BGP advertise-map in XOS

  • 0
  • 1
  • Question
  • Updated 1 year ago
  • Answered
I have a Multi-homed Routers connected to 2 ISPs. I need to Create like an Advertise-map on the Standby Router connected to the Standby ISP to only advertise my Public address if the primary link goes down .

Is there a way of doing it in XOS ? 
Thank You,
Elie
Photo of Elie Raad

Elie Raad

  • 252 Points 250 badge 2x thumb

Posted 1 year ago

  • 0
  • 1
Photo of Nick Yakimenko

Nick Yakimenko

  • 2,488 Points 2k badge 2x thumb
look towards configuring different localpref for different ISP-s
Photo of Elie Raad

Elie Raad

  • 252 Points 250 badge 2x thumb
the reason why i am looking into the advertise-map becasue i want to affect inbound traffic , i used the community tags and as-prepend , it is not working as expected 
Photo of Nick Yakimenko

Nick Yakimenko

  • 2,488 Points 2k badge 2x thumb
do you use communities which your ISP-s understand?
Photo of Elie Raad

Elie Raad

  • 252 Points 250 badge 2x thumb
Hi Nick , Yes i use the https://onestep.net to configure the communities . the thing is i have a backup link of just 10 mbps and if only one internet source tries to route inbound to me on this link it will get over utilized , so i am looking into a solution that works 100 percent . 
Photo of Nick Yakimenko

Nick Yakimenko

  • 2,488 Points 2k badge 2x thumb
But do your ISP-s support reading those communities?
You may find out that by
whois as65536
where 65536 is a number of autonomus system of your backup ISP
Photo of Balaji

Balaji, Employee

  • 776 Points 500 badge 2x thumb
Elie, 

My understanding is that you would like to advertise only the public network to the ISP, with that in mind the below configuration should work. (please correct me if the requirement is something different)

Below is the policy to filter the routes to be advertised and the command to apply the policy for a neighbor.  

edit policy Route_Filter

entry permit-route {
      if match any {
           nlri 10.249.2.0/24;
      } then {
           permit;
      } }

configure bgp neighbor 10.250.1.12 route-policy out Route_Filter 
Photo of Nick Yakimenko

Nick Yakimenko

  • 2,478 Points 2k badge 2x thumb
Jarek, that's the point I'm trying to explain
Or your upstream can manually accept your prefixes with a different localpref if you ask them to do that.
Photo of Jarek

Jarek

  • 2,398 Points 2k badge 2x thumb
You mean: upstream can accept BGP community that will change localpref for your prefix :) ?

--
Jarek
Photo of Nick Yakimenko

Nick Yakimenko

  • 2,478 Points 2k badge 2x thumb
Yes, e.g. if you announce your prefixes to as20850 with community 20850:50 -- they will accept your announce and change localpref to 50
Please see  https://apps.db.ripe.net/search/lookup.html?source=ripe&key=AS20850&type=aut-num
Photo of Jarek

Jarek

  • 2,398 Points 2k badge 2x thumb
Ok, now it is clear :)

--
Jarek
Photo of Jarek

Jarek

  • 2,398 Points 2k badge 2x thumb
Ok, now it is clear :)

--
Jarek
Photo of Jarek

Jarek

  • 2,398 Points 2k badge 2x thumb
Hi Elie,

first of all you need to know what BGP communities are accepted by your ISP's.
You should ask them, because sometimes  they do not publish all BGP communities :).

You can use for example well known (if they are accepted):
- no-export      - which means  do not export to any eBGP neighbor
- no-advertise - which means, do not export to any BGP neighbor at all.

--

Jarek

Photo of Elie Raad

Elie Raad

  • 252 Points 250 badge 2x thumb
what if the primary link fails to the other ISP . how will the secondary ISP knows that so that their routers can remove these communities 
Photo of Nick Yakimenko

Nick Yakimenko

  • 2,478 Points 2k badge 2x thumb
As i wrote before https://community.extremenetworks.com/extreme/topics/bgp-advertise-map-in-xos?topic-reply-list%5Bset...
if secondary ISP receives routes with localpref 50 and from other uplinks with 100, then routes will become unavailable through other uplinks and become active through direct connection
Photo of Elie Raad

Elie Raad

  • 252 Points 250 badge 2x thumb
Guys, i have had a case open with Expedient and Cognet for almost a Year and ISPs are hard to deal with  and it takes forever.  i am trying to implement a Solution from my side . in my initial post i mentioned if someone know if there is a feature like bgp advertise-map as in cisco.
thank you ,
Photo of EtherMAN

EtherMAN, Embassador

  • 7,200 Points 5k badge 2x thumb
I hate to agree with the others here but your first step has to be working with the upstream provider you are paying good money to for the best way they would support your scenario.  They each have their own rules on how they will send traffic back to you from other customers of theirs that are directly connected to them.   They would prefer that traffic to remain on their direct connection to you and may be ignoring any community or pre-pend you are sending out.  You must escalate and work through sales channel if you have to.  Tell you get responses back from them you are just guessing and hoping for the best....  
Photo of Jarek

Jarek

  • 2,398 Points 2k badge 2x thumb
Elie,

This is only an idea and I don't have a time to put it all together, but...
lets assume you have scenario like this bellow:

                                                            Router Expedient - Low speed link
                                                           /
Your Standby  Router (EXOS switch) 
             |
             |
             |
Your Main Router (EXOS switch) 
                                                       \ 
                                                          Router Cogent - High speed link


You advertise your prefix for example 10.0.0.0/24 from Main router:
- dirtect to Cogent 
- to Standby Router and then to Expedient 

On Main Router you can have a UPM script and BGP export policy.

The UPM script will check if some route is in table and this route nexthop is via Cogent
or if the session is up and so on.
If  the route does not exists, you apply  iBGP_export_Stby.pol to iBGP peer out to Standby  Router
and advertise prefix with community 65535:100 
If all is ok, unconfigure policy iBGP_export_Stby.pol


================= iBGP_export_Stby.pol =====================

entry iBGP_peer_Main { if match all {
           nlri 10.0.0.0/24;
} then {
           permit;
           community set 65535:100;
}}



========================================================

On Stanby Router you can have  a policy that import prefix from Main router like this:
If I receive my prefix from IBGP peer Main Router with community 65535:100 
then I will permit and then advertise to Expedient.
If not deny the prefix and don't advertise anything.

example
========== iBGP_import_Main.pol =============================
entry iBGP_peer_Main { if match all {
         community 65535:100;
          nlri 10.0.0.0/24;
} then {
           permit;
}}

entry IP_BGP_deny { if {
} then {
          deny;
}}
===========================================================

--
Jarek