This is what we recently did to get this going at a client. We got tripped up initially with the route and I explain that below.
Our topology is simple. Routers WR1 (primary) and WR2 (backup) each are connected to ISP1 (primary) and ISP2 (backup) respectively with BGP enabled. They are cross connected to each other for the iBGP session on the 172.16.25.0/24 network. Our goal is to have WR2 advertise our IP block n.x.47.0/24 into ISP2 whenever ISP1 fails.
Steps
1. On WR1, advertise a route learned from ISP1 to WR2 (prefix list ROUTES-TO-WR2). Pick the route from the routing table. We were receiving partial routes from ISP1 so this was easy. You could also use the default route in this method even if both ISPs advertise the default route. We picked 99.0.0.0/12.
router bgp
neighbor 172.16.25.2 prefix-list ROUTES-TO-WR2 out
ip prefix-list ROUTES-TO-WR2 seq 10 permit 99.0.0.0/12
2. On WR2, use the advertise-map and non-exist-map to look for this route in the route table. Turns out it also looks in the BGP Table too! Our router map 'NON-EXIST' looks for two conditions - the route 99.0.0.0/12 AND that it was advertised from AT&T (AS=7018). Note that you must look for 7018 as the first AS number in the AS path which has an expression ^7018_
router bgp
neighbor y.z.32.133 advertise-map ADVERTISE non-exist-map NON-EXIST
access-list 47 permit n.x.47.0 0.0.0.255
ip as-path access-list 3 permit ^7018_
route-map NON-EXIST permit 10
match ip address prefix-list ATT-Route
match as-path 3
route-map ADVERTISE permit 10
match ip address 47
3. Here is the condition when ISP1 is working normally
WR1#sh ip bgp nei
BGP neighbor is y.z.32.133, remote AS 14265, external link
Description: TelePacific
Route map for outgoing advertisements is outgoing
Condition-map NON-EXIST, Advertise-map ADVERTISE, status: Withdraw
4. ISP1 goes down, so we lose the route 99.0.0.0/12 (as well as all other routes being advertised by ISP1)
WR1#sh ip bgp nei
BGP neighbor is y.z.32.133, remote AS 14265, external link
Description: TelePacific
Route map for outgoing advertisements is outgoing
Condition-map NON-EXIST, Advertise-map ADVERTISE, status: Advertise
5. Prior to us adding the 'match as-path 3' in the route map NON EXIST, the status would not change to Advertise. We found that WR2 had the route 99.0.0.0/12 in its BGP table even though it got removed from the routing table after ISP1 went down!
WR2#sh ip bgp 99.0.0.0/12
BGP routing table entry for 99.0.0.0/12, version 20658895
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Not advertised to any peer
14265 3549 7018, (received-only)
y.z.32.133 from y.z.32.133 (y.z.224.176)
Origin IGP, localpref 100, valid, external
Community: 934871440
After adding 'match as-path 3' it worked! As you can tell from below that it receives the route with the first (and only) AS # as 7018 from it's iBGP neighbor 172.16.25.1 whereas from y.z.32.133 it has a string of AS#s 14265 3549 7018.
WR2#sh ip bgp 99.0.0.0/12
BGP routing table entry for 99.0.0.0/12, version 20658895
Paths: (2 available, best #1, table Default-IP-Routing-Table)
Not advertised to any peer
7018, (received & used)
172.16.25.1 from 172.16.25.1 (172.16.25.1)
Origin IGP, metric 0, localpref 150, valid, internal, best
14265 3549 7018, (received-only)
y.z.32.133 from y.z.32.133 (y.z.224.176)
Origin IGP, localpref 100, valid, external
Community: 934871440
Configs
WR1
router bgp
no synchronization
no bgp fast-external-fallover
bgp log-neighbor-changes
bgp bestpath as-path ignore
network n.x.47.0 mask 255.255.255.0
neighbor n.m.117.249 remote-as 7018
neighbor n.m.117.249 description AT&T Ethernet Peer
neighbor n.m.117.249 version 4
neighbor n.m.117.249 soft-reconfiguration inbound
neighbor n.m.117.249 route-map incoming in
neighbor n.m.117.249 route-map outgoing out
neighbor 172.16.25.2 remote-as
neighbor 172.16.25.2 description iBGP peer connection to WR2
neighbor 172.16.25.2 update-source Loopback0
neighbor 172.16.25.2 version 4
neighbor 172.16.25.2 next-hop-self
neighbor 172.16.25.2 soft-reconfiguration inbound
neighbor 172.16.25.2 prefix-list ROUTES-TO-WR2 out
no auto-summary
!
ip prefix-list ROUTES-TO-WR2 seq 10 permit 99.0.0.0/12
WR2
router bgp
no synchronization
no bgp fast-external-fallover
bgp log-neighbor-changes
bgp bestpath as-path ignore
network n.x.47.0 mask 255.255.255.0
neighbor y.z.32.133 remote-as 14265
neighbor y.z.32.133 description TelePacific
neighbor y.z.32.133 version 4
neighbor y.z.32.133 soft-reconfiguration inbound
neighbor y.z.32.133 route-map incoming in
neighbor y.z.32.133 route-map outgoing out
neighbor y.z.32.133 advertise-map ADVERTISE non-exist-map NON-EXIST
neighbor 172.16.25.1 remote-as
neighbor 172.16.25.1 description iBGP peer connection to WR1
neighbor 172.16.25.1 update-source Loopback0
neighbor 172.16.25.1 version 4
neighbor 172.16.25.1 next-hop-self
neighbor 172.16.25.1 soft-reconfiguration inbound
neighbor 172.16.25.1 prefix-list DEF-ROUTE out
no auto-summary
access-list 47 permit n.x.47.0 0.0.0.255
ip as-path access-list 3 permit ^7018_
route-map NON-EXIST permit 10
match ip address prefix-list ATT-Route
match as-path 3
route-map ADVERTISE permit 10
match ip address 47
hi,
ReplyDeletewhat's in route maps incoming in & outgoing out
neighbor y.z.32.133 route-map incoming in
neighbor y.z.32.133 route-map outgoing out
MS
Here you go:
ReplyDeleteroute-map incoming permit 10
match as-path 1
set local-preference 150
!
route-map outgoing permit 10
match ip address 10
set as-path prepend 4871 4871 4871
access-list 10 permit a.b.c.0 0.0.0.255 <- our Public IP block
Thanks for stopping by!
_kem