how-to block ads
|
pdk
@captiveaire.com
|  [HELP] Prepending AS path in Multihomed setup
Router 1 Config (10.10.10.3):
router bgp 300
no synchronization
bgp log-neighbor-changes
network 10.10.10.0
neighbor 1.2.2.101 remote-as 500
neighbor 1.2.2.101 password *****************
neighbor 1.2.2.101 prefix-list default in
neighbor 1.2.2.101 prefix-list aggregate out
neighbor 10.10.10.1 remote-as 300
neighbor 10.10.10.1 next-hop-self
no auto-summary
!
!
ip as-path access-list 15 permit ^$
!
!
ip prefix-list aggregate seq 5 permit 10.10.10.0/24
!
ip prefix-list default seq 5 permit 0.0.0.0/0
logging trap debugging
logging 10.10.10.16
access-list 1 permit 10.10.10.0 0.0.0.255
snmp-server community cas-snmp-secure RO
snmp-server enable traps tty
!
route-map localonly permit 10
match as-path 10
ROUTER 2 (10.10.10.1):
!
router bgp 300
no synchronization
bgp log-neighbor-changes
network 10.10.10.0
neighbor 3.3.3.4 remote-as 400
neighbor 3.3.3.4 version 4
neighbor 3.3.3.4 prefix-list sprintin in
neighbor 3.3.3.4 route-map localonly out
neighbor 10.10.10.3 remote-as 32913
neighbor 10.10.10.3 next-hop-self
no auto-summary
!
ip classless
!
ip as-path access-list 10 permit ^$
!
no ip http server
ip http authentication local
no ip http secure-server
!
!
ip prefix-list sprintin seq 5 permit 0.0.0.0/0
route-map localonly permit 10
match as-path 10
set as-path prepend 300 300 300 | |
|  aryoba
Premium,MVM
join:2002-08-22
1 edit | Re: [HELP] Prepending AS path in Multihomed setup If this is Internet traffic, then you need to use BGP looking glass to check the BGP table from transit provider perspective. You can use the following link to find most suitable looking glass site.
»Cisco Forum FAQ »How your ISP annouce your subnet via BGP to the Internet: BGP Looking Glass
You also need to work with your ISP (AS 400 and AS 500 administrator) to check their BGP table.
These are preliminary steps to verify each other's BGP table.
You may also need to use the ISP BGP community list to set your and ISP's Local Preferences and AS Path Prepend. | |
| |
pdk
@captiveaire.com
| Re: [HELP] Prepending AS path in Multihomed setup So far, our ISP has been ZERO help when contacting them regarding issues such as this, I basically have to nail down the exact problem and tell them what they need to change before they will do anything, thats why I ask, I'm not sure I follow where you are going with this... can you be more specific? | |
| | | 
sporkme
drop the crantini and move it, sister
Premium,MVM
join:2000-07-01
Morristown, NJ | Re: [HELP] Prepending AS path in Multihomed setup Pick a looking glass and see what your routes look like there. Do you see two paths? Do you see the prepends on one of them? | |
| 
rolande
Certifiable
Premium,Mod
join:2002-05-24
Powell, OH
clubs:
Host:
Linksys
AT&T Midwest
| Most routers will use route caching for existing traffic flows, especially provider's large Internet aggregation routers. If you have a reconverge event with multiple paths for the same route, even though BGP updates properly, existing traffic flows may continue to flow down the backup path until they age out, unless the route cache is cleared. That is completely out of your control. ISP's do not do this as any BGP route flap event may cause a major route cache instability which usually triggers high cpu utilization on routers.
If your AS path prepend works under normal circumstances, then it will work once you reconverge. But, it will take time for you to start seeing traffic fall back over to the primary path. Fast failover and fallback can be deadly to your network. When you get trapped in a circuit flapping situation that you can't get recovered from, both yours and the ISP router's pay the price. ISP's frown severely on this when one customer's issue can bring down many other customers.
Remember that BGP is still a Distance Vector protocol underneath it all just with advanced metrics. It still takes time for reconvergence to fully occur throughout the network.
--
Ignorance is temporary...stupidity lasts forever!
