When using BGP and peering with multiple ISPs at the edge, you can use a feature within BGP that allows you to advertise networks to a neighbour dependent on the existence of a route in the BGP RIB. This is called conditional route advertisement.
In this guide, we will be using this topology:
Here we can see the customer on the far left is peered with 2 separate ISP routers. If we left BGP peerings default between EDGE and ISP-A and EDGE and ISP-B, both ISPs would learn all the routes within the customer network directly from the EDGE router. Meaning that traffic could come in from the internet from either ISP.
In this scenario, lets say the circuit the customer has with ISP-B is a slower and more costly link. For example, this may be charged higher for burst traffic. So, they only want to use it as a backup link.
We can use BGP conditional route advertisement to advertise the customer routes only to ISP-A, and then when a failure happens with their network, we can switch the advertisement over to ISP-B and receive traffic via that link.
When I say 'when a failure happens with their network', in this scenario, it would be a route disappearing from the customer BGP table. In the real world, you may look for the existence of Google prefix for example. Here we will use the network between ISP-A and TRANSIT-ISP.
Now, lets check the BGP configuration on each router:
EDGE:
EDGE#sh run | sect bgp
router bgp 65000
bgp router-id 1.1.1.1
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 80.1.10.2 remote-as 65001
neighbor 80.1.20.2 remote-as 65002
!
address-family ipv4
redistribute connected
neighbor 80.1.10.2 activate
neighbor 80.1.20.2 activate
exit-address-familyISP-A:
ISP-A#sh run | sect bgp
router bgp 65001
bgp router-id 2.2.2.2
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 80.1.10.1 remote-as 65000
neighbor 80.1.30.2 remote-as 65003
!
address-family ipv4
redistribute connected
neighbor 80.1.10.1 activate
neighbor 80.1.30.2 activate
exit-address-familyISP-B:
ISP-B#sh run | sect bgp
router bgp 65002
bgp router-id 3.3.3.3
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 80.1.20.1 remote-as 65000
neighbor 80.1.40.2 remote-as 65003
!
address-family ipv4
redistribute connected
neighbor 80.1.20.1 activate
neighbor 80.1.40.2 activate
exit-address-familyTRANSIT-ISP:
TRANSIT-ISP#sh run | sect bgp
router bgp 65003
bgp router-id 4.4.4.4
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 80.1.30.1 remote-as 65001
neighbor 80.1.40.1 remote-as 65002
!
address-family ipv4
redistribute connected
neighbor 80.1.30.1 activate
neighbor 80.1.40.1 activate
exit-address-familyThis is the full BGP configuration for this topology. Nothing special is configured. Looking on the TRANSIT-ISP router we can see the below in the BGP RIB:
TRANSIT-ISP#sh bgp ipv4 unicast
BGP table version is 14, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
* 1.1.1.1/32 80.1.40.1 0 65002 65000 ?
*> 80.1.30.1 0 65001 65000 ?
* 2.2.2.2/32 80.1.40.1 0 65002 65000 65001 ?
*> 80.1.30.1 0 0 65001 ?
*> 3.3.3.3/32 80.1.40.1 0 0 65002 ?
* 80.1.30.1 0 65001 65000 65002 ?
*> 4.4.4.4/32 0.0.0.0 0 32768 ?
* 80.1.10.0/24 80.1.40.1 0 65002 65000 ?
*> 80.1.30.1 0 0 65001 ?
*> 80.1.20.0/24 80.1.40.1 0 0 65002 ?
* 80.1.30.1 0 65001 65000 ?
*> 80.1.30.0/24 0.0.0.0 0 32768 ?
* 80.1.30.1 0 0 65001 ?
*> 80.1.40.0/24 0.0.0.0 0 32768 ?
* 80.1.40.1 0 0 65002 ?We can see that we are learning the customers loopback prefix (1.1.1.1/32) from both of the ISP routers as we would expect.
Now we need to configure some prefix-lists and route-maps to begin the BGP conditional advertisement config.
First, lets configure a prefix-list for the route we want to check exists. In this case we are going to use the link between ISP-A and TRANSIT-ISP (80.1.30.0/24). This would indicate a failure that would stop ISP-A reaching the broader internet, and would not have an effect on the BGP peering with the EDGE router, this part is key, this feature isn't looking for a peering failure between the two routers, but what could happen as a result:
EDGE(config)#ip prefix-list PL_EXIST permit 80.1.30.0/24Lets also create another prefix-list to match the route we want to advertise dependent on the existence of the above route:
EDGE(config)#ip prefix-list PL_ADVERTISE permit 1.1.1.1/32In the real world, there would likely be a lot of entries in this prefix-list!
Now, we need to match these prefix-lists within some route-maps. We aren't setting anything within them, just matching:
EDGE(config)#route-map RM_EXIST permit 10
EDGE(config-route-map)#match ip address prefix-list PL_EXIST
EDGE(config-route-map)#exit
EDGE(config)#route-map RM_NOT_EXIST permit 10
EDGE(config-route-map)#match ip address prefix-list PL_EXIST
EDGE(config-route-map)#exit
EDGE(config)#route-map RM_ADVERTISE permit 10
EDGE(config-route-map)#match ip address prefix-list PL_ADVERTISE
EDGE(config-route-map)#exitHere we have created 3 route-maps. The top two are for if the route exists or not and the bottom one is for the advertisement. It's good practice to segment the top two instead of using the same route-map in BGP, this is so other prefixes can be added/removed without effecting the other route-map.
