Community discussions

MikroTik App
 
blackmetal
Member Candidate
Member Candidate
Topic Author
Posts: 227
Joined: Mon Aug 16, 2010 9:01 am

best path choose wrongly

Fri Oct 20, 2017 6:27 pm

Hello,
i have a prefix (for example x.x.x.x/24) and i have uplink from 2 provider (1. AS15412 / 2. AS3223) and as a note i do not have direct BGP session with them i bought uplink from their resellers and i have bgp session with their resellers. i announced x.x.x.x/24 to both uplink and set x3 prepend for first uplink (1. AS15412 ) and after prepend as number for this was 7 asn and for second uplink was 3 asn. so best path should be second uplink , is it right? but right now i see somewhere in world see my prefixes from second and some of them see prefix from first uplink and when i troubleshoot deeper i see AS15412 set localpref 140 and somewhere match this.
i ask my carriers and seems they do not support localpref or med . so i want know how can i force all path in world use my second uplink?
for example when i see my prefix from lg.he.net i saw it detects both path but choose first uplink as best path.
thanks,
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4047
Joined: Wed May 11, 2011 6:08 pm

Re: best path choose wrongly

Fri Oct 20, 2017 7:05 pm

You can't.

Best path selection uses the following metrics:
  1. Highest Weight Metric
  2. Highest Local Preference Metric
  3. Locally-generated prefix > Learned Prefix
  4. Shortest AS-Path Length
  5. several more tiebreakers afterwards
Thus a prefix with an AS-PATH length of 50 and local-preference 101 would be chosen over a prefix with an AS-PATH length of 1 but a local-preference of 100.

If your carriers don't accept BGP communities to allow customers to modify their routing policy, your only ways to engineer around this are:
  • announce more specific sub-prefixes on the preferred carrier (impossible if you really only have a /24 to work with)
  • get the carrier to manually adjust their local-preference value for the prefixes learned from you
In fact, the easiest thing for you to do is to not prepend anything and get your carrier1 (AS15412) to apply a local_pref on your advertisements to be lower than what they receive from their peers/transit providers. I.e. if they hear about your prefix from anywhere other than you, that will take precedence. Only if they hear your route from nobody will they use the link directly to you.
 
blackmetal
Member Candidate
Member Candidate
Topic Author
Posts: 227
Joined: Mon Aug 16, 2010 9:01 am

Re: best path choose wrongly

Fri Oct 20, 2017 7:24 pm

i have /20 but i am advertising 4x /22 in same datacenter..
what about if i advertise /22 in first uplink and advertise 4x /24 on second uplink then it will chose second uplink ?right?
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4047
Joined: Wed May 11, 2011 6:08 pm

Re: best path choose wrongly

Fri Oct 20, 2017 8:02 pm

That will work.

I generally hate this kind of solution because it's part of the reason why the global BGP table is working its way near 1 million routes. . .

In your original post you talk about how provider 2 is an indirect BGP connection, and that they don't support communities, etc.
Does provider 1 support them?

The clean way to accomplish your goal would be to send a "make my local_preference very low" community to provider1 on the prefix(es) you wish to only come in via provider2 except when provider2 is down.

Another thought - if you're also announcing your entire /20 to both providers, you could simply not announce the /22 into provider1. Provider2's path to the /20 would win in the global routing tables, but if provider2 goes down, then the /20 via provider 1 will cover your connectivity on the /22.
 
blackmetal
Member Candidate
Member Candidate
Topic Author
Posts: 227
Joined: Mon Aug 16, 2010 9:01 am

Re: best path choose wrongly

Fri Oct 20, 2017 8:51 pm

Actually both of my provider does not allow me set localpref weight or such things they only allow prepend
Whats the other solution instead announce small subnet?
And are you sure small subnet worka? Because provider 1 and 2 are different and they do not have bgp together as15412 and as 3223 has its own routing table.
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4047
Joined: Wed May 11, 2011 6:08 pm

Re: best path choose wrongly

Fri Oct 20, 2017 10:14 pm

Just to be clear: When I say set local_pref, what I mean is use BGP communities.

