[Insider Sharing] Troubleshooting AS_Prepending case

Created Mar 23, 2016 17:52:12Latest reply Mar 23, 2016 18:02:31 1919 1 0 0

Hi Guys,

Recently I was troubleshooting a case related to BGP as prepending functionality so I was thinking to share the information to you. AS prepending functionality it's a method frequently used to influency inbound routing towards your AS by tweaking the AS_PATH BGP attribute.

I will try to explain how the problem was reported to TAC. Firstly let's focus on topology and requirements:

1. Topology, please check below and a BGP multi-homing scenario, 2 edge routers (AR3200 V200R005C20SPC200), 2 ISPs (ISP1 is disabled)

2. Requirement: traffic towards prefix of LAN 2 10.15.188.0/24 should be routed through ISP3 as main path, and through ISP2 as backup path; while traffic for LAN1 prefix 10.160.29.0/24 should be routed through ISP2 as main path and ISP2 as backup path. In case one of the main path is failing, backup path should provide connectivity towards LAN.

I will focus troubleshooting on edge router 2. Here is the initial configuration that customer provide:

<edge 2>dis acl 2008
Basic ACL 2008, 1 rule
Acl's step is 5
rule 10 permit source 10.160.29.0 0.0.0.255
#
route-policy rp1 permit node 10
if-match acl 2008
apply as-path 65530 65530 65530 additive
#
bgp 65510
timer keepalive 10 hold 30
as-path-limit 3
peer 10.10.10.1 as-number 65510
peer 10.10.10.1 connect-interface LoopBack0
peer 213.172.183.1 as-number 65500
#
ipv4-family unicast
  undo synchronization
  network 10.15.188.0 255.255.255.0
  network 10.160.29.0 255.255.255.0
  peer 10.10.10.1 enable
  peer 10.10.10.1 next-hop-local
  peer 10.172.183.1 enable
  peer 10.172.183.1 route-policy BGP20804 import
#
ipv6-family unicast
  undo synchronization
#

Let's ***yze the configuration:

1. ACL configuration is correct, is matching the subnet that is supposed to have the bad metric. 10.160.29.0/24  it's supposed to be reachable through edge 1 and be backed up by edge 2. 

2. route policy configuration for node 10 is correct, for the specific ACL we will apply 3 more AS to the initial AS_PATH attribute. Problem is the route policy refers to only one prefix, so only one subnet will be advertised to ISP3, the 10.15.188.0 prefix will not be received on the ISP3 router. We will need to add another node to route policy on which we will apply permit behavior.

3. "as-path-limit 3" command will forbid prefixes having AS_PATH BGP attribute containing more than 3 AS for being added into BGP routing table. This is commonly used when the edge router doesn't support full routing table, using this filtering method you can avoid getting the FIB for being over saturated. The drawback: some specific routes will not be reachable from your LAN. It's recommended to keep this filtering at large value to avoid this problem or to ask ISP to advertise a default route towards your network.

4. The route policy is imported, this is wrong, we should use export command to influence the inbound traffic direction towards your AS.

Knowing all this I adjust the configuration as below:

bgp 65510
timer keepalive 10 hold 30
as-path-limit 4 
peer 10.10.10.1 as-number 65510
peer 10.10.10.1 connect-interface LoopBack0
peer 10.172.183.1 as-number 65500
#
ipv4-family unicast
  undo synchronization
  network 10.15.188.0 255.255.255.0
  network 10.160.29.0 255.255.255.0
  peer 10.10.10.1 enable
  peer 10.10.10.1 next-hop-local
  peer 10.172.183.1 enable
  peer 10.172.183.1 route-policy rp1 export   \\\ need to bind AS prepend policy to peer in order for prefix to contain this atribut value.

#
route-policy rp1 permit node 10
if-match acl 2008
apply as-path 65530 65530 65530 additive
route-policy rp1 permit node 20 \\\ without this acl will permit only 10.160.29.0/24   and ISP bgp routing table will not contain  10.15.188.0/24    

Finally the ISP3 BGP routing table should contain information about both prefixes and notice that for one of them the metric was worsen.

Total Number of Routes: X
      Network            NextHop        MED        LocPrf    PrefVal Path/Ogn

*>   10.15.188.0/24     10.172.183.2                         0      65510 i 
*   10.160.29.0/24     10.172.183.2   0                     0      65510 65510 65510 65510 i \\\ this prefix will have a worsen metric
The configuration for the second edge router is similar and i didn't output it in to this email.

Hope to find this information useful.

  • x
  • convention:

Nana00  Novice   Created Mar 23, 2016 18:02:31 Helpful(0) Helpful(0)

Thank you.
  • x
  • convention:

Responses

Reply
You need to log in to reply to the post Login | Register

Notice:To ensure the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but not limited to politically sensitive content, content concerning pornography, gambling, drug abuse and trafficking, content that may disclose or infringe upon others' intellectual properties, including commercial secrets, trade marks, copyrights, and patents, and personal privacy. Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see“ Privacy Policy.”
If the attachment button is not available, update the Adobe Flash Player to the latest version!
Fast reply Scroll to top