Routing

Hi folks, 

 

I have an issue with multihomed and I am not sure if this is related to my configuration or the ISP, I have multihomed with 2 peers, one main and one backup, from which I get the default route and announcing 3 prefixes to each peer, the problem is that when both peers are active the traffic is going through the highest localpref but returning through the backup peer, is there a way to prevent this behaviour?

 

Thanks,

Dan

Hello,

And why this is an issue? This is how internet works, BTW. 

Anyway, Your choices are:

1/ announce less specific prefixes to Your backup ISP (say, 3 * /23) and more specific (say, 6 * /24) to You main ISP.

2/ prepend Your prefixes towards backup ISP, do not prepend towards main ISP

3/ use community to influence Local Pref and/or prepend in Your ISPs - example here https://www.us.ntt.net/support/policy/routing.cfm#communities

[1] will give You the best results but only if Your CIDR blocks are /23 or greater. Most ISP do not accept inbound prefixes with /25 and longer masks.

[2] works only to certain extent depending on where Your main sources of incoming traffic are.

[3] works if Your main sources of incoming traffic are within Your ISP and 1-2 ASN hops beyond

I am sure other people will chime in with advice to use MED - MED is not transitive and does not work beyond Your 1st ISP ASN hop.

HTH

Thx
Alex

 

 

Hello,

 

The easiest way to solve your issue is to announce your prefixes to the backup peer with longer BGP AS path (e.g. to prepend your own AS few times). For more details, please check https://www.juniper.net/documentation/en_US/junos/topics/usage-guidelines/policy-adding-as-numbers-to-bgp-as-paths.html.

 

HTH

 

Best regards,

Sergii

-------------------------------------------------------------------

Please accept the solution if your problem is resolved

-------------------------------------------------------------------

hm, I did prepend with 4xAS as in the documentation but still the traffic flows both sides:

my peer group configuration for backup looks like this:

 

set protocols bgp group flexential type external
set protocols bgp group flexential import pol-bb2isp-in-flex
set protocols bgp group flexential import pol-reject-any
set protocols bgp group flexential family inet unicast
set protocols bgp group flexential export pol-bb2isp-out-flex
set protocols bgp group flexential export pol-reject-any
set protocols bgp group flexential neighbor xx.xx.xx.97 description Flexential
set protocols bgp group flexential neighbor xx.xx.xx.97 peer-as 13649
deactivate protocols bgp group flexential neighbor xx.xx.xx.97
set protocols bgp group flexential neighbor xx.xx.xx.101 description Flexential-2
set protocols bgp group flexential neighbor xx.xx.xx.101 peer-as 13649
deactivate protocols bgp group flexential neighbor xx.xx.xx.101

my policy looks like this:

set policy-options policy-statement pol-bb2isp-in-flex term match-default-in from protocol bgp
set policy-options policy-statement pol-bb2isp-in-flex term match-default-in from route-filter 0.0.0.0/0 exact
set policy-options policy-statement pol-bb2isp-in-flex term match-default-in then local-preference 90
set policy-options policy-statement pol-bb2isp-in-flex term match-default-in then accept

set policy-options policy-statement pol-bb2isp-out-flex term match-static from protocol static
set policy-options policy-statement pol-bb2isp-out-flex term match-static from route-filter x.x.x.0/24 exact
set policy-options policy-statement pol-bb2isp-out-flex term match-static from route-filter x.x.x.0/22 exact
set policy-options policy-statement pol-bb2isp-out-flex term match-static from route-filter x.x.x.0/23 exact
set policy-options policy-statement pol-bb2isp-out-flex term match-static then as-path-prepend "1xx68 1xx68 1xx68 1xx68"
set policy-options policy-statement pol-bb2isp-out-flex term match-static then accept

set policy-options policy-statement pol-bb2isp-out-flex term match-direct from protocol direct
set policy-options policy-statement pol-bb2isp-out-flex term match-direct from route-filter x.x.x.0/23 exact
set policy-options policy-statement pol-bb2isp-out-flex term match-direct then as-path-prepend "1xx68 1xx68 1xx68 1xx68"
set policy-options policy-statement pol-bb2isp-out-flex term match-direct then accept

set policy-options policy-statement pol-reject-any then reject

where 1xx68 is MY AS number, am I missing something?

 

Regards.

Dan

Hi Dan,

 

I don't see any issues with your configuration. The actual problem, as Alex pointed out, is that the source (or some intermediate) AS of your incoming traffic may prefer to send traffic via your backup ISP. Even if your announced prefixes via backup ISP have longer AS path, AS path length is not the first step in BGP path selection process (it's described in detail here - https://www.juniper.net/documentation/en_US/junos/topics/reference/general/routing-protocols-address-representation.html).

 

If you're sure that your AS prepend is working fine (please verify it by using "show route advertising-protocol bgp <peer IP address>"), and it doesn't help, you can try announcing more specific prefixes to your primary ISP, and less specific - to the backup (approach #1 suggested by Alex). In this way (if your prefixes are accepted), the source AS of your incoming traffic will have more specific routes that will steer incoming traffic via your primary ISP.

 

HTH

 

Best regards,

Sergii

-------------------------------------------------------------------

Please accept the solution if your problem is resolved

-------------------------------------------------------------------

now I get it, so my real problem is that the backup ISP has only 1G connection while the main has 10G, this will result in traffic congestion on the backup line, I will try to announce more specific prefixes through the main ISP maybe that will help

Regards,
Dan