Previous Table of Contents Next


Default, Primary, and Backup Plus Partial Routing

This example shows how traffic can be manipulated in a situation where the AS is accepting partial routing from a single provider and running defaults toward the provider. Partial routes are usually the provider's local routes and its customers' routes. Figure 11-4 shows AS3 running IBGP internally and running EBGP at two different locations with its provider AS1. The following policies should apply:


Figure 11-4  Default, primary, and backup plus partial routing.

1.  AS3 will only accept AS1's local routes and its customers' routes such as AS6. AS3 will also accept one route from the Internet to set its default toward the provider AS1.
2.  For all outbound traffic toward AS1 and AS6 (the partial routes), AS3 should use the SF link. In case of failure, the other link is used.
3.  For all other outbound traffic toward the Internet, AS3 should use the NY link as the primary link by following a default route. In case of failure, the default via the other link should be used.
4.  For inbound traffic, AS3 will instruct AS1 to use the SF link for network 172.16.220.0/24.
5.  For all other inbound traffic, the NY link is the primary.

The following partial configurations are needed for the BGP configuration in RTA and RTF:

RTA configuration:

    router bgp 3
    no synchronization
    network 172.16.1.0 mask 255.255.255.0
    network 172.16.10.0 mask 255.255.255.0
    network 172.16.65.0 mask 255.255.255.192
    network 172.16.220.0 mask 255.255.255.0
    neighbor 172.16.1.2 remote-as 3
    neighbor 172.16.1.2 update-source Loopback0
    neighbor 172.16.1.2 next-hop-self
    neighbor 172.16.20.1 remote-as 1
    neighbor 172.16.20.1 route-map SET_OUTBOUND_TRAFFIC in
    neighbor 172.16.20.1 route-map SET_INBOUND_TRAFFIC out
    neighbor 172.16.20.1 filter-list 10 out
    no auto-summary

    ip route 0.0.0.0 0.0.0.0 193.78.0.0
    ip as-path access-list 10 permit ^$
    ip as-path access-list 4 permit ^1 6$
    ip as-path access-list 4 permit ^1$

    access-list 2 permit 172.16.220.0 0.0.0.255
    access-list 101 permit ip 193.78.0.0 0.0.255.
    255 255.255.0.0 0.0.0.0

    route-map SET_OUTBOUND_TRAFFIC permit 10
     match ip address 101
     set local-preference 200

    route-map SET_OUTBOUND_TRAFFIC permit 20
     match as-path 4
     set local-preference 300

    route-map SET_INBOUND_TRAFFIC permit 10
     match ip address 2
     set metric 200

    route-map SET_INBOUND_TRAFFIC permit 20
     set metric 300

RTF configuration:

    router bgp 3
    no synchronization
    network 172.16.1.0 mask 255.255.255.0
    network 172.16.10.0 mask 255.255.255.0
    network 172.16.65.0 mask 255.255.255.192
    network 172.16.220.0 mask 255.255.255.0
    neighbor 172.16.2.254 remote-as 3
    neighbor 172.16.2.254 next-hop-self
    neighbor 192.68.5.2 remote-as 1
    neighbor 192.68.5.2 route-map SET_OUTBOUND_TRAFFIC in
    neighbor 192.68.5.2 route-map SET_INBOUND_TRAFFIC out
    neighbor 192.68.5.2 filter-list 10 out
    no auto-summary

    ip route 0.0.0.0 0.0.0.0 193.78.0.0
    ip as-path access-list 10 permit ^$
    ip as-path access-list 4 permit ^1 6$
    ip as-path access-list 4 permit ^1$

    access-list 101 permit ip 193.78.0.0 0.0.255.255 255.255.0.0 0.0.0.0

    route-map SET_OUTBOUND_TRAFFIC permit 10
     match ip address 101
     set local-preference 250

    route-map SET_OUTBOUND_TRAFFIC permit 20
     match as-path 4
     set local-preference 250

    route-map SET_INBOUND_TRAFFIC permit 10
     set metric 250

The preceding configuration of RTA shows the following:

1.  Route map SET_OUTBOUND_TRAFFIC is applied on RTA's EBGP link to AS1. This route map will help specify which outbound traffic goes over which link. The first instance (10) will allow only one network, 193.78.0.0/16, to be accepted from the Internet. This network is used to set the default. This will be given a local preference of 200, which is lower than the local preference 250 coming from RTF. This will cause all traffic toward the Internet to follow the default via the NY link.
The second instance (20) will set all prefixes coming from AS1 and AS6 with a local preference of 300, which is higher than local preference 250 coming from RTF. This will make the SF link the primary link to reach AS1 and its customer AS6. Note that this route map will allow only partial routes (AS1 and AS6) to be injected into AS3 by specifying the AS_path to be either AS1 (^1$) or AS6 (^1 6$).


Notes:  
Instead of listing all the customers of AS1 one by one as we did in as-path access-list 4, a regular expression of the form ^1 ?[0-9]*$ could have been used to identify all the AS_paths that start with 1 and of length 2—that is, AS1 and its direct customers. The form of the access list would have been: ip as-path access-list 4 permit ^1 ?[0-9]*$ (to enter the "?" press CTRL-V first). Careful: In the case where AS1 is directly connected to another major provider with a direct link (rather than via a NAP), the preceding regular expression would also give you the local routes of that second provider.
2.  Route map SET_INBOUND_TRAFFIC is also applied on RTA's EBGP link to AS1. The first instance (10) will cause prefix 172.16.220.0/24 to be sent with a metric of 200, which is lower than the metric 250 sent by RTF. This will make sure that traffic from AS1 toward this destination will take the SF link. All other updates will be sent with a metric of 300, which is higher than metric 250 sent by RTF. This will cause all other inbound traffic to take the NY link.
3.  The filter-list 10 will prevent AS3 from becoming a transit AS.
4.  The ip route 0/0 statement sets the default to be 193.78.0.0/16.

RTA's BGP table would have the following entries:

    RTA#sh ip bgp
    BGP table version is 19, local router ID is 172.16.2.254
    Status codes: s suppressed, d damped,
    h history, * valid, > best,
    i - internal Origin codes: i - IGP, e - EGP, ? - incomplete
     Network          Next Hop     Metric LocPrf Weight Path
    * i172.16.1.0/24   172.16.1.2      0   100    0 i
    *>        0.0.0.0        0      32768 i
    * i172.16.10.0/24  172.16.1.2      0    100   0 i
    *>        172.16.1.2     20        32768 i
    * i172.16.65.0/26  172.16.1.2      0    100   0 i
    *>        172.16.1.2     20        32768 i
    * i172.16.220.0/24 172.16.1.2       20   100  0 i
    *>        0.0.0.0        0      32768 i
    *> 192.68.10.0  172.16.20.1         300  0 1 i
    *> 192.68.11.0  172.16.20.1      0  300  0 1 i
    *> 192.68.40.0  172.16.20.1        300   0 1 6 i
    *>i193.78.0.0/16172.16.1.2         250   0 1 7 8 i
    *                  172.16.20.1     200     0 1 7 8 i


Previous Table of Contents Next