Simple BGP Multi-home Topology Part 5 – Using Local Preference

In this lab we’re going to discuss the metric Local Preference and how to use it. Before we start with configuring to the bone ask yourself the question when and where to use it.

Here’s the case study: Your company has two ISP’s and wants to use ISP1 as it’s primary ISP for access to resources on the internet. ISP2 is mainly meant for redundancy in case ISP1’s backbone fails or the router hardware breaks down. This is where local preference comes into play.

Best Practice: Have a fairly good ISP as your primary, but make sure your secondary ISP is better. You don’t want ISP1 to fail and find out ISP2 is down as well. Also make sure both ISP’s have their own backbone. If not, this could tear down your whole redundancy principal.

BGP-TOPO2

Note: Don’t pay attention to router OSPF_ABR. This router will not be used

Where to use it? Local Preference – as it name already indicates – is an attribute which is relevant to the local AS only. The local preference value will be sent along the update to other peers in the same AS. So it doesn’t have any meaning when it exits that AS. The default value is 100 and the highest value is preferred most. We’ll use value 120 for ISP1 and 110 for ISP2.

We’re going to install local preference within our company AS64200 and we will prefer ISP1 for destination 10.1.1.1 on the INTERNET. Whoops, I know it’s a private address, but I had to choose a striking ip address for recognition.

I’ve added an additional router INTERNET to the lab to hold the destination and to share it among ISP1 and ISP2. I’ve added the following configuration to node INTERNET:

!
interface Loopback1
 ip address 5.5.5.1 255.255.255.255
!
interface Loopback2
 ip address 5.5.5.2 255.255.255.255
!
interface FastEthernet0/0
 ip address 172.18.1.5 255.255.255.254
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address 172.18.1.3 255.255.255.254
 duplex auto
 speed auto
!
router bgp 64100
 no synchronization
 bgp log-neighbor-changes
 neighbor 3.3.3.3 remote-as 64310
 neighbor 3.3.3.3 ebgp-multihop 2
 neighbor 3.3.3.3 update-source Loopback1
 neighbor 4.4.4.4 remote-as 64510
 neighbor 4.4.4.4 ebgp-multihop 2
 neighbor 4.4.4.4 update-source Loopback2
 no auto-summary
!
ip route 3.3.3.3 255.255.255.255 172.18.1.2
ip route 4.4.4.4 255.255.255.255 172.18.1.4
!

Again, make sure your loopback addresses are available via your IGP (static, IS-IS or other routing protocol other than BGP)

Let’s check if the BGP neighbor’s are up:

INTERNET#sh ip bgp summa
BGP router identifier 5.5.5.2, local AS number 64100
BGP table version is 20, main routing table version 20
19 network entries using 2223 bytes of memory
20 path entries using 1040 bytes of memory
5/3 BGP path/bestpath attribute entries using 620 bytes of memory
4 BGP AS-PATH entries using 96 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 3979 total bytes of memory
BGP activity 19/0 prefixes, 20/0 paths, scan interval 60 secs

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
3.3.3.3         4 64310      42      40       20    0    0 00:35:07       10
4.4.4.4         4 64510      32      32       20    0    0 00:25:28       10
INTERNET#

Yes, and we have received 20 prefixes in total.

INTERNET#sh ip bgp
BGP table version is 20, local router ID is 5.5.5.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*  192.168.0.0/16   4.4.4.4                                0 64510 64200 i   >> OUR SUMMARY ROUTE FROM CUSTOMER
*>                  3.3.3.3                                0 64310 64200 i
*> 193.31.1.0/27    3.3.3.3                  0             0 64310 i
*> 193.31.2.0/27    3.3.3.3                  0             0 64310 i
*> 193.31.3.0/27    3.3.3.3                  0             0 64310 i
*> 193.31.4.0/27    3.3.3.3                  0             0 64310 i
*> 193.31.5.0/27    3.3.3.3                  0             0 64310 i
*> 193.31.6.0/27    3.3.3.3                  0             0 64310 i
*> 193.31.7.0/27    3.3.3.3                  0             0 64310 i
*> 193.31.8.0/27    3.3.3.3                  0             0 64310 i
*> 193.31.9.0/27    3.3.3.3                  0             0 64310 i
*> 193.51.1.0/27    4.4.4.4                  0             0 64510 i
*> 193.51.2.0/27    4.4.4.4                  0             0 64510 i
*> 193.51.3.0/27    4.4.4.4                  0             0 64510 i
*> 193.51.4.0/27    4.4.4.4                  0             0 64510 i
*> 193.51.5.0/27    4.4.4.4                  0             0 64510 i
*> 193.51.6.0/27    4.4.4.4                  0             0 64510 i
*> 193.51.7.0/27    4.4.4.4                  0             0 64510 i
*> 193.51.8.0/27    4.4.4.4                  0             0 64510 i
*> 193.51.9.0/27    4.4.4.4                  0             0 64510 i
INTERNET#

