In this post we'll be taking a look at AS Path prepending to influence the path taken by traffic as it is coming back to the originator. If you want to influence or engineer which way return traffic will enter your network, AS Path prepending is the ideal way to accomplish this.
IOSv9#traceroute vrf BGP 1.1.1.1 source lo0 num
Type escape sequence to abort.
Tracing the route to 1.1.1.1
VRF info: (vrf in name/id, vrf out name/id)
1 20.9.10.10 20 msec 5 msec 4 msec
2 10.10.10.100 [MPLS: Labels 24002/37 Exp 0] 55 msec 21 msec 20 msec
3 20.11.14.11 [MPLS: Label 37 Exp 0] 26 msec 10 msec 11 msec
4 20.11.14.14 28 msec 20 msec 17 msec
5 10.3.14.3 [MPLS: Labels 18/33 Exp 0] 73 msec 46 msec 44 msec
6 10.13.3.13 [MPLS: Labels 24003/33 Exp 0] 63 msec 44 msec 49 msec
7 20.1.1.1 [MPLS: Label 33 Exp 0] 55 msec 94 msec 46 msec
8 20.1.1.10 56 msec * 109 msec
We'll test this on IOSv6 towards IOSv1 and we see that we use the CSR11/XRzv4 Inter AS connection to reach IOSv1.
CSR11#sh bgp vrf BGP
BGP table version is 78, local router ID is 2.2.2.11
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 20:20 (default for vrf BGP)
*> 1.1.1.1/32 20.11.14.14 0 100 65001 i
*> 2.2.2.2/32 20.11.14.14 0 100 65002 i
*> 3.3.3.3/32 20.11.14.14 0 100 65003 i
*>i 7.7.7.7/32 2.2.2.12 0 100 0 65007 i
*>i 9.9.9.9/32 2.2.2.10 0 100 0 65009 i
*> 10.10.10.10/32 20.10.11.10 0 0 65010 i
*> 172.16.0.0/24 20.11.14.14 0 100 65001 i
*> 172.16.1.0/24 20.11.14.14 0 100 65001 i
*> 172.16.2.0/24 20.11.14.14 0 100 65001 i
Checking CSR11 BGP table we see that the path should ride over the CSR11/XRv4 path as the traceroute shows. Now we need to configure XRv4 to tell CSR11 that this path is now less preferred by adding AS Path hops to the AS Path list that XRv4 is advertising to CSR11. This is done by creating an RPL and prepending AS 100 three times to the RPL. The RPL is then applied outbound on the CSR11/XRv4 eBGP peering under the VRF.
route-policy RPL_AS_PATH
prepend as-path 100 3
end-policy
!
router bgp 100
vrf BGP
neighbor 20.11.14.11
remote-as 200
address-family ipv4 unicast
route-policy PASS in
route-policy RPL_AS_PATH out
CSR11#show bgp vrf BGP
BGP table version is 48, local router ID is 2.2.2.11
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 20:20 (default for vrf BGP)
*>i 1.1.1.1/32 2.2.2.14 0 100 0 100 65001 i
* 20.11.14.14 0 100 100 100 100 65001 i
*>i 2.2.2.2/32 2.2.2.14 0 100 0 100 65002 i
* 20.11.14.14 0 100 100 100 100 65002 i
*>i 3.3.3.3/32 2.2.2.14 0 100 0 100 65003 i
* 20.11.14.14 0 100 100 100 100 65003 i
*>i 7.7.7.7/32 2.2.2.12 0 100 0 65007 i
*>i 9.9.9.9/32 2.2.2.10 0 100 0 65009 i
*> 10.10.10.10/32 20.10.11.10 0 0 65010 i
*>i 172.16.0.0/24 2.2.2.14 0 100 0 100 65001 i
* 20.11.14.14 0 100 100 100 100 65001 i
Network Next Hop Metric LocPrf Weight Path
*>i 172.16.1.0/24 2.2.2.14 0 100 0 100 65001 i
* 20.11.14.14 0 100 100 100 100 65001 i
*>i 172.16.2.0/24 2.2.2.14 0 100 0 100 65001 i
* 20.11.14.14 0 100 100 100 100 65001 i
After modifying the AS Path length, we see that any routes learned from XRv4 now show 4 100's in the AS Path list. Which proves that the AS Path modification was successfully configured and applied to CSR11's BGP table.
