|
Home > Archive > CCNP > November 2001 > Anyone here with BGP wisdom?
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Anyone here with BGP wisdom?
|
|
| chodan 2001-11-22, 5:17 pm |
| Where I work we have 2 seperate T1 internet connections where we have set up route maps
to simulate load sharing "sort of hehe" on our 3400 series router.
We have purchased a 7200 series router w 512 meg of ram , when it arrives we are going to turn up BGP to load share accross these 2 connections.
We have applied and recieved our ASN and are ready to implement BGP.
Our first connection came with 7 class C
address space "this is why we kept them enstead of getting 2 bonded T1`s from someone else" and our second connection has a class A address space with a 28 bit sub net mask.
Are there any pitfalls I should look out for.
I am not asking for links to the Cisco site, those I know.
I just know that many times the expierience of others can be valuable in situations like these.
Oh our 2 ISP`s are Cable & Wireless
and AT&T.
Thanks for any thoughts you have.
Chodan | |
| whytokayok 2001-11-22, 9:06 pm |
| Just make sure you are not receiving and advertising routes from your ISPs that will send internet traffic through your router to get to one or the other ISP in case a path goes down on the internet. This will bring your 7200 to it's knees.... | |
| sidodgers 2001-11-22, 11:38 pm |
| quote:
Originally posted by whytokayok
Just make sure you are not receiving and advertising routes from your ISPs that will send internet traffic through your router to get to one or the other ISP in case a path goes down on the internet. This will bring your 7200 to it's knees....
Further to that, here's an example configuration, assuming that you are using ASN 65412, and your ISPs are in 65413 and 65414 respectively.
router bgp 65412
neighbour 172.16.0.2 remote-as 65413
neighbour 172.17.0.2 remote-as 65414
neighbour 172.16.0.2 filter-list 1 out
neighbour 172.17.0.2 filter-list 1 out
ip as-path access-list 1 permit ^65412$
where the '^65412$' is a unix-style regular expression which simply says 'match the start of the line, followed by 65412, followed by the end of the line.' The O'reilly book on Perl is an excellent reference on Regular expressions, and I would highly recommend it.
This configuration simply instructs your 7200 to only send updates to the neighbours at 172.16.0.2 and 172.17.0.2 (your two upstream routers in this scenario.) which have an AS-PATH consisting only of your own AS number. This will stop your ISPs using you as a transit area to reach each other.
On a smaller router, you may want to filter incoming updates as well, in order to conserve IP routing table space. You could restrict incoming routing updates to 'customer routes only' by doing the following:
ip as-path access-list 10 permit ^65413$
ip as-path access-list 11 permit ^65414$
router bgp 65412
neighbour 172.16.0.2 filter-list 10 in
neighbour 172.17.0.2 filter-list 11 in
obviously, this will conserve memory in your router at the expense of routing information. Since you'll no longer have routes to everywhere on the internet in your ip routing table, you'll need some defaults:
ip route 0.0.0.0 0.0.0.0 172.16.0.2 1
ip route 0.0.0.0 0.0.0.0 172.17.0.2 1
should do it. In order to prevent assymetric per-connection routing (in which certain TCP packets get sent through one default route and others get sent through the other during the same TCP conversation; this is bad; enough said), you'll need to enable ip route-cache per-flow or something similar, the exact command escapes me at the moment.
Sid | |
| chodan 2001-11-23, 6:42 am |
| Thanks
Just the type of information I was looking for. |
|
|
|
|