Hi guys. I have a very important question regarding a bgp design. I created this enterprise BGP design between a site and two DCs.
Site AS:65028 is the remote and has two ISP connections to DC A via Lumen as primary and DC B ATT as Secondary in AS:65000. I want to connect to a file server (10.1.100.x subnet) that is hosted in DC B via ATT from AS:65028 and everything else from AS:65028 to go to the via Lumen. I have configured BGP on all sites and everything is working fine. However, i configured PBR to direct the traffic going to the file server on the remote sites. This policy isn’t working. I also tried to use as-path prepend to manipulate that specific subnet to go over ATT. That didn’t work either. I would like your suggestions please. I have the topology that i could attach to this post if i can find out to attach it.
When working with eBGP, it is usually best practice to manipulate the BGP attributes. In your particular case, it looks like you are needing to affect eBGP routing, that is, routing choices between AS’es. You can do this using a route map to change either the weight, localpref, or use path prepending. Any one of these can be used to choose a different routing between AS’es.
You can use policy-based routing to change the next-hop IP address for a particular route as well.
All of these solutions should work. It is preferable to modify BGP attributes rather than PBR simply because any topology change will cause BGP to reconverge, maintaining connectivity by potentially other routes. With PBR, it is more difficult to achieve this. In any case, if it is configured correctly, it should deliver a similar reliablity.
Now having said all of that, the fact that your topology didn’t operate as expected means that you will have to do some troubleshooting. If you need help in this process, please share more details about your topology, and the resulting behavior so that we can help you along the way.
Thank you for your reply to this thread. Below is the current config that is currently working.
Note: Currently, every traffic is going over R20WAN01 >> R02WAN02. That is how i want the design to work. However, i want only 10.1.100.0/24 from R20WAN0x to route via the secondary
circuit R20WAN02 >> R01WAN01.
!
DC routers are R02WAN02 active and standby R01WAN01
Remote routers are active R20WAN01 and standby R20WAN02!
Currently, everything is working fine. Meaning, all traffic from remote location is transiting via Lumen “R20WAN01”.
!
10.1.100.0 0.0.0.255 (this is the subnet i’m trying to route "Ingress and Egress over ATT link. Everything other subnets in the remote location to route over Lumen).
Thanks for sharing this information! I’m still having some trouble understanding your topology. I’m confused because you are referring to the DCs as well as the WAN connections using the same labels “R01WANx” and you are also referring to them as ATT and Lumen, which of course are the providers, but it’s not clear as to which path each one is referring to. Can you clarify by giving us a clearer picture of your topology?
any host from 10.28.x.x that needs to connect to 10.1.100.0/24 should go via R28WAN02 to R01WAN01 and every other traffic from 10.28.x.x should go through R28WAN01 to R03WAN02. I have pasted the topology here. Hope it shows up.
Thanks for sharing the topology. Yes, I can see what it is you want to achieve. Now from my understanding, without any BGP attribute manipulation or any PBR, your traffic from 10.28.x.x to anywhere is going via R28WAN01 → CenturyLink → R03WAN02. This is simply based on default routing. Now you want to employ an exception to this routing, where if the destination is 10.1.100.0/24, it should go via R28WAN02 → R01WAN01. This can be done by both PBR as well as BGP attribute manipulation, just like you stated initially.
If you want to use BGP manipulation, you can use the Weight attribute. Create a route map in R28WAN02 that will set the weight of the 10.1.100.0/24 prefix higher when it is learned from the AS 65500 AS, so it will have a higher weight value for the path to R1WAN01 for that prefix.
Similarly, you can use local preference as well as AS Path Prepending to achieve similar results. Take a look at the linked lessons to see how these can be applied.
You should be able to apply PBR as well, as mentioned before.
Now you say that you tried these, but they didn’t work. There could be a multitude of reasons that they didn’t achieve what you want. In order to determine this, you must troubleshoot to zero in on the problem. Some things that may help you include:
Make sure that all of the routers along the way, including those not running BGP, route the traffic in the direction that you desire. For example, the RH-A and RH-B nexus devices should have their routing configured to send traffic destined to 10.1.100.0/24 via R28WAN02.
Check the routing table of each router along the way of the path that you want to take to ensure that routing is indeed what is needed to get your results.
Let us know how you get along, and if you have more specific questions, feel free to let us know!