Now we need to glue all of this together within BGP:
EDGE(config)#router bgp 65000
EDGE(config-router)#address-family ipv4 unicast
EDGE(config-router-af)#neighbor 80.1.10.2 advertise-map RM_ADVERTISE exist-map RM_EXIST
EDGE(config-router-af)#neighbor 80.1.20.2 advertise-map RM_ADVERTISE non-exist-map RM_NON_EXIST
EDGE(config-router-af)#exit
EDGE(config-router)#exitLet's break down the two neighbour commands to ensure we understand them.
The first command for 80.1.10.2 is stating that we will advertise the prefixes within RM_ADVERTISE when the prefixes in RM_EXIST are in the BGP RIB. In other words, when we have 80.1.30.0/24 in the BGP RIB, we will advertise 1.1.1.1/32 to ISP-A. Also, if/when 80.1.30.0/24 disappears, the 1.1.1.1/32 prefix will be withdrawn.
The second command for 80.1.20.2 is stating that we will advertise the prefixes within RM_ADVERTISE when the prefixes in RM_EXIST are NOT in the BGP RIB. In other words, when we DO NOT have 80.1.30.0/24 in the BGP RIB, we will advertise 1.1.1.1/32 to ISP-B. Also, if/when 80.1.30.0/24 appears, the 1.1.1.1/32 prefix will be withdrawn.
Lets have a look at the prefixes the EDGE router is advertising to the ISP routers:
EDGE#sh bgp ipv4 unicast neighbors 80.1.10.2 advertised-routes | begin Network
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.1/32 0.0.0.0 0 32768 ?
*> 3.3.3.3/32 80.1.20.2 0 0 65002 ?
*> 80.1.10.0/24 0.0.0.0 0 32768 ?
*> 80.1.20.0/24 0.0.0.0 0 32768 ?
*> 80.1.40.0/24 80.1.20.2 0 0 65002 ?
Total number of prefixes 5
EDGE#sh bgp ipv4 unicast neighbors 80.1.20.2 advertised-routes | begin Network
Network Next Hop Metric LocPrf Weight Path
*> 2.2.2.2/32 80.1.10.2 0 0 65001 ?
*> 80.1.10.0/24 0.0.0.0 0 32768 ?
*> 80.1.20.0/24 0.0.0.0 0 32768 ?
*> 80.1.30.0/24 80.1.10.2 0 0 65001 ?
Total number of prefixes 4 From the output above, you can see that we are only advertising 1.1.1.1/32 to ISP-A (80.1.10.2) as expected.
Now, lets simulate a failure within ISP-A by shutting down the link between ISP-A and TRANSIT-ISP.
After waiting a little while for BGP, we can see that 80.1.30.0/24 has disappeared from the BGP table on the EDGE router:
EDGE#sh bgp ipv4 unicast 80.1.30.0/24
% Network not in tableNow, we can see a difference in the advertised routes from the customer perspective:
EDGE#sh bgp ipv4 unicast neighbors 80.1.10.2 advertised-routes | begin Network
Network Next Hop Metric LocPrf Weight Path
*> 3.3.3.3/32 80.1.20.2 0 0 65002 ?
*> 80.1.10.0/24 0.0.0.0 0 32768 ?
*> 80.1.20.0/24 0.0.0.0 0 32768 ?
*> 80.1.40.0/24 80.1.20.2 0 0 65002 ?
Total number of prefixes 4
EDGE#sh bgp ipv4 unicast neighbors 80.1.20.2 advertised-routes | begin Network
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.1/32 0.0.0.0 0 32768 ?
*> 2.2.2.2/32 80.1.10.2 0 0 65001 ?
*> 80.1.10.0/24 0.0.0.0 0 32768 ?
*> 80.1.20.0/24 0.0.0.0 0 32768 ?
Total number of prefixes 4 1.1.1.1/32 is now being exclusively advertised to ISP-B (80.1.20.2). With the advertisement going to ISP-A being withdrawn. This is what we wanted to happen.
We can check the behaviour within the BGP neighbour command output:
EDGE#sh bgp ipv4 unicast neighbors 80.1.10.2 | inc Condition-map
Condition-map RM_EXIST, Advertise-map RM_ADVERTISE, status: Withdraw
EDGE#sh bgp ipv4 unicast neighbors 80.1.20.2 | inc Condition-map
Condition-map RM_EXIST, Advertise-map RM_ADVERTISE, status: AdvertiseWe can confirm the behaviour with the above output status being wither Advertise or Withdraw.
If the interface between ISP-A and TRANSIT-ISP came back up, after waiting for BGP, the states will switch:
EDGE#sh bgp ipv4 unicast neighbors 80.1.10.2 | inc Condition-map
Condition-map RM_EXIST, Advertise-map RM_ADVERTISE, status: Advertise
EDGE#sh bgp ipv4 unicast neighbors 80.1.20.2 | inc Condition-map
Condition-map RM_EXIST, Advertise-map RM_ADVERTISE, status: WithdrawWe have now successfully configured BGP failover using conditional route advertisement. I think this is a really great addition built into BGP and can come in very useful!
0 Comments