Routing

Expand all | Collapse all

How to prefer route at remote site rather through BGP neighbor

  • 1.  How to prefer route at remote site rather through BGP neighbor

    Posted 4 days ago
      |   view attached
    Hello,

    We have a scenario as attached where a particular route is preferred via default route coming from other site.  But as more specific route is available the traffic is forced via BGP neighbor which blocks this route. 

    The main goal here is to route 172.22.174.144/28 via Site A but at Site B traffic stops working as soon as BGP neighborship to their FW1 is activated.

    ------------------------------
    junos sky
    ------------------------------


  • 2.  RE: How to prefer route at remote site rather through BGP neighbor

    Posted 3 days ago
    how do site A and site B communicate to each other?  Via the ISP at the top?  If I'm understanding your design and what your trying to accomplish, is there a link b/wn site A and site B that is missing on the drawing?


  • 3.  RE: How to prefer route at remote site rather through BGP neighbor

    Posted 3 days ago
    Seems like you need to inject 172.22.174.144/28 into your IGP so the Preference of the IGP wins over the Preference of BGP

    ------------------------------
    Aaron Gould
    Senior Network Engineer
    aaron@gvtc.com
    https://www.linkedin.com/in/agould123/
    ------------------------------



  • 4.  RE: How to prefer route at remote site rather through BGP neighbor

    Posted 2 days ago
    Hi bluedove84, I remember you had some questions regarding this topology a while back. I'm curious to know why the same /28 is used in different sites. are you using anycast or something like that?  is this prefix expected to be received from FW1/2 by design? some additional info would be helpful.

    if this behavior is not expected, and you simply want to rely on the default route, you can modify the two policies we discussed on the other thread (import/export) to actually reject the route from customer or customers firewall if its not needed.  if this prefix from downstream firewall (and other sites) is needed for some backup failover mechanism, then one option is to inject the /28 from all sites into BGP and then modify LP for each site to control what site uses what route. for example for Site-A you will end up receiving /28 from 3 directions. site A will have a higher pref for prefix received from ISP while lower pref is assigned to FW routes. 

    hope this helps :)