»www.thewaystation.com/
»blog.thewaystation.com/ | |
| | |
sporkme
drop the crantini and move it, sister
Premium,MVM
join:2000-07-01
Morristown, NJ
 ·Optimum Online
| Re: [HELP] Prepending AS path in Multihomed setup said by carp  :You can try and get around/alleviate this with DNS or an advanced device like a Radware Linkproof(if still around) or devices from F5. While BGP may be damped to prevent harm, DNS is downright unpredictable. BGP is the proper solution. | |
| | | 
carp
join:2002-10-30
clubs:
1 edit | Re: [HELP] Prepending AS path in Multihomed setup You sound uninformed about solving it with DNS, Radware, etc. Works like a charm in many situations. | |
| | | |
sporkme
drop the crantini and move it, sister
Premium,MVM
join:2000-07-01
Morristown, NJ
·Optimum Online
| Re: [HELP] Prepending AS path in Multihomed setup said by carp :You sound uninformed about solving it with DNS, Radware, etc. Works like a charm in many situations. Quite the contrary. No matter what box you use for DNS load-balancing you are still relying on DNS, which I understand quite well. I also understand how broken DNS servers not under your direct control can completely bork up your plans when you rely on DNS for failover of inbound services.  | |
| | | | |
rolande
Certifiable
Premium,Mod
join:2002-05-24
Powell, OH
clubs:
Host:
Linksys
AT&T Midwest
| Re: [HELP] Prepending AS path in Multihomed setup said by sporkme :I also understand how broken DNS servers not under your direct control can completely bork up your plans when you rely on DNS for failover of inbound services. Really? I'd be interested to know what the scenarios were where you encountered the issues. The only issue I am aware of is primarily the 0 TTL issue with broken versions of BIND. Alternatively, if you are providing active/active geographic load balancing via DNS, you can run into issues with any clients using a provider's DNS that is serviced via Anycast.
In any case, we are talking about failover here. Failover should take place rarely for which the actual number of clients who might be impacted would be quite negligible anyway. So the argument can go either way fairly easily.
I have leveraged both 3DNS and the GSS product for global load balancing since 2002 in a couple of extremely high profile financial hosting environments serving literally millions of customers around the world. I have yet to be engaged in a troubleshooting call during a failover event, which app owners seem to incur on a regular basis for testing and DR events, where a user's DNS response was cached and stuck to the "offline" facility. I have witnessed the 0 TTL phenomenon on many occasions, not of my own doing, and I have seen Anycast client DNS cause out of state issues with applications. I'd love to know the issues you have experienced with "broken" DNS servers.
In the end, if a client has broken DNS, there isn't much you can do about it and it is not your responsibility, in any case. You build your own environment to support the standards. If others have issues because they are non-compliant, then it is up to them to resolve the problem.
--
Ignorance is temporary...stupidity lasts forever!
»www.thewaystation.com/
»blog.thewaystation.com/ | |
| | | | | |
sporkme
drop the crantini and move it, sister
Premium,MVM
join:2000-07-01
Morristown, NJ
·Optimum Online
| Re: [HELP] Prepending AS path in Multihomed setup said by rolande :said by sporkme :I also understand how broken DNS servers not under your direct control can completely bork up your plans when you rely on DNS for failover of inbound services. Really? I'd be interested to know what the scenarios were where you encountered the issues. I've not seen it with load balancing since I don't do that, but I've certainly seen misbehaving caching nameservers hold something much longer than the specified TTL. I have no idea what software said nameservers were running, my assumption was that it was not either BIND or DJBDNS... | |
| | | | | | |
rolande
Certifiable
Premium,Mod
join:2002-05-24
Powell, OH
clubs:
Host:
Linksys
AT&T Midwest
| Re: [HELP] Prepending AS path in Multihomed setup As an entity providing a hosted service, you can not take on the responsibility of "broken" client DNS servers. As long as you are obeying the standard, it is up to them to resolve their problem.
What if the customer decided it was in their best interest to provide extended BGP dampening? If your routes flap in BGP, you get blackholed from the customer for a period of time. This is the exact same situation and you can not be responsible for a broken configuration on the client's end.
Application layer failover is not a bad thing. It is actually better for us networking types because it takes the responsibility of resiliency off our shoulders.
--
Ignorance is temporary...stupidity lasts forever!