IOSv9#traceroute vrf BGP 1.1.1.1 source lo0 num
Type escape sequence to abort.
Tracing the route to 1.1.1.1
VRF info: (vrf in name/id, vrf out name/id)
1 20.9.10.10 37 msec 11 msec 5 msec
2 10.10.10.100 [MPLS: Labels 24010/24018 Exp 0] 183 msec 122 msec 39 msec
3 10.11.10.11 [MPLS: Labels 31/24018 Exp 0] 35 msec 32 msec 27 msec
4 10.11.14.14 [MPLS: Labels 16/24018 Exp 0] 26 msec 50 msec 24 msec
5 10.9.14.9 [MPLS: Label 24018 Exp 0] 81 msec 22 msec 29 msec
6 20.6.9.6 141 msec 30 msec 21 msec
7 10.6.15.15 [MPLS: Labels 24003/33 Exp 0] 53 msec 39 msec 96 msec
8 10.11.15.11 [MPLS: Labels 24002/33 Exp 0] 79 msec 53 msec 63 msec
9 10.3.11.3 [MPLS: Labels 18/33 Exp 0] 51 msec 71 msec 107 msec
10 10.13.3.13 [MPLS: Labels 24003/33 Exp 0] 148 msec 78 msec 51 msec
11 20.1.1.1 [MPLS: Label 33 Exp 0] 72 msec 41 msec 50 msec
12 20.1.1.10 61 msec * 61 msec
The traceroute also shows that the new path goes through CSR6 and XRv9.
We'll configure AS Path Prepending on IOS now on the CSR.
IOSV1#traceroute vrf BGP 9.9.9.9 source loopback 0 num
Type escape sequence to abort.
Tracing the route to 9.9.9.9
VRF info: (vrf in name/id, vrf out name/id)
1 20.1.1.1 12 msec 51 msec 5 msec
2 10.1.13.13 [MPLS: Labels 24006/83 Exp 0] 28 msec 207 msec 26 msec
3 10.13.3.3 [MPLS: Labels 28/83 Exp 0] 24 msec 21 msec 23 msec
4 10.3.11.11 [MPLS: Labels 24009/83 Exp 0] 31 msec 24 msec 23 msec
5 20.2.14.2 [MPLS: Label 83 Exp 0] 25 msec 24 msec 18 msec
6 20.2.14.14 55 msec 21 msec 17 msec
7 10.11.14.11 [MPLS: Labels 17/25 Exp 0] 43 msec 59 msec 50 msec
8 10.11.10.10 [MPLS: Labels 24000/25 Exp 0] 38 msec 30 msec 62 msec
9 20.9.10.10 [MPLS: Label 25 Exp 0] 42 msec 35 msec 49 msec
10 20.9.10.9 49 msec * 157 msec
We execute a traceroute on IOSv1 towards IOSv9 and see the Inter AS path going between CSR2 and CSR14. This also let's us prove that AS Path prepending affects only inbound traffic. Since traffic leaving out IOSv1 towards IOSv9 does not take the CSR6/XRv9 path.