LocalPref itself is a non-transitive attribute on BGP routes - meaning that it only has meaning within the same AS.
You could set localpref=999 on a prefix, but that information won't be transmitted to any eBGP neighbors because localpref is non-transitive.

BGP Communities ARE transitive, so long as the neighbors are configured to send them.
ISPs which offer community options to their customers will furnish you with a list of the communities they accept from customers, and what actions those communities perform on the ISP's routing policy.

So if ISP1 supports a community 15412:200 which sets local_pref=200, and 15412:50 which sets local_pref=50, then you as the customer may apply that community label to any routing prefixes you wish, and when received at ISP1, ISP1 will take the corresponding actions.

So now, when you say they don't let you set local pref, do you mean that they don't offer any communiy functionality, or that you can't send routes with a local_pref value? (because only the former means anything).

Of course if there is no community support, the ISP can manually configure their BGP session with your network in any way BGP supports - they may have a policy against this, but it never hurts to ask.

As for advertising longer/shorter prefixes, there's only a few cases where this wouldn't work - these would be if one of the two ISPs (or some network in between them) performs route aggregation, or if these networks don't send/receive full Internet routing tables.
 
blackmetal
Member Candidate
Member Candidate
Topic Author
Posts: 227
Joined: Mon Aug 16, 2010 9:01 am

Re: best path choose wrongly

Fri Oct 20, 2017 10:51 pm

Hi
Yes none of my isps do not offer community so the only way is send smallest prefix?
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4047
Joined: Wed May 11, 2011 6:08 pm

Re: best path choose wrongly

Thu Oct 26, 2017 2:12 am

Hi
Yes none of my isps do not offer community so the only way is send smallest prefix?
... or talk to their techs to see if they'll manually apply a special local_pref policy on their peering session with you.

One of my transit providers doesn't support communities themselves, but they do pass communities through their network, so if they have a connection to Hurricane Electric, for instance, I could read Hurricane Electric's community policy and send communities to effect HE's routing policy towards my network via the interem carrier.

I consider announcing piece-meal subnets as an absolute last resort in traffic engineering. This may be your only option, though.
 
blackmetal
Member Candidate
Member Candidate
Topic Author
Posts: 227
Joined: Mon Aug 16, 2010 9:01 am

Re: best path choose wrongly

Thu Oct 26, 2017 8:25 am

see one of my upstream is ddos protected and the other one is not.
i announce /23 to my primary upstream and announce 1x /24 to my ddos protected upstream(because i want one of my 24 will be ddos protected and the other one keep in primary uplink) but right now when i send test attack to my /24 i see i have same amount of traffic on my /23 upstream (primary) .. i capture traffic and catch some of their source ip and check their ISP's looking glass and i saw all of them go thru my /24 and i do not really know why this happen and some traffic come to me from /23 uplink!
any idea ?
thanks
 
JimmyNyholm
Member Candidate
Member Candidate
Posts: 248
Joined: Mon Apr 25, 2016 2:16 am
Location: Sweden

Re: best path choose wrongly

Mon Oct 30, 2017 7:21 pm

see one of my upstream is ddos protected and the other one is not.
i announce /23 to my primary upstream and announce 1x /24 to my ddos protected upstream(because i want one of my 24 will be ddos protected and the other one keep in primary uplink) but right now when i send test attack to my /24 i see i have same amount of traffic on my /23 upstream (primary) .. i capture traffic and catch some of their source ip and check their ISP's looking glass and i saw all of them go thru my /24 and i do not really know why this happen and some traffic come to me from /23 uplink!
any idea ?
thanks
Is this actually a question? Sorry to be blunt but this is fundamental routing that you need to read up on:

Zerobyte helped you with tiebreker when prefixes are the same....
Best path selection uses the following metrics:
  1. Highest Weight Metric
  2. Highest Local Preference Metric
  3. Locally-generated prefix > Learned Prefix
  4. Shortest AS-Path Length
  5. several more tiebreakers afterwards
But here you have one smaller prefix that will allways win there is nothing strange with that.

Who is online

Users browsing this forum: No registered users and 19 guests