Header Only - DO NOT REMOVE - Extreme Networks

BGP advertise-map in XOS


I have a Multi-homed Routers connected to 2 ISPs. I need to Create like an Advertise-map on the Standby Router connected to the Standby ISP to only advertise my Public address if the primary link goes down .

Is there a way of doing it in XOS ?
Thank You,
Elie

29 replies

Userlevel 4
look towards configuring different localpref for different ISP-s
Nick Yakimenko wrote:

look towards configuring different localpref for different ISP-s

the reason why i am looking into the advertise-map becasue i want to affect inbound traffic , i used the community tags and as-prepend , it is not working as expected
Userlevel 4
Nick Yakimenko wrote:

look towards configuring different localpref for different ISP-s

do you use communities which your ISP-s understand?
Nick Yakimenko wrote:

look towards configuring different localpref for different ISP-s

Hi Nick , Yes i use the https://onestep.net to configure the communities . the thing is i have a backup link of just 10 mbps and if only one internet source tries to route inbound to me on this link it will get over utilized , so i am looking into a solution that works 100 percent .
Userlevel 4
Nick Yakimenko wrote:

look towards configuring different localpref for different ISP-s

But do your ISP-s support reading those communities?
You may find out that by
whois as65536 [/code]where 65536 is a number of autonomus system of your backup ISP
Elie,

My understanding is that you would like to advertise only the public network to the ISP, with that in mind the below configuration should work. (please correct me if the requirement is something different)

Below is the policy to filter the routes to be advertised and the command to apply the policy for a neighbor.

edit policy Route_Filter

entry permit-route {
if match any {
nlri 10.249.2.0/24;
} then {
permit;
} }

configure bgp neighbor 10.250.1.12 route-policy out Route_Filter
Userlevel 4
Balaji wrote:

Elie,

My understanding is that you would like to advertise only the public network to the ISP, with that in mind the below configuration should work. (please correct me if the requirement is something different)

Below is the policy to filter the routes to be advertised and the command to apply the policy for a neighbor.

edit policy Route_Filter

entry permit-route {
if match any {
nlri 10.249.2.0/24;
} then {
permit;
} }

configure bgp neighbor 10.250.1.12 route-policy out Route_Filter

They need to only advertise Public address if the primary link goes down .
Balaji wrote:

Elie,

My understanding is that you would like to advertise only the public network to the ISP, with that in mind the below configuration should work. (please correct me if the requirement is something different)

Below is the policy to filter the routes to be advertised and the command to apply the policy for a neighbor.

edit policy Route_Filter

entry permit-route {
if match any {
nlri 10.249.2.0/24;
} then {
permit;
} }

configure bgp neighbor 10.250.1.12 route-policy out Route_Filter

Hi Balaji, thank you for your reply , your configuration is correct which accomplish half of what i am looking for , the other half is that i want to advertise only this public prefix only and only if the connection to the primary ISP Fails. ( i have 2 routers connected to 2 different ISPs)
Balaji wrote:

Elie,

My understanding is that you would like to advertise only the public network to the ISP, with that in mind the below configuration should work. (please correct me if the requirement is something different)

Below is the policy to filter the routes to be advertised and the command to apply the policy for a neighbor.

edit policy Route_Filter

entry permit-route {
if match any {
nlri 10.249.2.0/24;
} then {
permit;
} }

configure bgp neighbor 10.250.1.12 route-policy out Route_Filter

my idea is to add a static blakchole route and track it by and ip sla , and add this route along with my public prefix in a route-map as an AND operation. so if the static route is there then permit the public prefix to be advertised
Userlevel 4
Balaji wrote:

Elie,

My understanding is that you would like to advertise only the public network to the ISP, with that in mind the below configuration should work. (please correct me if the requirement is something different)

Below is the policy to filter the routes to be advertised and the command to apply the policy for a neighbor.

edit policy Route_Filter

entry permit-route {
if match any {
nlri 10.249.2.0/24;
} then {
permit;
} }

configure bgp neighbor 10.250.1.12 route-policy out Route_Filter

Elie, your idea is not correct
Your backup ISP should accept you announces with a minimal localpref
So your prefixes will be accepted only if your first BGP session fails

Our backup ISP does that automatically when we announce prefixes with a specific community:
whois as20850 | grep ackup remarks: | 20850:50 will set Local Preference to 50 for use as Backup[/code]
Balaji wrote:

