Prepending ASNs to the AS Path

Problem

You want to increase the length of an AS Path so that one inbound path looks better than another.

Solution

In situations when you have multiple connections between ASs, you will often want to make remote networks prefer one inbound path when sending packets to your network. The easiest way to do this is to prepend your own ASN to the AS PATH several times, instead of just once, as it would do by default:

Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#ip as-path access-list 15 permit ^$
Router1(config)#route-map PREPEND permit 10
Router1(config-route-map)#match as-path 15
Router1(config-route-map)#set as-path prepend 65500 65500 65500
Router1(config-route-map)#exit 
Router1(config)#route-map PREPEND permit 20
Router1(config-route-map)#exit 
Router1(config)#router bgp 65500
Router1(config-router)#neighbor 192.168.1.5 remote-as 65510
Router1(config-router)#neighbor 192.168.1.5 route-map PREPEND out
Router1(config-router)#exit
Router1(config)#end
Router1#

This example uses the same network shown in Figure 9-2, earlier in this chapter.

Discussion

We have already discussed methods for making your outbound traffic prefer one path over another in Recipe 9.7. But, as we mentioned in that recipe, that only affects your outbound path. If you also want to ensure that inbound traffic prefers one path over another, then you have to somehow trick the remote networks into believing that one path is better than the other.

As we mentioned in the Introduction to this chapter, if there are many options for different paths to a destination network, a BGP router will go through several steps to decide which one to use. You can adjust the attributes associated with each route to help force other BGP routers to select the paths that you want them to use. The easiest way to force routers outside of your AS to favor a particular route is to adjust the AS Path.

If you can simply make the path appear longer for routes that use one link, then remote networks will tend to prefer to reach you through whatever other links are available. There will always be situations when it is still closer to use the route with the artificially lengthened path. But these should be relatively rare, and the more times you prepend your ASN to the path, the less likely this will be.

Of course, it isn't safe or wise to put an arbitrary ASN into the AS Path. But you can insert your own ASN a few extra times without causing any problems, which is exactly what this recipe shows. Note that there is no hard limit to how long your AS Path can be (although it would probably cause problems if the path were so long that the routing information couldn't fit into a single BGP packet), and some sites prepend their ASN 10 or 20 times to make absolutely certain that a particular path is used only in case of a failure of the primary path. However, the longest AS Paths in the public Internet rarely have more than a dozen ASNs. So you shouldn't need to prepend your ASN very many times to make one path look better than the other from anywhere in the Internet.

This recipe also takes the precaution of only lengthening the AS Paths of locally generated routes. It does this by including a match clause in the route map that only affects routes that have an empty AS Path. Clause number 20 in the route map is a catch-all that simply passes through all other routes unchanged:

Router1(config)#ip as-path access-list 15 permit ^$
Router1(config)#route-map PREPEND permit 10
Router1(config-route-map)#match as-path 15
Router1(config-route-map)#set as-path prepend 65500 65500 65500
Router1(config-route-map)#exit 
Router1(config)#route-map PREPEND permit 20
Router1(config-route-map)#exit

But you might not want this restriction. You might prefer to rewrite all of the routes that you send. Or, you might use an outbound filter, such as the one discussed in Recipe 9.4, to suppress external routes. In both of these cases, you can make the route map considerably simpler:

Router1(config)#route-map PREPEND permit 10
Router1(config-route-map)#set as-path prepend 65500 65500 65500
Router1(config-route-map)#route-map PREPEND permit 20
Router1(config-route-map)#exit 

The difference caused by prepending your ASN to the AS Path of a route is only visible on a remote router:

Router3#show ip bgp 172.18.5.0/24
BGP routing table entry for 172.18.5.0/24, version 26
Paths: (2 available, best #2)
 Advertised to non peer-group peers:
 192.168.1.6 
 65500 65500 65500 65500
 192.168.1.6 from 192.168.1.6 (172.18.5.2)
 Origin IGP, metric 0, localpref 100, valid, external, ref 2
 65531 65520 65500
 192.168.99.6 from 192.168.99.6 (192.168.99.10)
 Origin IGP, localpref 100, valid, external, best, ref 2
Router3#

Here you can see that there are two routes for the prefix 172.18.5.0/24, one passes through AS 65500 and the other through ASs 65531 and 65520 to reach AS 65500. The path that goes directly to AS 65500 is actually shorter. But, because we have prepended the ASN three times on this route, this router prefers the other path.

You can also verify that everything is working properly by disabling the peer relationship with the preferred ISP and making sure that everything still works. You can temporarily disable a peer with the by using the shutdown keyword on the neighbor command:

Router1(config)#router bgp 65500
Router1(config-router)#neighbor 192.168.2.5 shutown

Be sure to re-enable this peer after you have finished testing:

Router1(config)#router bgp 65500
Router1(config-router)#no neighbor 192.168.2.5 shutown

 

See Also

Recipe 9.4; Recipe 9.7





Cisco IOS Cookbook
Cisco IOS Cookbook (Cookbooks (OReilly))
ISBN: 0596527225
EAN: 2147483647
Year: 2004
Pages: 505
Simiral book on Amazon

Flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net