»www.thewaystation.com/
»blog.thewaystation.com/ | |
|
pdk
@rr.com
| Thanks for all the replies everyone,
BGP is definitely the right solution for what I'm doing, I do not question that. This however is my first implementation of it in a production environment so I'm still learning. I think I found the problem. Neither of our ISP's have our routes configured properly, neither one knows about the other and right now, whoever comes up first is the preferred route regardless of how many prepends I have on the AS path. | |
| |
sporkme
drop the crantini and move it, sister
Premium,MVM
join:2000-07-01
Morristown, NJ
·Optimum Online
| Re: [HELP] Prepending AS path in Multihomed setup Can you clarify this part?
said by pdk :
Neither of our ISP's have our routes configured properly
Are you announcing your routes via BGP or are your ISPs handling this? Can you explain your setup in a bit more detail? | |
| | |
rolande
Certifiable
Premium,Mod
join:2002-05-24
Powell, OH
clubs:
Host:
Linksys
AT&T Midwest
| Re: [HELP] Prepending AS path in Multihomed setup Depending on the original provider who allocated the netblock in question, one ISP may be aggregating the route as part of a larger block. The second ISP is advertising the more specific prefix and thus ends up getting all the traffic. Does that sound close? | |
| | | |
sporkme
drop the crantini and move it, sister
Premium,MVM
join:2000-07-01
Morristown, NJ
·Optimum Online
| Re: [HELP] Prepending AS path in Multihomed setup said by rolande :Depending on the original provider who allocated the netblock in question, one ISP may be aggregating the route as part of a larger block. The second ISP is advertising the more specific prefix and thus ends up getting all the traffic. Does that sound close? That sure works... There's not much info in the original post, I was assuming he had his own AS and netblock, but who knows... | |
| jwhitecs
Premium
join:2006-10-11
| well, if class C 204.120.207.0 is the prefix in question then as shown below its only being announced by one of your providers (road runner/twcable AS11426).
route-server>show ip bgp regexp _32913$
BGP table version is 2321232, local router ID is 12.0.1.28
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
* 204.120.207.0 12.123.13.241 0 7018 3356 11426 32913 i | |
| | jwhitecs
Premium
join:2006-10-11 | Re: [HELP] Prepending AS path in Multihomed setup which would mean your second provider Sprint is not announcing your class C at all. | |
| | jwhitecs
Premium
join:2006-10-11 | do a "show ip bgp neighbor x.x.x.x advertised-routes" and verify that the class c is being announced, specifically to your second provider Sprint. | |
| | Nubiatech
soy capitan
join:2007-09-02
Illinois
1 edit | said by jwhitecs :well, if class C x.x.x.x is the prefix in question then as shown below its only being announced by one of your providers (road runner/twcable AS11426). Nice detective work there! 
So much for "anonymous" @somedomain.tld
---
Edit: remove actual subnet. | |
|
pdk
@captiveaire.com
| We have our own AS and Class C as stated in the original post.
Due to a router crash on Monday night, our sprintlink connection is down and our fiber connection is the only advertised route as of now. That is probably why you are only seeing 1 route advertised.
And so much for masking my real IP and AS #.....
Anyhoo, back to the topic...I'm going to wait until my sprint connection is back up and check out what routes are being advertised when both links are active, then post what I find. | |
| | jwhitecs
Premium
join:2006-10-11 | Re: [HELP] Prepending AS path in Multihomed setup sorry about anonymous stuff pdk. But you left your public AS in the masked config above so I went from there. | |
| |
sporkme
drop the crantini and move it, sister
Premium,MVM
join:2000-07-01
Morristown, NJ
·Optimum Online
2 edits | said by pdk :
We have our own AS and Class C as stated in the original post.
It actually looks like you don't have your own class C, it's reassigned from Sprint:
[spork@devel2] $ whois -h whois.arin.net NET-204-120-207-0-1
OrgName: Captive-Aire Systems
OrgID: CAPTI-2
Address: 117 Franklin Park Ave
City: Youngsville
StateProv: NC
PostalCode: 27596
Country: US
NetRange: 204.120.207.0 - 204.120.207.255
CIDR: 204.120.207.0/24
NetName: SPRINTLINK
NetHandle: NET-204-120-207-0-1
Parent: NET-204-117-0-0-1
NetType: Reassigned <<<----
Which is interesting, since they are the ones NOT announcing the route. | |
|
pdk
@captiveaire.com
| SUre, its assigned to us from sprint but we have the whole block. Now that you've announced our location, physical address, domain info, router IP's, AS#, how about I just give everyone my Enable password! Sure it can be found if you search enough but it clearly states when posting to MASK the real IP addresses, AS#'s etc... | |
| | aryoba
Premium,MVM
join:2002-08-22
1 edit | Re: [HELP] Prepending AS path in Multihomed setup Yeah, I notice that your IP address and stuff is easier to find when you post as anon instead of registered account ...