Elie,

My understanding is that you would like to advertise only the public network to the ISP, with that in mind the below configuration should work. (please correct me if the requirement is something different)

Below is the policy to filter the routes to be advertised and the command to apply the policy for a neighbor.

edit policy Route_Filter

entry permit-route {
if match any {
nlri 10.249.2.0/24;
} then {
permit;
} }

configure bgp neighbor 10.250.1.12 route-policy out Route_Filter

can you please explain more your idea or setup
Userlevel 4
Balaji wrote:

Elie,

My understanding is that you would like to advertise only the public network to the ISP, with that in mind the below configuration should work. (please correct me if the requirement is something different)

Below is the policy to filter the routes to be advertised and the command to apply the policy for a neighbor.

edit policy Route_Filter

entry permit-route {
if match any {
nlri 10.249.2.0/24;
} then {
permit;
} }

configure bgp neighbor 10.250.1.12 route-policy out Route_Filter

which AS numbers of you uplink ISP-s?
I will help you to find out if your uplinks accept communities
Balaji wrote:

Elie,

My understanding is that you would like to advertise only the public network to the ISP, with that in mind the below configuration should work. (please correct me if the requirement is something different)

Below is the policy to filter the routes to be advertised and the command to apply the policy for a neighbor.

edit policy Route_Filter

entry permit-route {
if match any {
nlri 10.249.2.0/24;
} then {
permit;
} }

configure bgp neighbor 10.250.1.12 route-policy out Route_Filter

Cognet AS 174 (Primary) Expedient AS 17054 Secondary 
Userlevel 4
Balaji wrote:

Elie,

My understanding is that you would like to advertise only the public network to the ISP, with that in mind the below configuration should work. (please correct me if the requirement is something different)

Below is the policy to filter the routes to be advertised and the command to apply the policy for a neighbor.

edit policy Route_Filter

entry permit-route {
if match any {
nlri 10.249.2.0/24;
} then {
permit;
} }

configure bgp neighbor 10.250.1.12 route-policy out Route_Filter

Well, both uplinks are in ARIN area -- they do not have a strict policy to have an up-to-date information about peering as in RIPE area:
Compare info about your secondary ISP https://whois.arin.net/rest/asn/AS17054 and our one: https://apps.db.ripe.net/search/lookup.html?source=ripe&key=AS20850&type=aut-num

Therefore, you should manually write an e-mail to Expedient support or NOC team to find out if they support communities or localprefs or if they cat accept your announces with a minimal local preference
Userlevel 3
Balaji wrote:

Elie,

My understanding is that you would like to advertise only the public network to the ISP, with that in mind the below configuration should work. (please correct me if the requirement is something different)

Below is the policy to filter the routes to be advertised and the command to apply the policy for a neighbor.

edit policy Route_Filter

entry permit-route {
if match any {
nlri 10.249.2.0/24;
} then {
permit;
} }

configure bgp neighbor 10.250.1.12 route-policy out Route_Filter

Hi Nick,

local preference is an attribute that routers exchange in the same AS.
eBGP peer is not aware about it.

--
Jarek
Userlevel 3
Balaji wrote:

Elie,

My understanding is that you would like to advertise only the public network to the ISP, with that in mind the below configuration should work. (please correct me if the requirement is something different)

Below is the policy to filter the routes to be advertised and the command to apply the policy for a neighbor.

edit policy Route_Filter

entry permit-route {
if match any {
nlri 10.249.2.0/24;
} then {
permit;
} }

configure bgp neighbor 10.250.1.12 route-policy out Route_Filter

Elie,

do you have your own AS and IP net block ?
Or you have some IP's from Cogent and some from Expedient ?

--
Jarek
Userlevel 4
Balaji wrote:

Elie,

My understanding is that you would like to advertise only the public network to the ISP, with that in mind the below configuration should work. (please correct me if the requirement is something different)

Below is the policy to filter the routes to be advertised and the command to apply the policy for a neighbor.

edit policy Route_Filter

entry permit-route {
if match any {
nlri 10.249.2.0/24;
} then {
permit;
} }

configure bgp neighbor 10.250.1.12 route-policy out Route_Filter

I do not agree with you:
If an ISP gets all prefix announces from their uplinks with, say, localpref 100, and from a specific customer on a direct link they get prefix announces with 50, then direct announce will become active only if their prefix will become invisible from their uplinks
Userlevel 3
Balaji wrote:

Elie,

My understanding is that you would like to advertise only the public network to the ISP, with that in mind the below configuration should work. (please correct me if the requirement is something different)

