Building network automation solutions

9 module online course

Start now!

BGP Essentials: AS-path prepending

Enterprise networks primarily use BGP with their Internet Service Providers if they want to be multi-homed (connected to more than one ISP). A very common requirement in a multi-homed design is the primary/backup setup where the lower speed (or sometimes lower quality) link should only be used when the primary link fails.

Competent ISPs help their customers reach this goal by using BGP local preference within their network and giving the customers the ability to indicate the desired value of BGP local preference through BGP communities: if the route received directly from the customer has low local preference, all other routes are preferred, resulting in the desired traffic flow that avoids the backup link if at all possible as shown in the next diagram:

Sometimes you are forced to deal with less than ideal ISPs (or the two ISPs you’re using are so far apart in the Internet topology that the BGP local preference solution doesn’t work). In these cases, the only means of influencing BGP route selection in the Internet is the extension of the AS path attribute (routes with shorter AS paths are preferred) with multiple copies of your own AS number: AS-path prepending. AS-path prepending is configured in Cisco IOS with route-map based per-neighbor outbound filter. The actual prepending is specified within the route-map with the set as-path prepend command, as illustrated in the following sample configuration:

router bgp 65001
neighbor 10.1.0.2 remote-as 65200
neighbor 10.1.0.2 description Backup ISP
neighbor 10.1.0.2 route-map prepend out
!
route-map prepend permit 10
set as-path prepend 65001 65001 65001

If you're looking for more in-depth BGP knowledge, try our Configuring BGP on Cisco Routers e-learning solution. If you just need to enhance your hands-on skill, the BGP Remote Lab Bundle is the perfect choice.

31 comments:

  1. very nice! This is what I was looking for
  2. G'day,

    May I know what is the signinficance of the "10" in route-map prepend permit 10? Thanks!

    Cheers!
  3. Perfectly what I was looking for!
  4. AL IPBB:
    This is the sequence for the route map rules.
    You can have multiple route map entries with a single name.
    route-map blah permit 10
    match whatever
    set anything
    route-map blah permit 20
    match otherthings
    set otherstuff

    and so on..
    The lookup stops when a matching rule is found.

    cheers
  5. Brilliant and striaght to the point!
  6. @Ivan, the config u have shown is to be applied on customers router or ISP router??? and i didnot completely understand about using local preference.. can u pls explain?
  7. The config would be applied on the customer router.
  8. Please who knows what prepending on internet is all about? Please i need help on this.
  9. Thanks, really useful howto!

    PS - you should also include the part about prioritising upload using bgp neighbour weight
  10. This might help you: http://www.youtube.com/watch?v=zFliAojRi2E
  11. Doesn't this only influence inbound connections (towards the customer)? The route-map out is telling the remote peer that the particular will take longer.
  12. You're right: AS path prepending influences only the inbound traffic flow (not connections). Influencing outbound traffic flow is usually very easy (use local preference or weight for pure primary/backup scenario).
  13. Hi

    If we have two subnet & we want one subnet to take primary ISP & second to secondary ISP for incoming traffic. How to configure?

    will set as-path will affect both the subnet incoming path?
  14. Advertise to ISP-P: S1 with short path, S2 with long path
    Advertise to ISP-B: S1 with long path, S2 with short path
  15. why we use AS 65501 three times in "set as-path prepend 65001 65001 65001"
  16. how to check if i set primary/secodary isp path at customer router.is any command to show on router? :)
  17. Ivan always have good articles.


    Why there is no "match local preference" for route-map used in BGP?

    % "SET-LOCAL-PREFERENCE-103" used as BGP inbound route-map, local preference match not supported
  18. Local preference is an intra-AS attribute, so it makes no sense to match on it on EBGP sessions (where it would never be used anyway).
  19. Ivan, prepending does not work for iBGP. How can I accomplish the same thing with iBGP(without prepending)? I want to be able to prefer the backup path in some cases. Thanks, Steve Thomas
    Replies
    1. Use local preference, set it with an outbound route map on IBGP session.
  20. But Local preference influences the outgoing traffic and is always applied on incoming routing updats. Can we set LP in an outbound route-map?
    Replies
    1. Yes you can, but since LP works only within an autonomous system, that would work only on an IBGP session.

      Anyhow, I wouldn't recommend it, I would strongly suggest that all routers in an autonomous system should have the same local preference for the same prefix (otherwise you might get interesting problems that would be hard to troubleshoot).
  21. How do you prevent your router from being a transit for others since you have dual ISPs and you are part of the Internet ring.
    Replies
    1. * Not announcing transit prefixes
      * Inbound ACLs limiting destinations to your address space.
    2. Normally your upstreams will filter your prefixes anyway, so this can't happen. Otherwise you'd be part of the DFZ, usually have more than two ISPs as uplinks and be an ISP yourself. ;-)
    3. "Normally your upstreams will filter your prefixes anyway" ... apart from the one that allowed Pakistan to hose YouTube. Some upstreams are more normal than the others ;)
  22. Hi Ivan,

    What about a case when you have dual CE, one providing a 50 Mbps connection and the other being a Wireless HSPA+ just for backup?

    Do you know a way to actually filter the traffic in the Wireless connection so that the pipe is not saturated when switching over?

    ACLs would do the job for outbound traffic, but for inbound we are screwed...

    Any ideas?

    Thanks in advance.
    Replies
    1. Inbound ACL would drop TCP traffic, so those sessions would stall, but some UDP senders might not care. Depends on your traffic profile.
  23. why we use AS 65501 three times in "set as-path prepend 65001 65001 65001"
    Replies
    1. Because we want to create longer as path, thus "spoiling" one link over other, so primary/better link is preferred, till it's down and BGP converges to backup/worse link.
  24. if i set longer path( "set as-path prepend 65001 65001 65001") for both primary and secondary path which path
    will be chosen from customer site. please explain i see traffic drop.
Add comment
Sidebar