In blue our prefixes from ISP1 and red our prefixes from ISP2

Let’s add out destination IP address to INTERNET and redistribute to ISP1 and ISP2:

INTERNET(config)#int lo100
INTERNET(config-if)#
INTERNET(config-if)#
*Mar  1 00:49:27.191: %LINK-3-UPDOWN: Interface Loopback100, changed state to up
*Mar  1 00:49:28.191: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback100, changed state to up
INTERNET(config-if)#
INTERNET(config-if)#ip address 10.1.1.1 255.255.255.0
INTERNET(config-if)#end
!
INTERNET#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
INTERNET(config)#router bgp 64100
INTERNET(config-router)#redistribute connected
!

Since Lo100 is not the only direct connected interface it will distribute all directly connected interface. You can always filter them out using our BGP Part 3 session. Best practice is to use route-maps and distribution lists to filter unwanted transit networks being advertised in BGP.

Let’s check the ISP2 router:

ISP2#sh ip bgp
BGP table version is 27, local router ID is 193.51.9.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 5.5.5.1/32       5.5.5.2                  0             0 64100 ?
r> 5.5.5.2/32       5.5.5.2                  0             0 64100 ?
*> 10.1.1.0/24      5.5.5.2                  0             0 64100 ?
*> 172.18.1.2/31    5.5.5.2                  0             0 64100 ?
r> 172.18.1.4/31    5.5.5.2                  0             0 64100 ?
*  192.168.0.0/16   5.5.5.2                                0 64100 64310 64200 i
*>                  1.1.1.2                  0             0 64200 i >> Most preferred because of shortest AS-path
*> 193.31.1.0/27    5.5.5.2                                0 64100 64310 i
*> 193.31.2.0/27    5.5.5.2                                0 64100 64310 i
*> 193.31.3.0/27    5.5.5.2                                0 64100 64310 i
*> 193.31.4.0/27    5.5.5.2                                0 64100 64310 i
*> 193.31.5.0/27    5.5.5.2                                0 64100 64310 i
*> 193.31.6.0/27    5.5.5.2                                0 64100 64310 i
*> 193.31.7.0/27    5.5.5.2                                0 64100 64310 i
*> 193.31.8.0/27    5.5.5.2                                0 64100 64310 i
*> 193.31.9.0/27    5.5.5.2                                0 64100 64310 i
*> 193.51.1.0/27    0.0.0.0                  0         32768 i
*> 193.51.2.0/27    0.0.0.0                  0         32768 i
*> 193.51.3.0/27    0.0.0.0                  0         32768 i
*> 193.51.4.0/27    0.0.0.0                  0         32768 i
*> 193.51.5.0/27    0.0.0.0                  0         32768 i
*> 193.51.6.0/27    0.0.0.0                  0         32768 i
*> 193.51.7.0/27    0.0.0.0                  0         32768 i
*> 193.51.8.0/27    0.0.0.0                  0         32768 i
*> 193.51.9.0/27    0.0.0.0                  0         32768 i

Yes, network 10.1.1.0/24 is in the topology table. When the network prefix is indicated with *> for best and valid route the it will be pushed into the routing table.

In green I’ve indicated our masked or aggregated address from CUSTOMER and we see there are two paths available. You can see that AS-path was the tie breaker in the BGP Attribute list (I’m guessing number 4). The prefix with the shortest AS-path gets a valid and best indication and will be put in the routing table.

But what about the blue stuff?? R> = RIB Failure???? Let’s take a detour for a minute!

RIB Failure happens when a network prefix has already been put into the routing table by an IGP, in our case static routing and directly connected interfaces. The prefix is not added to the Routing Information Base(RIB) or routing table because it’s already in there.

