This post will describe how to do conditional advertising with BGP. In a real life scenario this can be used to only announce routes to your backup provider when your primary link is down. In a lab scenario this can be used when you are faced with a scenario that says you have to make sure that traffic comes in on interface X/X but if that interface fails it should come in on interface Y/Y. The image below describes the scenario.
We start by putting addresses on interfaces and enable basic BGP. The loopbacks on the Cust router are used for announcing networks.
Cust:
interface Loopback1
ip address 1.1.1.1 255.255.255.0
!
interface Loopback2
ip address 2.2.2.2 255.255.255.0
!
interface Loopback3
ip address 3.3.3.3 255.255.255.0
!
interface Loopback4
ip address 4.4.4.4 255.255.255.0
!
interface FastEthernet0/0
ip address 136.1.13.3 255.255.255.0
no shut
!
interface Serial0/0
ip address 136.1.23.3 255.255.255.0
clock rate 2000000
no shut
!
router bgp 300
no synchronization
bgp log-neighbor-changes
network 1.1.1.0 mask 255.255.255.0
network 2.2.2.0 mask 255.255.255.0
network 3.3.3.0 mask 255.255.255.0
network 4.4.4.0 mask 255.255.255.0
network 136.1.13.0 mask 255.255.255.0
neighbor 136.1.13.1 remote-as 100
neighbor 136.1.23.2 remote-as 200
no auto-summary
ISP1:
interface FastEthernet0/0
ip address 136.1.12.1 255.255.255.0
no shut
!
interface FastEthernet0/1
ip address 136.1.13.1 255.255.255.0
no shut
!
router bgp 100
no synchronization
bgp log-neighbor-changes
network 136.1.12.0 mask 255.255.255.0
neighbor 136.1.12.2 remote-as 200
neighbor 136.1.13.3 remote-as 300
no auto-summary
ISP2:
interface FastEthernet0/0
ip address 136.1.12.2 255.255.255.0
no shut
!
interface Serial0/0
ip address 136.1.23.2 255.255.255.0
clock rate 2000000
no shut
!
router bgp 200
no synchronization
bgp log-neighbor-changes
neighbor 136.1.12.1 remote-as 100
neighbor 136.1.23.3 remote-as 300
no auto-summary
If we look at ISP2 we have two active BGP session with four prefixes over each.
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
136.1.12.1 4 100 6 7 9 0 0 00:01:47 4
136.1.23.3 4 300 5 6 9 0 0 00:00:33 4
ISP2#sh ip bgp
BGP table version is 9, local router ID is 136.1.23.2
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
r RIB-failure, S Stale
Origin codes: i – IGP, e – EGP, ? – incomplete
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.0/24 136.1.23.3 0 0 300 i
* 136.1.12.1 0 100 300 i
*> 2.2.2.0/24 136.1.23.3 0 0 300 i
* 136.1.12.1 0 100 300 i
*> 3.3.3.0/24 136.1.23.3 0 0 300 i
* 136.1.12.1 0 100 300 i
*> 4.4.4.0/24 136.1.23.3 0 0 300 i
* 136.1.12.1 0 100 300 i
Lets do a ping and traceroute to verify reachability first.
ISP2#ping 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/38/88 ms
ISP2#trace
ISP2#traceroute 1.1.1.1
Type escape sequence to abort.
Tracing the route to 1.1.1.1
1 136.1.23.3 44 msec * 84 msec
We have reachability. The next step is to announce the Ethernet link on the
cust router into BGP. We need this prefix in BGP to be able to track it.
Cust(config)#router bgp 300
Cust(config-router)#network 136.1.13.0 mask 255.255.255.0
ISP will see this prefix as a RIB-failure since it has a route with better AD (connected).
We then configure the Cust router to only advertise 1.1.1.0/24 if the Ethernet link is down.
Cust#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Cust(config)#ip prefix-list 1-NETWORK seq 5 permit 1.1.1.0/24
Cust(config)#ip prefix-list 13-NETWORK seq 5 permit 136.1.13.0/24
Cust(config)#route-map ADVERTISE permit 10
Cust(config-route-map)#match ip address prefix-list 1-NETWORK
Cust(config-route-map)#exit
Cust(config)#route-map NON_EXIST permit 10
Cust(config-route-map)#match ip address prefix-list 13-NETWORK
Cust(config-route-map)#exit
Cust(config)#router bgp 300
Cust(config-router)#neighbor 136.1.13.1 advertise-map ADVERTISE non-exist-map NON_EXIST
Cust(config-router)#^Z
The advertise-map permits prefixes to be announced when the prefixes in the NON_EXIST map are not in the BGP table.
