Influencing outbound routes on multi homed BGP setup

Question

I have a multi-homed network setup. I'm using a Cisco 7200 to do BGP advertising to both provider A and B. For each provider, I have a separate /24 that I'm using. I am AS prepending to influence the block A to provider A, and block B to provider B. This works fine. If either provider goes down, failover works great.

However, I also want to influence OUTBOUND traffic to flow to each provider in the same way. That is, as traffic comes in my router, I want to associate its outflow to the provider based on the source IP address. As is, each provider advertises to me just a default route.

I believe I can use routing policy to achieve this, but I don't want to hardcode the IP addresses in the policy since they could change dynamically.

So, what are my options to influence the outbound routing?

Answer 1

From what I understand you want trafic that come from ProviderA to go back to ProviderA and trafic that come from ProviderB to go back to ProviderB.

I don't really understand "I don't want to hardcode the IP addresses", as a /24 will not be dynamic. So I would do a route-map based on the source address. It's not 100% good because you may have received trafic on ProviderA IPs from the ProviderB link even with AS prepending and you will send back the trafic to ProviderA instead of ProviderB but it will be Ok most of the time.

access-list 101 permit ip PROVIDER_A_SUBNET 0.0.0.255 any
access-list 102 permit ip PROVIDER_B_SUBNET 0.0.0.255 any

route-map SOURCE_ROUTING permit 10
match ip address 101
set ip next-hop PROVIDER_A_ROUTER

route-map SOURCE_ROUTING permit 20
match ip address 102
set ip next-hop PROVIDER_B_ROUTER

Then apply policy route-map SOURCE_ROUTING on the interface that receive data that need to go out.

Answer 2

The path of outbound traffic between discrete immediate peers is most typically manipulated by using local-preference attribute and can be selectively applied to received routes by way of neighbour, ASN or prefix.

However if you are only receiving a default route from each provider then your options are going to be very much limited. Is there a reason that you're not operating default-free, such as router capacity?

Answer 3

A better way to do this would be to just load balance the outbound traffic. While you can do as suggested and set the next-hop specific to the provider, if one of the links goes down, then outbound traffic for that provider dies since the next-hop is hard set.

So what you would do is tag the local pref for both providers the same.

router bgp xxxx
 neighbor <provider A peer IP> route-map DEFAULT-ROUTE-ONLY in
 neighbor <provider B peer IP> route-map DEFAULT-ROUTE-ONLY in
 ! just an example
ip prefix-list DEFAULT-ONLY seq 10 permit 0.0.0.0/0
! match only the default route, don't allow anything else
route-map DEFAULT-ROUTE-ONLY
 match ip address prefix-list DEFAULT-ONLY
 set local-preference 150
! this sets the local pref for the default routes the same and load balances outbound

It's not that big of a deal to have the outbound traffic from Provider A go out Provider B's link since internet traffic has no problems with multiple paths. Plus you get the advantage of automatic failover.

Answer 4

Radius looks to have gotten what you would like working. Another option is Cisco Performance Routing (PfR). PfR is a much more complicated solution but does allow you to make choices of which provider to use based on metrics with Cisco IP SLA's and may other factors. Something to look at in the future if route-maps, and other standard BGP controls are not sufficient.