Let’s check our static routes:

ISP2#sh ip route static
     1.0.0.0/32 is subnetted, 1 subnets
S       1.1.1.2 [1/0] via 172.16.1.4
     5.0.0.0/32 is subnetted, 2 subnets
S       5.5.5.2 [1/0] via 172.18.1.5

and the interface table

ISP2#sh ip int brief
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0            172.18.1.4      YES manual up                    up      
FastEthernet0/1            172.16.1.5      YES NVRAM  up                    up      
Loopback0                  4.4.4.4         YES NVRAM  up                    up      
Loopback100                193.51.1.1      YES NVRAM  up                    up      
Loopback200                193.51.2.1      YES NVRAM  up                    up      
Loopback300                193.51.3.1      YES NVRAM  up                    up      
Loopback400                193.51.4.1      YES NVRAM  up                    up      
Loopback500                193.51.5.1      YES NVRAM  up                    up      
Loopback600                193.51.6.1      YES NVRAM  up                    up      
Loopback700                193.51.7.1      YES NVRAM  up                    up      
Loopback800                193.51.8.1      YES NVRAM  up                    up      
Loopback900                193.51.9.1      YES NVRAM  up                    up      
ISP2#

Now let’s check if our destination is reachable from CUSTOMER:

CUSTOMER#ping 10.1.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
CUSTOMER#

Mhhh, Oh! Remember we’ve put filter lists or distribution list on CUSTOMER to filter receiving routes. We’ll have to include 10.1.1.0 in access-list 90 and 91 and since we do not distribute transit IP ranges (all the /31 networks) we’ll do a source ping from the internal 192.168.1.1 ip address. 192.168.1.0/24 is being distributed, so that won’t fail.

CUSTOMER#ping 
Protocol [ip]: 
Target IP address: 10.1.1.1
Repeat count [5]: 
Datagram size [100]: 
Timeout in seconds [2]: 
Extended commands [n]: y
Source address or interface: 192.168.1.1
Type of service [0]: 
Set DF bit in IP header? [no]: 
Validate reply data? [no]: 
Data pattern [0xABCD]: 
Loose, Strict, Record, Timestamp, Verbose[none]: 
Sweep range of sizes [n]: 
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.1.1 
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/41/52 ms
CUSTOMER#

Ok, we’re ready to configure the local presence on CUSTOMER

Let’s recap our information:

CUSTOMER#sh run | sec bgp
 redistribute bgp 64200
router bgp 64200
 no synchronization
 bgp log-neighbor-changes
 aggregate-address 192.168.0.0 255.255.0.0 suppress-map SUPRESS-MAP-INTERNAL
 redistribute ospf 1 route-map CHANGE-ORIGIN
 neighbor 3.3.3.3 remote-as 64310
 neighbor 3.3.3.3 ebgp-multihop 255
 neighbor 3.3.3.3 update-source Loopback1
 neighbor 3.3.3.3 distribute-list 90 in
 neighbor 3.3.3.3 route-map BLOCK-AS64510 out
 neighbor 4.4.4.4 remote-as 64510
 neighbor 4.4.4.4 ebgp-multihop 2
 neighbor 4.4.4.4 update-source Loopback2
 neighbor 4.4.4.4 distribute-list 91 in
 neighbor 4.4.4.4 route-map BLOCK-AS64310 out
 no auto-summary
CUSTOMER#

We’ll use a route-map to set the local preference value for a match on destination 10.1.1.1 or network 10.1.1.0/24

