Default Only, One Primary, and One Backup Link

In figure 11-3, AS3 is multihomed to AS1. AS3 is not learning any BGP routes from AS1 and is sending its own routes via BGP. RTA will be running defaults toward AS1, with the NY link being the primary link and the SF link being the secondary link. The following policies should apply:

Figure 11-3  Multihoming to a single provider (default only, one primary, and one back up link).

1.  Outbound traffic from AS3 should always go on the NY link unless that link fails, in which case it should switch to the other link.
This can be achieved by configuring two static routes in RTA pointing the defaults toward the two links. The default via the NY link will be set with a lower distance to be more preferred.

2.  Inbound traffic toward AS3 should always come on the NY link unless that link fails, in which case it should switch to the other link.
This can be achieved by having RTA send different metrics toward AS1 on both links, with a lower metric on the NY link. This way, inbound traffic coming from AS1 will always come via the NY link.

3.  Prevent any BGP updates from coming into AS3.
This can be achieved by having AS3 configure a route map or distribute list that will block all incoming BGP routing updates. Usually, the provider (AS1, in this case) will not send you any updates per your request. Nevertheless, you should always protect the AS against the unknown. The provider could make a mistake and send you all his routes, and your AS would be vulnerable.

RTA configuration:

    router bgp 3
    network 172.16.220.0 mask 255.255.255.0
    neighbor 172.16.20.1 remote-as 1
    neighbor 172.16.20.1 route-map BLOCK in
    neighbor 172.16.20.1 route-map SETMETRIC1 out
    neighbor 192.68.9.2 remote-as 1
    neighbor 192.68.9.2 route-map BLOCK in
    neighbor 192.68.9.2 route-map SETMETRIC2 out
    no auto-summary

    ip route 0.0.0.0 0.0.0.0 172.16.20.1 50
    ip route 0.0.0.0 0.0.0.0 192.68.9.2 40

    route-map SETMETRIC1 permit 10
    set metric 100

    route-map SETMETRIC2 permit 10
    set metric 50

    route-map BLOCK deny 10

In the preceding configuration, AS3 has used static routes to configure defaults toward AS1. The 0/0 toward RTD is given a distance of 40, lower than the distance of 50 toward RTC. The NY link will act as primary. Alternatively, AS3 could have accepted a single entry from AS1 and configured that entry as being the default.

Route maps SETMETRIC2 and SETMETRIC1 are used to set the outbound metric to 50 toward RTD and 100 toward RTC, respectively. Inbound traffic will prefer the NY link.

Route map BLOCK is used to block all incoming BGP updates from AS1.

The following RTA IP routing table shows how the default route is set. Note that distance 40 is being preferred over distance 50 for the 0/0 route, and the gateway of last resort is pointing to next hop 192.68.9.2.

    RTA#show ip route
    Codes: C - connected, S - static, I - IGRP,
    R - RIP, M - mobile, B - BGP
      D - EIGRP, EX - EIGRP external, O - OSPF,
      IA - OSPF inter area
      E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
      i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2,
      * - candidate default

    Gateway of last resort is 192.68.9.2 to network 0.0.0.0

    C  192.68.9.0 is directly connected, Ethernet0
      172.16.0.0 255.255.255.0 is subnetted, 2 subnets
    C  172.16.220.0 is directly connected, Ethernet1
    C  172.16.20.0 is directly connected, Serial0
    S* 0.0.0.0 0.0.0.0 [40/0] via 192.68.9.2

The following is RTC's BGP table, and it shows that AS3 is always accessed via the RTD-RTA link because of the lower metric 50. Prefix 172.16.220.0/24 can be reached via IBGP and EBGP. The IBGP route has been chosen as the best route. Note in this table that RTC's next hop to reach prefix 172.16.220.0/24 is 192.68.6.1. This is because RTD has configured its neighbor connection with RTC using the next-hop-self neighbor command.

    RTC#show ip bgp
    BGP table version is 11, local router ID is 192.68.11.1
    Status codes: s suppressed, d damped, h history,
    * valid, > best,
    i - internal Origin codes: i - IGP, e - EGP, ? - incomplete

    Network           Next Hop     Metric LocPrf Weight Path
    *>i172.16.220.0/24  192.68.6.1     50  100    0 3 i
    *             172.16.20.2     100       0 3 i
    *> 192.68.11.0      0.0.0.0     0   32768 i