Community discussions

 
rainis
just joined
Topic Author
Posts: 1
Joined: Fri Apr 21, 2017 3:11 pm

BGP default route, 4 peers.

Fri Apr 21, 2017 3:24 pm

Hello.
I have a problem with BGP, our company is an ISP-1 BGP with a small network of AS /28 and /29, added a new ISP-2 which provides us with its own unique AS /24 network. We can not simply switch all the service and customers need to do it gradually, when everything will be connected only going to use our new AS /24. All peers connection established. it possible with the default routing configuration to operate in both peers in Uplink-1, following routes 0.0.0.0/0 gateway 10.10.234.113, and 0.0.0.0/0 gateway routing mark =ISP-2 12.12.224.74?. I can not switch the entire internal network to the new / 24, it is necessary to do so gradually. Is there solution for my problem?
I hope you understood my question, thank you and sorry for bad English.
bgp.png
You do not have the required permissions to view the files attached to this post.
 
User avatar
IPANetEngineer
Trainer
Trainer
Posts: 1053
Joined: Fri Aug 10, 2012 6:46 am
Location: Jackson, MS, USA
Contact:

Re: BGP default route, 4 peers.

Thu Apr 27, 2017 3:48 pm

If these are public BGP Autonomous Systems, you could always get the provider to whitelist all the prefixes for each envrionment out of each AS and ensure you have peering between your ASes and then you could gradually migrate the IP space over because it would be reachable in both.
Global - MikroTik Support & Consulting - English | Francais | Español | Portuguese +1 855-645-7684
https://iparchitechs.com/services/mikro ... l-support/ mikrotiksupport@iparchitechs.com
 
idlemind
Forum Guru
Forum Guru
Posts: 1102
Joined: Fri Mar 24, 2017 11:15 pm
Location: USA

Re: BGP default route, 4 peers.

Thu Apr 27, 2017 9:08 pm

Thanks, what a great question. This largely would work with default destination based routing. The major item that worries me is if there is any source based filtering being done by any of your upstreams. This can be in the form of BCP38 protections or an upstream peer protecting from becoming transit for a network they don't want (ISP2 Uplink 3, top right).

If I were you I'd consider implementing policy based routing on at least ISP2 Uplink 3, preferably all 3 of your routers. In particular I'd have it determine the ideal next hop based on how it was sourced. So let's just assume that somehow a packet/connection sourced in your /28 or /29 ended up on ISP2 Uplink 3. It would take the lowest cost (administrative distance) default route. We want to insure that it goes back to one of the two uplinks to ISP1 and when it gets there we inspect the packet/connection again and determine it needs to exit via the interface where /28 or /29 traffic is expected.

ISP2 likely will be unable to advertise your /28 and 29 for 2 reasons. It likely is part of a block assigned to ISP1. While provider aggregated space can be announced by another party it is not common and typically requires policies and agreement​s with the two organizations to ensure the subnet does that get announced if you stop paying ISP1 or something along those lines. The second is most Internet routing via BGP simply won't accept anything not a /32 or anything smaller than a /24.

To Alan's point both ISPs could whitelist (accept) your /24, /28 and /29 from any source address protections like BCP38 or anti-transit methods. I prefer to solve the problem locally with policy based routing. It simplifies patching issues and limits the parties involved to just you. This results in a faster, less confusing implementation that can easily be reversed when you have migrated away and released the /28 and /29 back to ISP1.

Who is online

Users browsing this forum: No registered users and 10 guests