them with built in algorithm to detect and install the best path to a certain NLRI. I will explain in further blogs how BGP uses the Best Path Selection algorithm to install the best path into to the table. In this particular scenario the tiebraker is the shortest AS Path. When a router sees a route with two BGP AS paths it will install the route with the shortest one in the table. This BGP feature can be used to influence how traffic flows into the Autonomous system.
I have created a small scenario with 3 eBGP speaking routers. The customer is multi-homing two links towards the ISP cloud, and we will manipulate how the inbound traffic will flow (which links will be used).
Every eBGP router will be configured to advertise the loopback IP address via BGP. After the initial configs we will look at the BGP table of the ISPs and the Customer router.
CUSTOMER
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface Serial0/0
ip address 192.168.1.1 255.255.255.252
serial restart-delay 0
!
interface Ethernet1/0
ip address 172.16.1.1 255.255.255.252
half-duplex
!
router bgp 100
no synchronization
bgp router-id 1.1.1.1
bgp log-neighbor-changes
network 1.1.1.1 mask 255.255.255.255
neighbor 172.16.1.2 remote-as 300
neighbor 192.168.1.2 remote-as 200
no auto-summary
ISP1
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface Serial0/0
ip address 192.168.1.2 255.255.255.252
serial restart-delay 0
!
interface Ethernet1/0
ip address 10.0.0.1 255.255.255.252
half-duplex
!
router bgp 200
no synchronization
bgp router-id 2.2.2.2
bgp log-neighbor-changes
network 2.2.2.2 mask 255.255.255.255
neighbor 10.0.0.2 remote-as 300
neighbor 192.168.1.1 remote-as 100
no auto-summary
ISP2
interface Loopback0
ip address 3.3.3.3 255.255.255.255
!
interface Ethernet0/0
ip address 10.0.0.2 255.255.255.252
half-duplex
!
interface Ethernet0/1
ip address 172.16.1.2 255.255.255.252
half-duplex
!
router bgp 300
no synchronization
bgp router-id 3.3.3.3
bgp log-neighbor-changes
network 3.3.3.3 mask 255.255.255.255
neighbor 10.0.0.1 remote-as 200
neighbor 172.16.1.1 remote-as 100
no auto-summary
We can inspect now the RIB of the ISP1 router. To reach the 1.1.1.1 prefix to the customer router it will use the shortest path via the Serial WAN link.
ISP1#sh ip bgp 1.1.1.1
BGP routing table entry for 1.1.1.1/32, version 3
Paths: (2 available, best #2, table Default-IP-Routing-Table)
Advertised to update-groups:
1
300 100
10.0.0.2 from 10.0.0.2 (3.3.3.3)
Origin IGP, localpref 100, valid, external
100
192.168.1.1 from 192.168.1.1 (1.1.1.1)
Origin IGP, metric 0, localpref 100, valid, external, best
As we can see the shortest AS path with only on AS Hop (100) is used to get to the prefix 1.1.1.1/32. As this is the best path the traceroute from the ISP1 router to the CUSTOMER networks will also follow the Serial WAN link.
ISP1#traceroute 1.1.1.1 source loopback 0
Type escape sequence to abort.
Tracing the route to 1.1.1.1
1 192.168.1.2 44 msec 20 msec 16 msec
If one should prefer the faster Ethernet WAN link via the ISP2 router we should create a ROUTE-MAP that will prepend our AS 100 several time, so after that the Serial WAN link should not be considered best after that.
CUSTOMER#sh route-map
route-map PREPEND, permit, sequence 10
Match clauses:
Set clauses:
as-path prepend 100 100 100 100
Policy routing matches: 0 packets, 0 bytes
The traffic that is going to be prepended with several AS100 paths in the vector is going to be filtered via the neighbor statement under the BGP Process.
CUSTOMER(config-router)#neighbor 192.168.1.2 route-map PREPEND out
To take effect we should use the Route Refresh BGP feature.
CUSTOMER#clear ip bgp 192.168.1.2 soft
Now we can see a change in the BGP RIB of the ISP1 router. The Serial WAN link is no more preffered as the best path for the 1.1.1.1 prefix. So now ISP1 reaches the Customer router via the ISP2 link.
ISP1#sh ip bgp 1.1.1.1
BGP routing table entry for 1.1.1.1/32, version 6
Paths: (2 available, best #1, table Default-IP-Routing-Table)
Flag: 0x820
Advertised to update-groups:
1
300 100
10.0.0.2 from 10.0.0.2 (3.3.3.3)
Origin IGP, localpref 100, valid, external, best
100 100 100 100 100
192.168.1.1 from 192.168.1.1 (1.1.1.1)
Origin IGP, metric 0, localpref 100, valid, external
If we do another traceroute , we will see that the preffered path to reach the CUSTOMER subnets, is via the Ethernet WAN link , towards the ISP2. All of the inbound traffic towards the CUSTOMER is now rerouted to this link.
ISP1#traceroute 1.1.1.1 source loopback 0
Type escape sequence to abort.
Tracing the route to 1.1.1.1
1 10.0.0.2 44 msec 20 msec 16 msec
2 172.16.1.1 60 msec * 28 msec
We have achieved also a small redundancy here, because we can still reach some subnets from the ISP1 via the Serial Link, but all of the inbound traffic is now utilizied over the Ethernet Link, that is faster.
Feel free to comment.
No comments:
Post a Comment