!
ip access-list standard INTERNET-LP-SET
 permit 10.1.1.0
!
!
route-map LOCAL-PREF-INTERNET-AS64310 permit 10
 match ip address INTERNET-LP-SET
 set local-preference 120
route-map LOCAL-PREF-INTERNET-AS64310 permit 20 >> WHY?? Otherwise we'll filter other receiving routes aswel. This will permit everything else without matching and setting stuff
!
route-map LOCAL-PREF-INTERNET-AS64510 permit 10
 match ip address INTERNET-LP-SET
 set local-preference 110
route-map LOCAL-PREF-INTERNET-AS64510 permit 20 >> WHY?? Otherwise we'll filter other receiving routes as well. This will permit everything else without matching and setting stuff
!
router bgp 64200
neighbor 3.3.3.3 description *** ISP1 ***
neighbor 3.3.3.3 route-map LOCAL-PREF-INTERNET-AS64310 in >> Why inbound?? prefix 10.1.1.0/24 is outside our CUSTOMER AS and will be received inbound
neighbor 4.4.4.4 description *** ISP2 ***
neighbor 4.4.4.4 route-map LOCAL-PREF-INTERNET-AS64510 in
!
clear ip bgp *
!
CUSTOMER#sh route-map
<< output omitted >>
route-map LOCAL-PREF-INTERNET-AS64310, permit, sequence 10
  Match clauses:
    ip address (access-lists): INTERNET-LP-SET 
  Set clauses:
    local-preference 120
  Policy routing matches: 0 packets, 0 bytes
route-map LOCAL-PREF-INTERNET-AS64310, permit, sequence 20
  Match clauses:
  Set clauses:
  Policy routing matches: 0 packets, 0 bytes
route-map LOCAL-PREF-INTERNET-AS64510, permit, sequence 10
  Match clauses:
    ip address (access-lists): INTERNET-LP-SET 
  Set clauses:
    local-preference 110
  Policy routing matches: 0 packets, 0 bytes
route-map LOCAL-PREF-INTERNET-AS64510, permit, sequence 20
  Match clauses:
  Set clauses:
  Policy routing matches: 0 packets, 0 bytes
CUSTOMER#  
!
!
CUSTOMER#sh ip bgp 
BGP table version is 15, local router ID is 10.10.10.11
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*  10.1.1.0/24      4.4.4.4                       110      0 64510 64100 i
*>                  3.3.3.3                       120      0 64310 64100 i >> Most preffered
*> 192.168.0.0/16   0.0.0.0                            32768 i
s> 192.168.1.0      0.0.0.0                  0         32768 i
s> 192.168.2.0      0.0.0.0                  0         32768 i
s> 192.168.3.0      0.0.0.0                  0         32768 i
s> 192.168.4.0      0.0.0.0                  0         32768 i
*> 193.31.1.0/27    3.3.3.3                  0             0 64310 i
*> 193.31.9.0/27    3.3.3.3                  0             0 64310 i
*> 193.51.1.0/27    4.4.4.4                  0             0 64510 i
*> 193.51.9.0/27    4.4.4.4                  0             0 64510 i
CUSTOMER#
!
CUSTOMER#sh ip route 10.1.1.1
Routing entry for 10.1.1.0/24
  Known via "bgp 64200", distance 20, metric 0
  Tag 64310, type external
  Redistributing via ospf 1
  Last update from 3.3.3.3 00:05:52 ago
  Routing Descriptor Blocks:
  * 3.3.3.3, from 3.3.3.3, 00:05:52 ago
      Route metric is 0, traffic share count is 1
      AS Hops 2
      Route tag 64310

CUSTOMER#
CUSTOMER#traceroute
Protocol [ip]: 
Target IP address: 10.1.1.1
Source address: 192.168.1.1
Numeric display [n]: 
Timeout in seconds [3]: 
Probe count [3]: 
Minimum Time to Live [1]: 
Maximum Time to Live [30]: 
Port Number [33434]: 
Loose, Strict, Record, Timestamp, Verbose[none]: 
Type escape sequence to abort.
Tracing the route to 10.1.1.1

  1 172.16.1.3 24 msec 24 msec 20 msec
  2

So that’s it.

Now let’s change the Local Preference for ISP2 to a higher value and see what happens with the topology table and routing table:

!
CUSTOMER#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
CUSTOMER(config)#route-map LOCAL-PREF-INTERNET-AS64510 permit 10
CUSTOMER(config-route-map)#set
CUSTOMER(config-route-map)#set lo
CUSTOMER(config-route-map)#set local-preference 400
CUSTOMER(config-route-map)#
CUSTOMER(config-route-map)#
CUSTOMER(config-route-map)#end
!
CUSTOMER#clear ip bgp 4.4.4.4 soft in >> Soft reset without tearing down the whole BGP session
!
CUSTOMER#sh ip bgp 
BGP table version is 16, local router ID is 10.10.10.11
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 10.1.1.0/24      4.4.4.4                       400      0 64510 64100 i >> Most preffered
*                   3.3.3.3                       120      0 64310 64100 i
*> 192.168.0.0/16   0.0.0.0                            32768 i
s> 192.168.1.0      0.0.0.0                  0         32768 i
s> 192.168.2.0      0.0.0.0                  0         32768 i
s> 192.168.3.0      0.0.0.0                  0         32768 i
s> 192.168.4.0      0.0.0.0                  0         32768 i
*> 193.31.1.0/27    3.3.3.3                  0             0 64310 i
*> 193.31.9.0/27    3.3.3.3                  0             0 64310 i
*> 193.51.1.0/27    4.4.4.4                  0             0 64510 i
*> 193.51.9.0/27    4.4.4.4                  0             0 64510 i

CUSTOMER#trace
Protocol [ip]: 
Target IP address: 10.1.1.1
Source address: 192.168.1.1 
Numeric display [n]: 
Timeout in seconds [3]: 
Probe count [3]: 
Minimum Time to Live [1]: 
Maximum Time to Live [30]: 
Port Number [33434]: 
Loose, Strict, Record, Timestamp, Verbose[none]: 
Type escape sequence to abort.
Tracing the route to 10.1.1.1

  1 172.16.1.5 24 msec 20 msec 20 msec
  2 
CUSTOMER#

Well, that’s it!!!

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s