Help on Influencing Outbound Path Selection from selected source only
badsector
Member Posts: 11 ■□□□□□□□□□
Hi i posted in the CCIP section because i know you specialized in BGP.
Im looking for a way to influence outbound traffic from my internal network to the internet.
My setup: I have 2 border routers in iBGP and peered to 5 ISP's using eBGP,
I want to force route outbound traffic from my internal network (selected source ip only) to one or two of my ISP, say to ISP_A or to both ISP_B and ISP_C.
What i found in Cisco is the BGP attribute "local_pref" under Influencing Outbound Path Selection Using the Local_Pref Attribute.
However i only want selected source ip address applied into the Local_Pref, say 35 IP host only, instead of all my network prefix.
Is it possible?
Thank you for your help in advance.
Im looking for a way to influence outbound traffic from my internal network to the internet.
My setup: I have 2 border routers in iBGP and peered to 5 ISP's using eBGP,
I want to force route outbound traffic from my internal network (selected source ip only) to one or two of my ISP, say to ISP_A or to both ISP_B and ISP_C.
What i found in Cisco is the BGP attribute "local_pref" under Influencing Outbound Path Selection Using the Local_Pref Attribute.
However i only want selected source ip address applied into the Local_Pref, say 35 IP host only, instead of all my network prefix.
Is it possible?
Thank you for your help in advance.
Network and Security Engineering
Comments
Be careful when changing the outbound local preference, depending on your topology there is the potential of creating a loop. Especially if your border routers aren't directly connected.
Disclaimer: I don't actually work with BGP, just studying for the BGP exam. So you may want to wait for someone more experienced to weigh in.
I remember reading a Cisco doc on PBR's when I was implementing it for my previous company..... let me see if I can dig it up.
But for what you want to achieve PBR really sounds like what you are after as said by the previous two posters.
Now to dig up this link
CCNA | CCNA:Security | CCNP | CCIP
JNCIA:JUNOS | JNCIA:EX | JNCIS:ENT | JNCIS:SEC
JNCIS:SP | JNCIP:SP
hmm ... let me help a little bit
1. defined ACL to match some criteria
2. next-hop
3. interfaces.
cheers
I've seen something similar with load balancing all traffic to 2 ISP in combination with ospf default-info originate.
no that's just how you configure it
I meant an actualy criteria list.... which if not met means the PBR may not work as expected.... Now I've got some spare time I'm goin to try and dig up that link..
CCNA | CCNA:Security | CCNP | CCIP
JNCIA:JUNOS | JNCIA:EX | JNCIS:ENT | JNCIS:SEC
JNCIS:SP | JNCIP:SP
Yeah I don't see why not.... that is essentially a PBR.... but if you tag the specific hosts that means your setting the next hop for all their traffic.....
Generally with PBR's you are trying to be as specific as possible...
e.g this SRC to this DST -> send via this next-hop... if the SRC & DST doesn't match ignore the PBR and use a route-table lookup to send it to either via the gateway of last resort or the closest prefix match in the normal route table.
CCNA | CCNA:Security | CCNP | CCIP
JNCIA:JUNOS | JNCIA:EX | JNCIS:ENT | JNCIS:SEC
JNCIS:SP | JNCIP:SP
hahaha ... PBR's ACL doesnt drop traffic
all those traffic that dont match the ACL will just passing thru regular link.
so, basically this thread has nothing to do with BGP right?
its just a basic PBR thing?
oooo ... i missed my cisco certs
nope, i cant do that. i'm not tempted yet
its junos session now
i'll continue after my JNCIS
Mate, what are you smoking?
Where did I say it would drop the traffic? I said it wouldn't work as expected... meaning the next hop wouldn't be followed.... so it defeats the purpose of setting the next-hop address, it would as you said use the usual route table to lookup the exit point...
Now back to what are you smoking??? Remember... Puff, Puff, Pass....
CCNA | CCNA:Security | CCNP | CCIP
JNCIA:JUNOS | JNCIA:EX | JNCIS:ENT | JNCIS:SEC
JNCIS:SP | JNCIP:SP
hahahaha .. you've got me partner
He wants to force outbound traffic from certain source hosts in his internal network to take a different path. BGP communities / community lists would not be an option.