4

We have a simple multi-homed setup with two routers that advertise our AS to two ISP. The second ISP (ISP B) is only used for backup when ISP A goes down, so we prepended our AS 3 times on this route.

Note: These are example ASN, not the real ones.

multi-homed bgp setup

I spend a couple of hours this morning poking at looking glass routers all over the internet, and none of them list our backup route with the prepended path. I checked the south african internet exchange, the london internet exchange, oregon internet exchange and a couple dozen ISPs. All of them have multiples routes through ISP A, often with 3 or 4 hops. The route through ISP B should, at least, appear somewhere and have 5 or 6 hops. But I couldn't find it anywhere. (I checked the full bgp tables on the looking glass routers, using show ip bgp 65000)

My questions are:

  • Is there a limit to the size of a route after which most routers will simply discard the route ?
  • Is our backup route even going to work when ISP A goes down, if no router knows about it ?

Our two routers are connected on iBGP. Would it be possible that the route through ISPB is not announced because the iBGP session prefers the route through ISPA ? This is what non-exist-map and advertise-map are supposed to do, but none of those are used in either routers.

Julien Vehent
  • 3,017
  • 19
  • 26

1 Answers1

6

1.) A given BGP-speaking router is presented the same prefix from multiple peers then it will propagate only the best of those paths (as per BGP's path selection rules). In your case, this means that if some remote router sees both the plain and the prepended route that it will only pass on the plain route to its neighbors. The announcing router will have both paths in "sh ip bgp a.b.c.d" but its neighbors will not.

1a.) The fact that you can't see the prepended route doesn't mean that the backup won't work. The router that has both the prepended and non-prepended route in table will normally only advertise the non-prepended, but if the non-prepended route is withdrawn/times out then the prepended route will immediately be offered.

Try this command on your backup router: sh ip bgp neighbors x.y.z.q advertised-routes to see exactly what is being sent to your provider.

2.) It's hard to say what effect the iBGP peering will have without knowing how you're originating (and processing) your prefix. Is there a reason you need an iBGP peer between these routers?

3.) The advertise-map command will cause a particular prefix to be advertised based on the presence of another prefix. An example might be to advertise 10.128.0.0/16 whenever 10.0.0.0/8 is present. Similarly, non-exist-map will advertise a particular prefix when another prefix is not present. Neither should be required for a basic multi-homing setup.

Ultimately the best test is going to be taking time to shut down your primary route to confirm that the backup will take the traffic.

Oh - and BTW - are you advertising truly PI space or is the prefix in question part of one of the provider's aggregates? Longest-match trumps everything else.

rnxrx
  • 8,143
  • 3
  • 22
  • 31
  • Thanks for the great answer. Unfortunately, I can't unplug the primary to test the backup, because the backup is only 10Mbps and we need at least 150Mbps to run full steam. We are redoing this setup to make it better. And yes, we are advertising our own PI space. – Julien Vehent Sep 23 '12 at 14:30
  • 1
    If the link sizes are that different then it's a good thing that the traffic is being directed to your primary. Remember that your backup carrier may actually be preferring the route from the primary even within its own infrastructure. As to testing - I know it's painful, but if you don't test the secondary link (during an off-hour change control, naturally) then you don't know for certain that it works. I've seen similar situations where it turned out that one of our carriers had been blocking a few prefixes and we wouldn't have known had we not tested. – rnxrx Sep 23 '12 at 18:39