[c-nsp] Best Practices to make one BGP link prefer for egrees and ingress traffic of one subnet
Arie Vayner
ariev at vayner.net
Mon Feb 23 13:32:24 EST 2026
Muhammad,
It could still be easier to build a PBR based path with overlay tunnels.
This way you only need to traffic engineer the tunnel endpoints over the
Internet path (and that may be easier done with the ISP directly connected
IPs)
Tnx
Arie
On Mon, Feb 23, 2026, 11:27 AM Muhammad Atif Jauhar <atif.jauhar at gmail.com>
wrote:
> Thanks Arie،
>
> We are planning for SDWAN but in 3rd quarter of this year. But before this
> we need something to work.
>
> Regards,
>
> Muhammad Atif Jauhar
> (+966-5600-04985)
>
> On Mon, Feb 23, 2026, 20:08 Arie Vayner <ariev at vayner.net> wrote:
>
>> Muhammad,
>>
>> As you mention specific destinations that you seem to own/manage on both
>> ends, wouldn't it make more sense to run some overlay here, with tunnels
>> taking all available paths, and some simple SD-WAN-like routing policies
>> selecting the correct overlay for the relevant traffic?
>>
>> Tnx
>> Arie
>>
>> On Mon, Feb 23, 2026, 8:03 AM Muhammad Atif Jauhar <atif.jauhar at gmail.com>
>> wrote:
>>
>>> Hi,
>>> Thank you both for your feedback.
>>>
>>> Basically, one subnet is for backup environment and other link is for
>>> normal user traffic toward Data center.
>>>
>>> If we use one link most of the bandwidth captured by backup to avoid any
>>> bandwidth issue and slowness faced by users, we acquired one link for only
>>> backup and replication.
>>>
>>> Now want to segregate traffic on both link to avoid any bandwidth issue.
>>>
>>> Regards,
>>>
>>> Muhammad Atif Jauhar
>>> (+966-5600-04985)
>>>
>>> On Mon, Feb 23, 2026, 17:36 Arie Vayner <ariev at vayner.net> wrote:
>>>
>>>> Muhammad,
>>>>
>>>> To add to Gert's comment about symmetry... Can you please try and
>>>> explain why you have that requirement?
>>>>
>>>> I think this may be a case of reassessing the requirements before going
>>>> into solution mode.
>>>>
>>>> Tnx,
>>>> Arie
>>>>
>>>> On Mon, Feb 23, 2026, 5:36 AM Gert Doering via cisco-nsp <
>>>> cisco-nsp at puck.nether.net> wrote:
>>>>
>>>>> Hi,
>>>>>
>>>>> On Mon, Feb 23, 2026 at 02:50:55PM +0300, Muhammad Atif Jauhar via
>>>>> cisco-nsp wrote:
>>>>> > However, for outbound traffic, we are presently relying on
>>>>> Policy-Based
>>>>> > Routing (PBR) to steer traffic via the preferred uplink. While this
>>>>> > approach is functional, we would prefer to achieve the desired path
>>>>> > selection using BGP-native mechanisms, if possible, to ensure better
>>>>> > scalability and operational simplicity.
>>>>>
>>>>> There is none. BGP does not care about packet source addresses.
>>>>>
>>>>> (That said, you could trick around with VRFs, but it's questionable
>>>>> if that will be more satisfactory in the end)
>>>>>
>>>>> Symmetric traffic is an illusion, and trying to achieve that in
>>>>> "the Internet" is time not spent well.
>>>>>
>>>>> gert
>>>>> --
>>>>> "If was one thing all people took for granted, was conviction that if
>>>>> you
>>>>> feed honest figures into a computer, honest figures come out. Never
>>>>> doubted
>>>>> it myself till I met a computer with a sense of humor."
>>>>> Robert A. Heinlein, The Moon is a Harsh
>>>>> Mistress
>>>>>
>>>>> Gert Doering - Munich, Germany
>>>>> gert at greenie.muc.de
>>>>> _______________________________________________
>>>>> cisco-nsp mailing list cisco-nsp at puck.nether.net
>>>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>>>>
>>>>
More information about the cisco-nsp
mailing list