CSR2#sh bgp vrf BGP
BGP table version is 73, local router ID is 1.1.1.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 20:20 (default for vrf BGP)
*>i 1.1.1.1/32 1.1.1.1 0 100 0 65001 i
*>i 2.2.2.2/32 1.1.1.4 0 100 0 65002 i
*>i 3.3.3.3/32 1.1.1.14 0 100 0 65003 i
*> 7.7.7.7/32 20.2.14.14 0 200 65007 i
*> 9.9.9.9/32 20.2.14.14 0 200 65009 i
*> 10.10.10.10/32 20.2.14.14 0 200 65010 i
*>i 172.16.0.0/24 1.1.1.1 0 100 0 65001 i
*>i 172.16.1.0/24 1.1.1.1 0 100 0 65001 i
*>i 172.16.2.0/24 1.1.1.1 0 100 0 65001 i
We check CSR2s table to prove nothing has been modified yet. We configure a route-map setting the AS Path of 200 three times. The route-map is then applied to the neighbor outbound.
route-map RM_AS_PATH permit 10
set as-path prepend 200 200 200
!
router bgp 200
address-family ipv4 vrf BGP
neighbor 20.2.14.2 remote-as 100
neighbor 20.2.14.2 activate
neighbor 20.2.14.2 route-map RM_AS_PATH out
CSR2(config-router-af)#do sh bgp vrf BGP
BGP table version is 67, local router ID is 1.1.1.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 20:20 (default for vrf BGP)
*>i 1.1.1.1/32 1.1.1.1 0 100 0 65001 i
*>i 2.2.2.2/32 1.1.1.4 0 100 0 65002 i
*>i 3.3.3.3/32 1.1.1.14 0 100 0 65003 i
*>i 7.7.7.7/32 1.1.1.6 0 100 0 200 65007 i
* 20.2.14.14 0 200 200 200 200 65007 i
*>i 9.9.9.9/32 1.1.1.6 0 100 0 200 65009 i
* 20.2.14.14 0 200 200 200 200 65009 i
*>i 10.10.10.10/32 1.1.1.6 0 100 0 200 65010 i
* 20.2.14.14 0 200 200 200 200 65010 i
*>i 172.16.0.0/24 1.1.1.1 0 100 0 65001 i
*>i 172.16.1.0/24 1.1.1.1 0 100 0 65001 i
Network Next Hop Metric LocPrf Weight Path
*>i 172.16.2.0/24 1.1.1.1 0 100 0 65001 i
After executing a soft route-refresh on CSR14 we see that the AS Path list on CSR2 shows the added AS hops in the AS Path list.
IOSV1#traceroute vrf BGP 9.9.9.9 source loopback 0 num
Type escape sequence to abort.
Tracing the route to 9.9.9.9
VRF info: (vrf in name/id, vrf out name/id)
1 20.1.1.1 29 msec 5 msec 3 msec
2 10.1.13.13 [MPLS: Labels 24008/42 Exp 0] 52 msec 31 msec 46 msec
3 10.13.3.3 [MPLS: Labels 20/42 Exp 0] 31 msec 38 msec 31 msec
4 10.3.11.11 [MPLS: Labels 24006/42 Exp 0] 87 msec 50 msec 92 msec
5 10.11.15.15 [MPLS: Labels 24002/42 Exp 0] 86 msec 41 msec 35 msec
6 20.6.9.6 [MPLS: Label 42 Exp 0] 41 msec 46 msec 28 msec
7 20.6.9.9 45 msec 30 msec 81 msec
8 10.9.14.14 [MPLS: Labels 24/25 Exp 0] 59 msec 84 msec 71 msec
9 10.11.14.11 [MPLS: Labels 17/25 Exp 0] 51 msec 48 msec 56 msec
10 10.11.10.10 [MPLS: Labels 24000/25 Exp 0] 72 msec 60 msec 49 msec
11 20.9.10.10 [MPLS: Label 25 Exp 0] 44 msec 39 msec 51 msec
12 20.9.10.9 88 msec * 41 msec
We retest and see traffic going over the CSR6 path as indicated in CSR2s BGP table pointing towards 1.1.1.6 as the next hop.
Thanks for stopping by!
Rob Riker, CCIE #50693
No comments:
Post a Comment