Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

BGP Allow Only One Network 1

Status
Not open for further replies.

WillyKelleher

Programmer
Feb 19, 2002
36
US
We have two external IP ranges and we are usuing BGP on a single router connected to 2 different ISP's. IP's from both ranges are flowing on both serial interfaces. We now need a way to isolate voice traffic onto one so we can get better service for voice.

Is there a way to split the ip ranges so that each provider is servicing a single range?

I could then place voice on one range isolated from all other traffic.

Maybe we could use an access-list and block each range on the other serial interface?

Thanks in advance for the help
-Willy
 
You could mess around with metrics, as-path, and other knobs to specific 1 subnet to prefer one peer over another. It won't always behave that way though, because you really have very little influence over downstream peers.
 
I read about that on some other posts. I thought if I blocked the range from one ISP that the route would build the other way around for those IP addresses. I guess I am trying to turn off BGP without realy turning it off with my providers so I can have it later if I need it.

Thanks
 
There really is no way to do that, and I don't think thats what you want to do anyways. You want data to go down one peer, and voice to go down another correct?

If you "turned" off a peer, you would basically have a dead circuit provided there wasn't some other arrangement for the ISP to advertise your network.

Is your subnets directly allocated to you?
Do you have your own AS number?
 
It looks like the answer to both questions is yes.
We have our own AS number and both subnets belong to us.
 
To get started you'll want to advertise both networks to both peers like you are doing now, except you'll want subnet1 to be prepended on one peer and vice versa.


peer1
Code:
ip prefix-list p1announce description Our allowed routing announcements to be prepended
ip prefix-list p1announce seq 5 permit 1.1.1.0/24
!
ip prefix-list p1announce2 description Our allowed routing announcements to not be prepended
ip prefix-list p1announce2 seq 5 permit 2.2.2.0/24

route-map peer1out permit 10
 description Outbound Route-map for Peer 1
 match ip address p1announce
 set as-path prepend 12345 12345 12345 12345 12345 !tells your peer you are 5 hops away
route-map peer1out permit 20
 description Outbound Route-map for Peer 1
 match ip address p1announce2 !match 2nd subnet to make sure it's announced
!
router bgp 12345
 neightbor x.x.x.x route-map peer1out out
 
That looks a bit different then what we have now. How would that work into the following. I adjusted the voice priority yesterday from 500 and added the policy map to Serial2/1 in hopes to reduce voice problems.



!
!
class-map match-all video
match access-group 102
class-map match-all voice
match access-group 101
!
!
policy-map voice-monitor
class voice
priority 900
class video
priority 200
class class-default
!
!
!
interface FastEthernet2/0
ip address 65.x.x.1 255.255.255.0 secondary
ip address 12.x.x.1 255.255.255.0
no ip redirects
no ip unreachables
ip route-cache flow
speed 100
full-duplex
no cdp enable
!
interface Serial2/0
bandwidth 1536
ip address x.x.x.x 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
service-policy output voice-monitor
encapsulation ppp
ip route-cache flow
no ip mroute-cache
no cdp enable
!
interface Serial2/1
bandwidth 1536
ip address x.x.x.x 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
service-policy output voice-monitor
encapsulation frame-relay IETF
ip route-cache flow
no ip mroute-cache
frame-relay interface-dlci 500
frame-relay lmi-type ansi
!
router bgp 12345
bgp log-neighbor-changes
network 12.x.x.0 mask 255.255.255.0
network 65.x.x.0 mask 255.255.255.0
neighbor 12x.x.x.185 remote-as 7018
neighbor 12x.x.x.185 route-map acmeatt in
neighbor 12x.x.x.185 route-map acme out
neighbor 15x.x.x.81 remote-as 701
neighbor 15x.x.x.81 route-map acmeuunet in
neighbor 15x.x.x.81 route-map acme out
no auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 15x.x.x.81
ip route 0.0.0.0 0.0.0.0 12x.x.x.185
no ip http server
ip as-path access-list 10 permit ^$
ip as-path access-list 20 permit ^7018$
ip as-path access-list 30 permit ^701$
!
logging trap notifications

no cdp run
route-map acmeatt permit 10
match as-path 20
set local-preference 10
!
route-map acmeuunet permit 10
match as-path 30
set local-preference 125
!
route-map acme permit 10
match as-path 10
!
!
!
dial-peer cor custom
!
!
!
!

 
Yeah basically create two route-maps to replace acme. Make one for uunet and another for your att peers.

Right now your route-maps for advertising aren't really doing anything. This controls how INBOUND traffic gets to your network.

Your other route-maps acmeuunet and acmeatt are controlling how routes are learned from your isps and assigning a local preference to them. What this does is tells your router which isp would be prefered for OUTBOUND traffic. In this case, your outbound traffic will prefer your uunet connection.
 
So would it look like this if I want all traffic in and out besides voice on 12.x.x.x on peer ATT and 65.x.x.x voice only on peer uunet. I changed the local-preference so outbount prefers ATT. This setup is for remote IP phones that connect to us internally on a 65.x.x.x ip address. Why would I tell the peer I am 5 hops away?

Code:
ip prefix-list p1announce description Our allowed routing announcements to be prepended
ip prefix-list p1announce seq 5 permit 12.x.x.0/24
!
ip prefix-list p1announce2 description Our allowed routing announcements to not be prepended
ip prefix-list p1announce2 seq 5 permit 65.x.x.0/24

route-map peer1out permit 10
 description Outbound Route-map for ATT
 match ip address p1announce
 set as-path prepend 12345 12345 12345 12345 12345 !tells your peer you are 5 hops away
route-map peer1out permit 20
 description Outbound Route-map for ATT
 match ip address p1announce2 !match 2nd subnet to make sure it's announced
!
route-map peer2out permit 10
 description Outbound Route-map for UUNET
 match ip address p1announce2
 set as-path prepend 12345 12345 12345 12345 12345 !tells your peer you are 5 hops away
route-map peer2out permit 20
 description Outbound Route-map for UUNET
 match ip address p1announce !match 1st subnet to make sure it's announced


router bgp 12345
 bgp log-neighbor-changes
 network 12.x.x.0 mask 255.255.255.0
 network 65.x.x.0 mask 255.255.255.0
!
 neighbor 12x.x.x.185 remote-as 7018
 neighbor 12x.x.x.185 route-map acmeatt in
 neighbor 12x.x.x.x route-map peer1out out
!
 neighbor 15x.x.x.81 remote-as 701
 neighbor 15x.x.x.81 route-map acmeuunet in
 neighbor 15x.x.x.x route-map peer2out out

 no auto-summary
!
route-map acmeatt permit 10
 match as-path 20
 set local-preference 125
!
route-map acmeuunet permit 10
 match as-path 30
 set local-preference 10
!
route-map acme permit 10
 match as-path 10
!

 
Provided that is the way you want to split up your traffic, yes.

After you made the changes, you'll have to do a "clear ip bgp * soft out" for the new advertisements to be sent out.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top