[c-nsp] BGP - Multihoming

Stig Johansen Stig.Johansen at atea.no
Sat Mar 14 20:07:09 EDT 2009 

Burak Dikici wrote:
>I would like consult some subject about BGP to the experienced BGP users. We are making a BGP connection to a two different ISPs via central site router.
>We are announcing our subnet via ISP-1 normally , but for ISP2 we are announcing the subnet with AS path prepending configuration. As a result , we still see inbound traffic from internet to our subnet via ISP-2. Is that possible to adjust more tuning for inbound traffic ? We would like to achieve that there will be no inbound traffic via ISP-2.
>By the way , in the next step of the configuration we would like to configure our multihomed BGP router with PBR & NBAR. What we are going to try with this is that for example p2p traffic from our subnet to the internet will be detected with NBAR and it will be forwarded to the ISP-2 connection with PBR and the return traffic of this connection will be come through the ISP-2 connection. (Symmetric traffic flow) How can be achive that ?

Hi there,

Maybe someone has better ideas, but here goes anyway;

1) If you prepend your AS various times towards ISP-2, the BGP best path selection should prefer the path with the shortest AS-PATH, and therefore use your ISP-1 connection.
2) If your ISP-2 has a policy of assigning a higher LOCAL PREFERENCE for prefixes originated from any of it's customers, all of the customers of ISP-2 (and the ISP-2 it self) will use ISP-2's connection to you by default. This is reasonable for ISP-2, as it would use it's own internal network to reach you.

I'm not sure if ISP-2 would like to change this configuration, as it would inflict a higher usage of it's other peeringlinks, but asking doesn't hurt.. :)

If you want certain traffic to use the ISP-2 link with PBR, you would need to make sure the traffic uses IP-addresses which are preferred on the ISP-link. If you don't know which source-addresses will need to use this link, but use NBAR to discover this, you'll have to use NAT'ing.

A) Either get a pool of IP-addresses from ISP-2 (which will be preferred on ISP-2 anyway), or use a smaller prefix of your own addresses (and make sure they are preferred on the ISP-2 link, using the methods as cited above)
B) Use PBR with NBAR to make the interesting traffic use the ISP-2-link and configure NAT'ing to the addresses you aquired in A).

Best regards,
Stig Meireles Johansen

More information about the cisco-nsp mailing list