[c-nsp] Classify geographical traffic with BGP

Burak Dikici bdikici at gmail.com
Thu Apr 16 13:52:24 EDT 2009 

  Hi Rich ,

 With this configuration , i am still getting inbound traffic from
germany_isp
i didn't use "neighbor send-community"   command in the configuration , is
that couse any problem ?   When i control the my advertised route from the
at&t router , it is looking prepended.

router bgp 5555
neighbor GERMANY_ISP_IP_ADDRESS remote-as 29259
neighbor GERMANY_ISP_IP_ADDRESS description Germany_ISP
 address-family ipv4
  no synchronization
  neighbor GERMANY_ISP_IP_ADDRESS activate
  neighbor GERMANY_ISP_IP_ADDRESS route-map AS_path_prepend_for_germany_ISP
out
  neighbor GERMANY_ISP_IP_ADDRESS filter-list 10 out
!
ip as-path access-list 10 permit ^$
!
route-map AS_path_prepend_for_germany_ISP permit 10
match ip address 54
set as-path prepend 5555 5555 5555
!
route-map AS_path_prepend_for_germany_ISP permit 20





By the way , what is the difference between the configs  ;

*!!!!! CONFIG-1 !!!!!*
route-map AS_path_prepend_for_germany_ISP permit 10
 match ip address 54
 set as-path prepend 5555 5555
!
route-map AS_path_prepend_for_germany_ISP permit 20
router bgp 5555
 neighbor GERMANY_ISP_IP_ADDRESS route-map AS_path_prepend_for_germany_ISP
out




*!!!!! CONFIG-2 !!!!!*
route-map AS_PREPENDING permit 10
 set community 29259:1101

router bgp 5555
 neighbor GERMANY_ISP_IP_ADDRESS route-map AS_PREPENDING out
 neighbor GERMANY_ISP_IP_ADDRESS send-community













On Thu, Apr 16, 2009 at 5:07 PM, Rich Davies <rich.davies at gmail.com> wrote:

