BGP Essentials: AS-path prepending

Enterprise networks primarily use BGP with their Internet Service Providers if they want to be multi-homed (connected to more than one ISP). A very common requirement in a multi-homed design is the primary/backup setup where the lower speed (or sometimes lower quality) link should only be used when the primary link fails.

Competent ISPs help their customers reach this goal by using BGP local preference within their network and giving the customers the ability to indicate the desired value of BGP local preference through BGP communities: if the route received directly from the customer has low local preference, all other routes are preferred, resulting in the desired traffic flow that avoids the backup link if at all possible as shown in the next diagram:

Sometimes you are forced to deal with less than ideal ISPs (or the two ISPs you’re using are so far apart in the Internet topology that the BGP local preference solution doesn’t work). In these cases, the only means of influencing BGP route selection in the Internet is the extension of the AS path attribute (routes with shorter AS paths are preferred) with multiple copies of your own AS number: AS-path prepending. AS-path prepending is configured in Cisco IOS with route-map based per-neighbor outbound filter. The actual prepending is specified within the route-map with the set as-path prepend command, as illustrated in the following sample configuration:

router bgp 65001
neighbor 10.1.0.2 remote-as 65200
neighbor 10.1.0.2 description Backup ISP
neighbor 10.1.0.2 route-map prepend out
!
route-map prepend permit 10
set as-path prepend 65001 65001 65001

If you're looking for more in-depth BGP knowledge, try our Configuring BGP on Cisco Routers e-learning solution. If you just need to enhance your hands-on skill, the BGP Remote Lab Bundle is the perfect choice.

30 comments:

  1. very nice! This is what I was looking for

    ReplyDelete
  2. G'day,

    May I know what is the signinficance of the "10" in route-map prepend permit 10? Thanks!

    Cheers!

    ReplyDelete
  3. VzW Data Engineer10 November, 2009 03:11

    Perfectly what I was looking for!

    ReplyDelete
  4. AL IPBB:
    This is the sequence for the route map rules.
    You can have multiple route map entries with a single name.
    route-map blah permit 10
    match whatever
    set anything
    route-map blah permit 20
    match otherthings
    set otherstuff

    and so on..
    The lookup stops when a matching rule is found.

    cheers

    ReplyDelete
  5. Brilliant and striaght to the point!

    ReplyDelete
  6. @Ivan, the config u have shown is to be applied on customers router or ISP router??? and i didnot completely understand about using local preference.. can u pls explain?

    ReplyDelete
  7. Ivan Pepelnjak25 May, 2010 20:05

    The config would be applied on the customer router.

    ReplyDelete
  8. Please who knows what prepending on internet is all about? Please i need help on this.

    ReplyDelete
  9. Thanks, really useful howto!

    PS - you should also include the part about prioritising upload using bgp neighbour weight

    ReplyDelete
  10. This might help you: http://www.youtube.com/watch?v=zFliAojRi2E

    ReplyDelete
  11. Doesn't this only influence inbound connections (towards the customer)? The route-map out is telling the remote peer that the particular will take longer.

    ReplyDelete
  12. You're right: AS path prepending influences only the inbound traffic flow (not connections). Influencing outbound traffic flow is usually very easy (use local preference or weight for pure primary/backup scenario).

    ReplyDelete
  13. Hi

    If we have two subnet & we want one subnet to take primary ISP & second to secondary ISP for incoming traffic. How to configure?

    will set as-path will affect both the subnet incoming path?

    ReplyDelete
  14. Ivan Pepelnjak04 March, 2011 18:53

    Advertise to ISP-P: S1 with short path, S2 with long path
    Advertise to ISP-B: S1 with long path, S2 with short path

    ReplyDelete
  15. why we use AS 65501 three times in "set as-path prepend 65001 65001 65001"

    ReplyDelete
  16. how to check if i set primary/secodary isp path at customer router.is any command to show on router? :)

    ReplyDelete
  17. Ivan always have good articles.


    Why there is no "match local preference" for route-map used in BGP?

    % "SET-LOCAL-PREFERENCE-103" used as BGP inbound route-map, local preference match not supported

    ReplyDelete
  18. Local preference is an intra-AS attribute, so it makes no sense to match on it on EBGP sessions (where it would never be used anyway).

    ReplyDelete
  19. Ivan, prepending does not work for iBGP. How can I accomplish the same thing with iBGP(without prepending)? I want to be able to prefer the backup path in some cases. Thanks, Steve Thomas

    ReplyDelete
    Replies
    1. Use local preference, set it with an outbound route map on IBGP session.

      Delete
  20. But Local preference influences the outgoing traffic and is always applied on incoming routing updats. Can we set LP in an outbound route-map?

    ReplyDelete
    Replies
    1. Yes you can, but since LP works only within an autonomous system, that would work only on an IBGP session.

      Anyhow, I wouldn't recommend it, I would strongly suggest that all routers in an autonomous system should have the same local preference for the same prefix (otherwise you might get interesting problems that would be hard to troubleshoot).

      Delete
  21. How do you prevent your router from being a transit for others since you have dual ISPs and you are part of the Internet ring.

    ReplyDelete
    Replies
    1. * Not announcing transit prefixes
      * Inbound ACLs limiting destinations to your address space.

      Delete
    2. Normally your upstreams will filter your prefixes anyway, so this can't happen. Otherwise you'd be part of the DFZ, usually have more than two ISPs as uplinks and be an ISP yourself. ;-)

      Delete
    3. "Normally your upstreams will filter your prefixes anyway" ... apart from the one that allowed Pakistan to hose YouTube. Some upstreams are more normal than the others ;)

      Delete
  22. Hi Ivan,

    What about a case when you have dual CE, one providing a 50 Mbps connection and the other being a Wireless HSPA+ just for backup?

    Do you know a way to actually filter the traffic in the Wireless connection so that the pipe is not saturated when switching over?

    ACLs would do the job for outbound traffic, but for inbound we are screwed...

    Any ideas?

    Thanks in advance.

    ReplyDelete
    Replies
    1. Inbound ACL would drop TCP traffic, so those sessions would stall, but some UDP senders might not care. Depends on your traffic profile.

      Delete
  23. why we use AS 65501 three times in "set as-path prepend 65001 65001 65001"

    ReplyDelete
    Replies
    1. Because we want to create longer as path, thus "spoiling" one link over other, so primary/better link is preferred, till it's down and BGP converges to backup/worse link.

      Delete

You don't have to log in to post a comment, but please do provide your real name/URL. Anonymous comments might get deleted.

Ivan Pepelnjak, CCIE#1354, is the chief technology advisor for NIL Data Communications. He has been designing and implementing large-scale data communications networks as well as teaching and writing books about advanced technologies since 1990. See his full profile, contact him or follow @ioshints on Twitter.