But that's off topic and I don't want to go further ...
Now, pdk; have you got a chance to pick a looking glass and see if your AS # is announced as supposed to? | |
|
pdk
@captiveaire.com
| Also if Sprintlink was NOT announcing the route, then how would traffic ever fail over when our TWC link was down, which it does. I believe the reason you weren't seeing the route was because our sprintlink was down at that time, per my previous post. I see two routes as of right now and my TWC link is preferred........ | |
| |
sporkme
drop the crantini and move it, sister
Premium,MVM
join:2000-07-01
Morristown, NJ
·Optimum Online
| Re: [HELP] Prepending AS path in Multihomed setup said by pdk :
Also if Sprintlink was NOT announcing the route, then how would traffic ever fail over when our TWC link was down, which it does. I believe the reason you weren't seeing the route was because our sprintlink was down at that time, per my previous post. I see two routes as of right now and my TWC link is preferred........
You're really not answering any questions about your config... The most basic being, are you announcing routes yourself via BGP or is each ISP doing it on your behalf? Config snippets would help.
As to privacy, well, whois is a simple tool that most anyone in this forum should be familiar with. | |
| | |
pdk
@captiveaire.com
| Re: [HELP] Prepending AS path in Multihomed setup Our ISP is doing it on our behalf. What other config snippets do you need. I thought I copied all my BGP config info in my original post. Do you see our two routes advertised as of now?
my domain is in TINY italic letters under my name, didn't realize it was there sorry, was wondering how it was so easy for everyone to know who i was  | |
| | | | jwhitecs
Premium
join:2006-10-11
| Re: [HELP] Prepending AS path in Multihomed setup you left your public AS# in the original post.
neighbor 10.10.10.3 remote-as 32913
-still only 1 path
route-server>show ip bgp regexp _32913$
BGP table version is 2745442, local router ID is 12.0.1.28
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
* 204.120.207.0 12.123.13.241 0 7018 3356 11426 32913 i
* 12.123.29.249 0 7018 3356 11426 32913 i
* 12.123.145.124 0 7018 3356 11426 32913 i
* 12.123.5.240 0 7018 3356 11426 32913 i
* 12.123.37.250 0 7018 3356 11426 32913 i
* 12.123.21.243 0 7018 3356 11426 32913 i
* 12.123.45.252 0 7018 3356 11426 32913 i
* 12.123.142.124 0 7018 3356 11426 32913 i
* 12.123.139.124 0 7018 3356 11426 32913 i
* 12.123.133.124 0 7018 3356 11426 32913 i
* 12.123.134.124 0 7018 3356 11426 32913 i
* 12.123.33.249 0 7018 3356 11426 32913 i
* 12.123.25.245 0 7018 3356 11426 32913 i
* 12.123.17.244 0 7018 3356 11426 32913 i
*> 12.123.1.236 0 7018 1668 11426 32913 i
* 12.123.41.250 0 7018 1668 11426 32913 i
* 12.123.137.124 0 7018 1668 11426 32913 i
* 12.123.9.241 0 7018 1668 11426 32913 i | |
| | | | |
pdk
@captiveaire.com
| Re: [HELP] Prepending AS path in Multihomed setup Query: bgp
Address: 204.120.207.0
BGP routing table entry for 204.120.207.0/24, version 93798026
Paths: (3 available, best #2, table Default-IP-Routing-Table)
Advertised to non peer-group peers:
66.178.0.2 66.178.0.3 66.178.0.4 66.178.0.5 66.178.0.6 66.178.0.7 66.178.0.11
66.178.0.12 66.178.0.14 66.178.0.16 66.178.0.17 66.178.0.18 66.178.0.23
66.178.0.24
6461 1668 11426 32913, (Received from a RR-client), (received & used)
66.178.0.2 (metric 2) from 66.178.0.2 (66.178.0.2)
Origin IGP, metric 0, localpref 100, valid, internal
Community: 16422:666
701 3356 11426 32913
157.130.47.117 from 157.130.47.117 (137.39.3.146)
Origin IGP, localpref 100, valid, external, best
Community: 16422:666
701 3356 11426 32913, (received-only)
157.130.47.117 from 157.130.47.117 (137.39.3.146)
Origin IGP, localpref 100, valid, external | |
| | | |
sporkme
drop the crantini and move it, sister
Premium,MVM
join:2000-07-01
Morristown, NJ
·Optimum Online
| said by pdk :
Our ISP is doing it on our behalf. What other config snippets do you need. I thought I copied all my BGP config info in my original post.