Other prefixes will not be affected by this configuration. Lets look at what Cust is announcing to ISP2.
Cust#sh bgp ipv4 uni nei 136.1.23.2 advertised-routes
BGP table version is 7, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
r RIB-failure, S Stale
Origin codes: i – IGP, e – EGP, ? – incomplete
Network Next Hop Metric LocPrf Weight Path
*> 2.2.2.0/24 0.0.0.0 0 32768 i
*> 3.3.3.0/24 0.0.0.0 0 32768 i
*> 4.4.4.0/24 0.0.0.0 0 32768 i
*> 136.1.13.0/24 0.0.0.0 0 32768 i
Total number of prefixes 4
We can see that 1.1.1.0/24 is no longer being announced. Ping from ISP2 confirms reachability and a traceroute shows that traffic is passing through ISP1.
ISP2#ping 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 44/76/108 ms
ISP2#traceroute 1.1.1.1
Type escape sequence to abort.
Tracing the route to 1.1.1.1
1 136.1.12.1 100 msec 96 msec 44 msec
2 136.1.13.3 [AS 300] 92 msec * 116 msec
We then do a shutdown of the Ethernet link on Cust and look at the results.
Cust#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Cust(config)#int f0/0
Cust(config-if)#sh
Cust(config-if)#
*Mar 1 00:27:22.007: %BGP-5-ADJCHANGE: neighbor 136.1.13.1 Down Interface flap
Cust(config-if)#
*Mar 1 00:27:23.983: %LINK-5-CHANGED: Interface FastEthernet0/0, changed state to administratively down
*Mar 1 00:27:24.983: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to down
Cust(config-if)#
Cust#sh bgp ipv4 uni nei 136.1.23.2 advertised-routes
BGP table version is 12, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
r RIB-failure, S Stale
Origin codes: i – IGP, e – EGP, ? – incomplete
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.0/24 0.0.0.0 0 32768 i
*> 2.2.2.0/24 0.0.0.0 0 32768 i
*> 3.3.3.0/24 0.0.0.0 0 32768 i
*> 4.4.4.0/24 0.0.0.0 0 32768 i
Total number of prefixes 4
BGP table on ISP2. Ping working and traffic now going the direct path.
ISP2#sh ip bgp
BGP table version is 15, local router ID is 136.1.23.2
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
r RIB-failure, S Stale
Origin codes: i – IGP, e – EGP, ? – incomplete
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.0/24 136.1.23.3 0 0 300 i
* 136.1.12.1 0 100 300 i
*> 2.2.2.0/24 136.1.23.3 0 0 300 i
* 136.1.12.1 0 100 300 i
*> 3.3.3.0/24 136.1.23.3 0 0 300 i
* 136.1.12.1 0 100 300 i
*> 4.4.4.0/24 136.1.23.3 0 0 300 i
* 136.1.12.1 0 100 300 i
r> 136.1.12.0/24 136.1.12.1 0 0 100 i
*> 136.1.13.0/24 136.1.12.1 0 100 300 i
ISP2#ping 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/40/80 ms
ISP2#tra
ISP2#traceroute 1.1.1.1
Type escape sequence to abort.
Tracing the route to 1.1.1.1
1 136.1.23.3 92 msec * 24 msec
If we debug BGP updates we will se entries like this.
*Mar 1 01:05:03.067: BPG(0): Condition NON_EXIST changes to Withdraw
*Mar 1 01:05:03.067: BPG(0): Condition NON_EXIST changes to Withdraw
*Mar 1 01:06:03.079: BPG(0): Condition NON_EXIST changes to Advertise
*Mar 1 01:06:03.079: BPG(0): Condition NON_EXIST changes to Advertise
Simple and effective.
You’re announcing network 1.1.1.0/24 when network 136.1.13.0/24 is down to the neighbor that is a part of this network:
“Cust(config-router)#neighbor 136.1.13.1 advertise-map ADVERTISE non-exist-map NON_EXIST”
You should announce it to neighbor 136.1.23.1 ….