Below is the policy to filter the routes to be advertised and the command to apply the policy for a neighbor.

edit policy Route_Filter

entry permit-route {
if match any {
nlri 10.249.2.0/24;
} then {
permit;
} }

configure bgp neighbor 10.250.1.12 route-policy out Route_Filter

Nick,

please see RFC4277 (https://tools.ietf.org/html/rfc4277)

Page 6 says:

BGP has a separate metric parameter for IBGP and EBGP. This allows policy-based metrics to overwrite the distance-based metrics; this allows each autonomous system to define its independent policies in Intra-AS, as well as Inter-AS. BGP Multi Exit Discriminator (MED) is used as a metric by EBGP peers (i.e., inter- domain), while Local Preference (LOCAL_PREF) is used by IBGP peers (i.e., intra-domain) ... and so on...

As a customer you can't add localpref direct in your ISP/Upstream/Transit AS.
Your ISP/Upstream/Transit can configure for customers on their own router/routers BGP community that you could use to change localpref for your prefix/prefixes in their AS.

--
Jarek
Userlevel 4
Balaji wrote:

Elie,

My understanding is that you would like to advertise only the public network to the ISP, with that in mind the below configuration should work. (please correct me if the requirement is something different)

Below is the policy to filter the routes to be advertised and the command to apply the policy for a neighbor.

edit policy Route_Filter

entry permit-route {
if match any {
nlri 10.249.2.0/24;
} then {
permit;
} }

configure bgp neighbor 10.250.1.12 route-policy out Route_Filter

Jarek, that's the point I'm trying to explain
Or your upstream can manually accept your prefixes with a different localpref if you ask them to do that.
Userlevel 3
Balaji wrote:

Elie,

My understanding is that you would like to advertise only the public network to the ISP, with that in mind the below configuration should work. (please correct me if the requirement is something different)

Below is the policy to filter the routes to be advertised and the command to apply the policy for a neighbor.

edit policy Route_Filter

entry permit-route {
if match any {
nlri 10.249.2.0/24;
} then {
permit;
} }

configure bgp neighbor 10.250.1.12 route-policy out Route_Filter

You mean: upstream can accept BGP community that will change localpref for your prefix 🙂 ?

--
Jarek
Userlevel 4
Balaji wrote:

Elie,

My understanding is that you would like to advertise only the public network to the ISP, with that in mind the below configuration should work. (please correct me if the requirement is something different)

Below is the policy to filter the routes to be advertised and the command to apply the policy for a neighbor.

edit policy Route_Filter

entry permit-route {
if match any {
nlri 10.249.2.0/24;
} then {
permit;
} }

configure bgp neighbor 10.250.1.12 route-policy out Route_Filter

Yes, e.g. if you announce your prefixes to as20850 with community 20850:50 -- they will accept your announce and change localpref to 50
Please see https://apps.db.ripe.net/search/lookup.html?source=ripe&key=AS20850&type=aut-num
Userlevel 3
Balaji wrote:

Elie,

My understanding is that you would like to advertise only the public network to the ISP, with that in mind the below configuration should work. (please correct me if the requirement is something different)

Below is the policy to filter the routes to be advertised and the command to apply the policy for a neighbor.

edit policy Route_Filter

entry permit-route {
if match any {
nlri 10.249.2.0/24;
} then {
permit;
} }

configure bgp neighbor 10.250.1.12 route-policy out Route_Filter

Ok, now it is clear 🙂

--
Jarek
Userlevel 3
Balaji wrote:

Elie,

My understanding is that you would like to advertise only the public network to the ISP, with that in mind the below configuration should work. (please correct me if the requirement is something different)

Below is the policy to filter the routes to be advertised and the command to apply the policy for a neighbor.

edit policy Route_Filter

entry permit-route {
if match any {
nlri 10.249.2.0/24;
} then {
permit;
} }

configure bgp neighbor 10.250.1.12 route-policy out Route_Filter

Ok, now it is clear 🙂

--
Jarek
Userlevel 3
Hi Elie,

first of all you need to know what BGP communities are accepted by your ISP's.
You should ask them, because sometimes they do not publish all BGP communities 🙂.

You can use for example well known (if they are accepted):
- no-export - which means do not export to any eBGP neighbor
- no-advertise - which means, do not export to any BGP neighbor at all.--

Jarek
what if the primary link fails to the other ISP . how will the secondary ISP knows that so that their routers can remove these communities

Reply