Ooops. Sorry, I'm blind.
Anyhow, at this point I see two paths from the looking glass I'm diddling. I don't take full routes from my upstreams anymore. | |
| | | | jwhitecs
Premium
join:2006-10-11
| So assuming your Sprint connection is currently up TWC AS11426 is announcing a /24 and Sprint AS1239 is announcing a /16 aggregate. So for inbound traffic to you its always going to take the longest match prefix which would be TWC (when both are up). As far as the outbound traffic leaving your AS it looks like you are learning a default route (0.0.0.0/0) from both TWC and Sprint so in that case the Local Preference can be set to give preference to one default over the other and when one goes away the other takes over. The highest local preference will be preferred. Both are set to 100 by default so you could set the Sprint peer local preference to 50 to always prefer TWC peer for outbound traffic exiting the AS.
route-server>show ip bgp 204.120.207.0 255.255.0.0 longer-prefixes
BGP table version is 3083298, local router ID is 12.0.1.28
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
* 204.120.0.0/16 12.123.13.241 0 7018 1239 i
* 204.120.207.0 12.123.13.241 0 7018 3356 11426 32913 i | |
| | | | |
See 8 replies to this post | |
pdk
@captiveaire.com | I did pick a looking glass, for what my limited knowledge tells me it looks fine, i don't understand why it doesn't return to the preferred route of TWC once the conneciton is restored. | |
| bartem01
join:2000-11-01
Brooklyn, NY
| Try match on the acl in your route map and you need
route-map localonly permit 20
after your permit 10.
You can do on your secondary router:
ip access-list standard set-as-prepend
permit 10.10.10.0 0.0.0.255
exit
route-map localonly permit 10
match ip address set-as-prepend
set as-path prepend 300 300 300
exit
route-map localonly permit 20
Also make sure your secondary ISP grants metrics from you. | |
| 
Covenant
Premium,MVM
join:2003-07-01
England
| There is another way to do this but it all depends on your configuration as regards how you are learning the network "10.10.10.0/24" which you are advertising out to AS400 and AS500.
If you are learning the network via an IGP or eBGP from another host internal from the two CEs mentioned above, it will be tricky to do this without prepends but possible.
To accomplish this, we will use the not widely known IOS BGP feature of non-exist maps. (As jwhitecs pointed out, it is called BGP Conditional Advertisement and not non-exist map. That is what I use to describe it to customers at design meetings at work so apologies if it wasn't exactly correct. Nothing else technically, in this post is incorrect so its all semantics).
Basically, on the backup router, we will use this feature so as NOT to advertise the prefix out unless it detects a missing prefix which will cause it to advertise all routes out. Once the prefix is present again, it will stop advertising out the route.
Essentially on the backup router, we will setup a prefix-list to match for the default route coming in:
Then, an AS path list will be created matching for AS path 500 at the beginning of the AS path which is the AS peer for R1:
Then a route-map created to amalgamate the two together:
Next, we need to create a prefix list and route-map for the subnets we want to advertise when the prefix we are looking for (0.0.0.0/0) and as path (^500) are not present (created in the route-map above):
Then the route-map to tie this prefix-list to it:
Then for your AS400 PE on router 2, remove the route-map with the prepends and add the route-map with the non-exist map:
You might want to test this in a maintenance window/lab first and you will also have to look at route-dampening between the two routers (1 and 2) to minimise a flapping cct chances of causing route-dampening to be enabled on the ISP's PEs and Ps by the constant withdrawal of your prefixes and then advertisement.
That should cure your issue of a "stuck" backup route being present as the primary route in the ISP's RIB.
--
A word to the wise ain't necessary, it's the stupid ones who need the advice! | |
| | | |
|
