Help on Influencing Outbound Path Selection from selected source only

badsectorbadsector Member Posts: 11 ■□□□□□□□□□
Hi i posted in the CCIP section because i know you specialized in BGP.

Im looking for a way to influence outbound traffic from my internal network to the internet.

My setup: I have 2 border routers in iBGP and peered to 5 ISP's using eBGP,

I want to force route outbound traffic from my internal network (selected source ip only) to one or two of my ISP, say to ISP_A or to both ISP_B and ISP_C.

What i found in Cisco is the BGP attribute "local_pref" under Influencing Outbound Path Selection Using the Local_Pref Attribute.

However i only want selected source ip address applied into the Local_Pref, say 35 IP host only, instead of all my network prefix.

Is it possible?

Thank you for your help in advance.
Network and Security Engineering

Comments

  • kalebkspkalebksp Member Posts: 1,033 ■■■■■□□□□□
    If I'm understanding you correctly you want to specify your outbound route based on the packets source IP address. If that's correct you should look into policy routing.

    Be careful when changing the outbound local preference, depending on your topology there is the potential of creating a loop. Especially if your border routers aren't directly connected.

    Disclaimer: I don't actually work with BGP, just studying for the BGP exam. So you may want to wait for someone more experienced to weigh in.
  • tim100tim100 Member Posts: 162
    As kalebksp stated, what you are looking for is policy based routing. The Local Preference attribute is used to influence outbound path selection based on destination prefixes.
  • APAAPA Member Posts: 959
    there's certain criteria that need to be met for PBR's to work successfully though...

    I remember reading a Cisco doc on PBR's when I was implementing it for my previous company..... let me see if I can dig it up.

    But for what you want to achieve PBR really sounds like what you are after as said by the previous two posters.

    Now to dig up this link :)

    CCNA | CCNA:Security | CCNP | CCIP
    JNCIA:JUNOS | JNCIA:EX | JNCIS:ENT | JNCIS:SEC
    JNCIS:SP | JNCIP:SP
  • rossonieri#1rossonieri#1 Member Posts: 800
    there's certain criteria that need to be met for PBR's to work successfully though...

    hmm ... let me help a little bit :)
    1. defined ACL to match some criteria
    2. next-hop
    3. interfaces.

    cheers ;)
    the More I know, that is more and More I dont know.
  • bighornsheepbighornsheep Member Posts: 1,506
    Could you perhaps tag the 35 hosts as a BGP community and set an inbound policy on your border routers to forward to the next-hop of the desire ISP?

    I've seen something similar with load balancing all traffic to 2 ISP in combination with ospf default-info originate.
    Jack of all trades, master of none
  • APAAPA Member Posts: 959
    hmm ... let me help a little bit :)
    1. defined ACL to match some criteria
    2. next-hop
    3. interfaces.

    cheers ;)

    no that's just how you configure it :)

    I meant an actualy criteria list.... which if not met means the PBR may not work as expected.... Now I've got some spare time I'm goin to try and dig up that link.. :)

    CCNA | CCNA:Security | CCNP | CCIP
    JNCIA:JUNOS | JNCIA:EX | JNCIS:ENT | JNCIS:SEC
    JNCIS:SP | JNCIP:SP
  • APAAPA Member Posts: 959
    Could you perhaps tag the 35 hosts as a BGP community and set an inbound policy on your border routers to forward to the next-hop of the desire ISP?

    I've seen something similar with load balancing all traffic to 2 ISP in combination with ospf default-info originate.

    Yeah I don't see why not.... that is essentially a PBR.... but if you tag the specific hosts that means your setting the next hop for all their traffic.....

    Generally with PBR's you are trying to be as specific as possible...

    e.g this SRC to this DST -> send via this next-hop... if the SRC & DST doesn't match ignore the PBR and use a route-table lookup to send it to either via the gateway of last resort or the closest prefix match in the normal route table.

    CCNA | CCNA:Security | CCNP | CCIP
    JNCIA:JUNOS | JNCIA:EX | JNCIS:ENT | JNCIS:SEC
    JNCIS:SP | JNCIP:SP
  • rossonieri#1rossonieri#1 Member Posts: 800
    @ APA ;)

    hahaha ... PBR's ACL doesnt drop traffic ;)
    all those traffic that dont match the ACL will just passing thru regular link.

    so, basically this thread has nothing to do with BGP right?
    its just a basic PBR thing?

    oooo ... i missed my cisco certs ;)
    nope, i cant do that. i'm not tempted yet icon_lol.gif
    its junos session now icon_lol.gif
    i'll continue after my JNCIS ;)
    the More I know, that is more and More I dont know.
  • APAAPA Member Posts: 959
    @ APA ;)

    hahaha ... PBR's ACL doesnt drop traffic ;)
    all those traffic that dont match the ACL will just passing thru regular link.

    Mate, what are you smoking? :p

    Where did I say it would drop the traffic? I said it wouldn't work as expected... meaning the next hop wouldn't be followed.... so it defeats the purpose of setting the next-hop address, it would as you said use the usual route table to lookup the exit point...

    Now back to what are you smoking??? Remember... Puff, Puff, Pass....

    CCNA | CCNA:Security | CCNP | CCIP
    JNCIA:JUNOS | JNCIA:EX | JNCIS:ENT | JNCIS:SEC
    JNCIS:SP | JNCIP:SP
  • rossonieri#1rossonieri#1 Member Posts: 800
    Now back to what are you smoking??? Remember... Puff, Puff, Pass....

    hahahaha .. you've got me partner icon_lol.gif
    the More I know, that is more and More I dont know.
  • tim100tim100 Member Posts: 162
    Could you perhaps tag the 35 hosts as a BGP community and set an inbound policy on your border routers to forward to the next-hop of the desire ISP?

    He wants to force outbound traffic from certain source hosts in his internal network to take a different path. BGP communities / community lists would not be an option.
Sign In or Register to comment.