I’ve got a network that’s using two RB1200’s, each of which is peering with a separate network and advertising our own AS and network using BGP. Each of the RB’s are sharing the routes.
All outgoing traffic is flowing correctly, but incoming traffic is not coming in the path I want. R1 has a small amount of bandwidth and R2 has much more. I know if I stop my BGP peering on R1 then all traffic flows as I expect and want it to on R2.
I’ve tried setting BGP Prepend in the route filter but am still not having much luck.
Can I even force certain AS’s to not see my network through R1?
Do I need to configure anything on the peering between my two routers?
Or is it just that I’m unable to control all of my incoming connections?
Ultimately - you have no control over where your traffic comes in. You control how you forward traffic just as other providers control how they forward. It could be that no matter how much prepending you do etc, upstreams could still over-ride it.
One other trick is smaller prefixes though, for example (and to simplify) if you had a /22 assigned (so 4x/24’s) have your filters set to allow /24’s out on R1 advertise 2x /24’s on R2 advertise the other 2x/24’s then on both advertise the /22 (for backup).
AS Path and local pref can usually be over-ridden but not many will override a more specific route. It will mean selectively choosing which /24 via which router to give best load balancing but it works for me when needed.
Thanks CelticComms, it looks as though the prepending is working well out R1, but I can’t check R2 as it’s a private network.
Could it be that this prepending information is being sent to R2 which is then being sent out to my other network? If so, what routing filters would I need to stop this happening?
We’ve only got one /24 assigned here so we can’t go down that path joe, but thanks for the suggestion.
Is there any way to block a particular subnet from accessing the network through a particular connection? I realise this does away with multi-homing but I’m OK with that for the time being.
This question need more info for clarity… When you say block a particular subnet from accessing the network ? are you talking about inbound to you from the net or outbound from you to the net ?
If you are running a multi-homed bgp, you can influence routing in both direction with different methods.
e.g. inbound traffic can be influenced by AS Prepend or Communities (if available from your upstream)
out bound traffic can be influenced by BGP Local Pref or BGP weight…
I make the necessary changes with AS Prepend and I can see those changes through the HE Looking Glass but it doesn’t make a difference to inbound traffic. I’m assume our provider is ignoring this?
If I’ve got R1 and R2 both advertising my /24 could I block any IPs from coming in through R1? (And they would then be forced to find me through R2). I’m not too worried about multi-homing on these particular IPs that I want to block from R1.
Or could I even block a particular ASN from getting to me through R1?
You have to look into ‘BGP Communities’… different providers use these as a way for you to override their default pref.
And yes, most providers of paid IP Transit will setup their network to ignore as path length for paying customers.. i.e. if you are paying them, they want the traffic to go thru their network regardless of other paths been shorter …
So you have to find the communities to override this behavior.
and some providers also have communities if you you want your network to be not advertised to other network they connect to.. etc