> Burak,
>
> Yes you are on the right track.  If you use your internernational ISP's
> pre-designated BGP communities you can cause them to apply the 6x prepending
> that you desire to cause unwanted traffic not to enter your international
> link (due to more "false" as-hops to the destination network/prefix).   Your
> in-country link/ISP will have the more desirable route due to less as-hops
> (inbound to your network) so essentially yes your international link will
> act as a backup link.
>
> Good luck!
>
>
> -Rich
>
>
>
> On Thu, Apr 16, 2009 at 12:11 AM, Burak Dikici <bdikici at gmail.com> wrote:
>
>>   Hi Rich ,
>>
>>  I am thinking on my international ISP community options. I have tired
>> before the as path prepending configuration with my international ISP. But
>> as a result , i was still getting some inbound traffic through international
>> ISP.   If i use their community options , for example if i advetise my
>> subnet with "send-community" option and 1106 for x6 times prepending , is
>> this option going to solve the unwanted inbound traffic problem ?
>> (
>> http://www.db.ripe.net/whois?form_type=simple&full_query_string=&searchtext=AS29259&do_search=Search
>> did you remember this address ? :)  )
>>
>>  I think that if the as path prepending configuration works well , the
>> inbound traffic to my AS through international ISP   will be used as backup
>> state.   But , as you know in my scenario
>> for example just international traffic goes from international ISP and
>> come back through the same link.   What do you say , am i thinking wrong ?
>>
>> Regards...
>>
>> Burak Dikici
>>
>>
>>
>>
>>
>>
>> On Wed, Apr 15, 2009 at 4:17 PM, Rich Davies <rich.davies at gmail.com>wrote:
>>
>>> Burak,
>>>
>>> Yes sorry if i wasnt clear.   Basically you can apply the route map for
>>> your session to provider A to change the local pref on those learned
>>> prefixes.   You could leave the session to provider B untouched (no route
>>> map inbound or outbound) and you will achieve "some" traffic changes since
>>> you're tagging specific prefixes to send to provider A and they would not go
>>> to provider B (out of country).
>>>
>>>
>>> -Rich
>>>
>>>
>>> On Wed, Apr 15, 2009 at 2:45 AM, Burak Dikici <bdikici at gmail.com> wrote:
>>>
>>>> Hi Rich ,
>>>>
>>>> Sorry about my last reply.  I couldn't catch the note in your previous
>>>> message. You said ;
>>>>
>>>> "Notice I am not applying a route-map to the other BGP session (3.3.3.3,
>>>> AS 33333) because all these routes get their default values (local pref of
>>>> 100, less preferrable).   The route map will allow all the other prefixes
>>>> there is no implicit deny, it merely tags routes matching ACL 10 with local
>>>> pref 150."
>>>>
>>>>
>>>>
>>>>
>>>>   On Wed, Apr 15, 2009 at 9:34 AM, Burak Dikici <bdikici at gmail.com>wrote:
>>>>
>>>>> Hi Rich ,
>>>>>
>>>>> What do you think about this command ?
>>>>>
>>>>> "neighbor 3.3.3.3 description PROVIDER_B_OUTSIDE_COUNTRY"
>>>>>
>>>>> This command doesn't have any direction.
>>>>>
>>>>> Burak
>>>>>
>>>>>
>>>>>
>>>>> On Wed, Apr 15, 2009 at 5:23 AM, Rich Davies <rich.davies at gmail.com>wrote:
>>>>>
>>>>>> Burak,
>>>>>>
>>>>>> BTW this line should not have been in my example:
>>>>>>
>>>>>>   neighbor 2.2.2.2 route-map PROVIDER_A_INSIDE_COUNTRY out
>>>>>>
>>>>>> Definately do not want to tag outbound routes in that method as they
>>>>>> do not originate from you (Doh!!).
>>>>>>
>>>>>>
>>>>>> -Rich
>>>>>>
>>>>>>  On Tue, Apr 14, 2009 at 8:15 PM, Burak Dikici <bdikici at gmail.com>wrote:
>>>>>>
>>>>>>>  By the way i wonder , how can it be done symmetrical traffic flow in
>>>>>>> this
>>>>>>> scenario ?   Local traffic goes from local ISP and the return traffic
>>>>>>> comes
>>>>>>> back through local ISP.   Outside of the country traffic goes from
>>>>>>> international IPS and the return traffic comes back through
>>>>>>> internaional
>>>>>>> ISP.  I don't want to cause any asymmetrical traffic flow between
>>>>>>> different
>>>>>>> ISPs and my site.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Wed, Apr 15, 2009 at 2:53 AM, Walter Keen <
>>>>>>> walter.keen at rainierconnect.net
>>>>>>> > wrote:
>>>>>>>
>>>>>>> > If you are not advertising any space, I would imagine an AS path
>>>>>>> filter
>>>>>>> > on ISP-1 (limited to 1 or 2 hops, if that works for you) and no AS
>>>>>>> path
>>>>>>> > filter on ISP-2 would do the trick.  You would want a floating
>>>>>>> static
>>>>>>> > default route(s) for outbound traffic redundancy.
>>>>>>> >
>>>>>>> > Now, if you are advertising space, as path prepending may be one
>>>>>>> way to
>>>>>>> > go as far as inbound traffic goes, but it gets messy in a situation
>>>>>>> like
>>>>>>> > this one.  If you prepend your AS number too many times out ISP1,
>>>>>>> then
>>>>>>> > traffic you may have wanted to come in ISP1 may see ISP2 as a
>>>>>>> closer
>>>>>>> > route (less AS hops).
>>>>>>> >
>>>>>>> > Burak Dikici wrote:
>>>>>>> > >    Hello ,
>>>>>>> > >
>>>>>>> > >   I have got one internet router running BGP , and this router
>>>>>>> has got
>>>>>>> > > connections with two different ISPs. One of the ISP is local for
>>>>>>> my
>>>>>>> > country
>>>>>>> > > and the other ISP's location is outside of my country. I want to
>>>>>>> classify
>>>>>>> > > geographical traffic with BGP. For example , local traffic to my
>>>>>>> country
>>>>>>> > > will go through ISP-1 (local ISP) , outside traffic to my country
>>>>>>> will go
>>>>>>> > > through ISP-2 (outside of my country ISP). What i have to do to
>>>>>>> achieve
>>>>>>> > that
>>>>>>> > > kind of configuration ? If i have to use AS path filter , how can
>>>>>>> i find
>>>>>>> > the
>>>>>>> > > local ISP AS path numbers and how can i configure AS path filter
>>>>>>> for this
>>>>>>> > > request ? Is that enough using the as-path filter just for the
>>>>>>> national
>>>>>>> > ISP
>>>>>>> > > or should i use it for international ISP also ?
>>>>>>> > >
>>>>>>> > >   If i use AS-path filter for both ISP connections , what will
>>>>>>> happen to
>>>>>>> > > redundancy ? I mean , for example i filter national AS numbers at
>>>>>>> the
>>>>>>> > > international ISP connection and deny them. Secondly , i filter
>>>>>>> national
>>>>>>> > AS
>>>>>>> > > numbers at the national ISP connection , permit them and the
>>>>>>> other AS
>>>>>>> > > numbers will be denied. In this situation , what will happen if
>>>>>>> the local
>>>>>>> > > ISP connection goes down ? Because of filtering of the national
>>>>>>> AS
>>>>>>> > numbers
>>>>>>> > > at the international ISP connection , the BGP table doesn't take
>>>>>>> any
>>>>>>> > updates
>>>>>>> > > from the local AS numbers. I hope , i could explain the situation
>>>>>>> > correctly.
>>>>>>> > >
>>>>>>> > >
>>>>>>> > > Kind Regards...
>>>>>>> > >
>>>>>>> > > Burak Dikici
>>>>>>> > > _______________________________________________
>>>>>>> > > cisco-nsp mailing list  cisco-nsp at puck.nether.net
>>>>>>> > > https://puck.nether.net/mailman/listinfo/cisco-nsp
>>>>>>> > > archive at http://puck.nether.net/pipermail/cisco-nsp/
>>>>>>> > >
>>>>>>> >
>>>>>>> >
>>>>>>> _______________________________________________
>>>>>>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>>>>>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>>>>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>

More information about the cisco-nsp mailing list