You want to increase the length of an AS Path so that one inbound path looks better than another.
In situations where you have multiple connections between ASes, you will often want to make remote networks prefer one inbound path when sending packets to your network. The easiest way to do this is to prepend your own ASN to the AS Path several times, instead of just once as it would do by default:
Router1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router1(config)#ip as-path access-list 15 permit ^$ Router1(config)#route-map PREPEND permit 10 Router1(config-route-map)#match as-path 15 Router1(config-route-map)#set as-path prepend 65501 65501 65501 Router1(config-route-map)#route-map PREPEND permit 20 Router1(config-route-map)#exit Router1(config)#router bgp 65501 Router1(config-router)#neighbor 192.168.1.5 remote-as 65510 Router1(config-router)#neighbor 192.168.1.5 route-map PREPEND out Router1(config-router)#end Router1#
This example uses the same network shown in Figure 9-2.
We have already discussed methods for making your outbound traffic prefer one path over another in Recipe 9.7. If you also want to ensure that inbound traffic prefers one path over another, you have to somehow trick the remote networks into believing that one path is better than the other.
As we mentioned in the introduction to this chapter, if there are many options for different paths to a destination network, a BGP router will go through several steps to decide which one to use. You can adjust the attributes associated with each route to help force other BGP routers to select the paths that you want them to use. The easiest way to force routers outside of your AS to favor a particular route is to adjust the AS Path.
If you can simply make the path appear longer for routes that use one link, then remote networks will tend to prefer to reach you through whatever other links are available. There will always be situations where it is still closer to use the route with the artificially lengthened path. But these situations should be relatively rare, and the more times you prepend your ASN to the path, the more rare they will be.
Of course, it isn't safe or wise to put an arbitrary ASN into the AS Path. But you can insert your own ASN a few extra times without causing any problems, which is exactly what this recipe shows. Note that there is no hard limit to how long your AS Path can be (although it would probably cause problems if the path were so long that the routing information couldn't fit into a single BGP packet), and some sites prepend their ASN 10 or 20 times to make absolutely certain that a particular path is used only in case of a failure of the primary path. However, the longest AS Paths in the public Internet rarely have more than a dozen ASNs. You shouldn't need to prepend your ASN very many times to make one path look better than the other from anywhere in the Internet.
This recipe also takes the precaution of only lengthening the AS Paths of locally generated routes. It does this by including a match clause in the route map that only affects routes that have an empty AS Path. Clause number 20 in the route map is a catchall that simply passes through all other routes unchanged:
Router1(config)#ip as-path access-list 15 permit ^$ Router1(config)#route-map PREPEND permit 10 Router1(config-route-map)#match as-path 15 Router1(config-route-map)#set as-path prepend 65501 65501 65501 Router1(config-route-map)#route-map PREPEND permit 20 Router1(config-route-map)#exit
But you might not want this restriction. You might prefer to rewrite all of the routes that you send. Or, you might use an outbound filter, such as the one discussed in Recipe 9.4, to completely suppress external routes. In both of these cases, you can make the route map considerably simpler:
Router1(config)#route-map PREPEND permit 10 Router1(config-route-map)#set as-path prepend 65501 65501 65501 Router1(config-route-map)#route-map PREPEND permit 20 Router1(config-route-map)#exit
The difference caused by prepending your ASN to the AS Path of a route is only visible on a remote router:
Router3#show ip bgp 172.18.5.0/24
BGP routing table entry for 172.18.5.0/24, version 26
Paths: (2 available, best #2)
Advertised to non peer-group peers:
192.168.1.6
65501 65501 65501 65501
192.168.1.6 from 192.168.1.6 (172.18.5.2)
Origin IGP, metric 0, localpref 100, valid, external, ref 2
65531 65520 65501
192.168.99.6 from 192.168.99.6 (192.168.99.10)
Origin IGP, localpref 100, valid, external, best, ref 2
Router3#
Here you can see that there are two routes for the prefix 172.18.5.0/24: one passes through AS 65501, and the other passes through ASes 65531 and 65520 to reach AS65501. The path that goes directly to AS 65501 is actually shorter. But because we have prepended the ASN three times on this route, this router prefers the other path.
You can also verify that everything is working properly by disabling the peer relationship with the preferred ISP and making sure that everything still works. You can temporarily disable a peer by using the shutdown keyword on the neighbor command:
Router1(config)#router bgp 65501 Router1(config-router)#neighbor 192.168.2.5 shutown
Make sure to reenable this peer after you have finished testing:
Router1(config)#router bgp 65501 Router1(config-router)#no neighbor 192.168.2.5 shutown
Top |