Help on Influencing Outbound Path Selection from selected source only
badsector
Member Posts: 11 ■□□□□□□□□□
Hi i posted in the CCIP section because i know you specialized in BGP.
Im looking for a way to influence outbound traffic from my internal network to the internet.
My setup: I have 2 border routers in iBGP and peered to 5 ISP's using eBGP,
I want to force route outbound traffic from my internal network (selected source ip only) to one or two of my ISP, say to ISP_A or to both ISP_B and ISP_C.
What i found in Cisco is the BGP attribute "local_pref" under Influencing Outbound Path Selection Using the Local_Pref Attribute.
However i only want selected source ip address applied into the Local_Pref, say 35 IP host only, instead of all my network prefix.
Is it possible?
Thank you for your help in advance.
Im looking for a way to influence outbound traffic from my internal network to the internet.
My setup: I have 2 border routers in iBGP and peered to 5 ISP's using eBGP,
I want to force route outbound traffic from my internal network (selected source ip only) to one or two of my ISP, say to ISP_A or to both ISP_B and ISP_C.
What i found in Cisco is the BGP attribute "local_pref" under Influencing Outbound Path Selection Using the Local_Pref Attribute.
However i only want selected source ip address applied into the Local_Pref, say 35 IP host only, instead of all my network prefix.
Is it possible?
Thank you for your help in advance.
Network and Security Engineering
Comments
-
kalebksp Member Posts: 1,033 ■■■■■□□□□□If I'm understanding you correctly you want to specify your outbound route based on the packets source IP address. If that's correct you should look into policy routing.
Be careful when changing the outbound local preference, depending on your topology there is the potential of creating a loop. Especially if your border routers aren't directly connected.
Disclaimer: I don't actually work with BGP, just studying for the BGP exam. So you may want to wait for someone more experienced to weigh in. -
tim100 Member Posts: 162As kalebksp stated, what you are looking for is policy based routing. The Local Preference attribute is used to influence outbound path selection based on destination prefixes.
-
APA Member Posts: 959there's certain criteria that need to be met for PBR's to work successfully though...
I remember reading a Cisco doc on PBR's when I was implementing it for my previous company..... let me see if I can dig it up.
But for what you want to achieve PBR really sounds like what you are after as said by the previous two posters.
Now to dig up this link
CCNA | CCNA:Security | CCNP | CCIP
JNCIA:JUNOS | JNCIA:EX | JNCIS:ENT | JNCIS:SEC
JNCIS:SP | JNCIP:SP -
rossonieri#1 Member Posts: 799 ■■■□□□□□□□there's certain criteria that need to be met for PBR's to work successfully though...
hmm ... let me help a little bit
1. defined ACL to match some criteria
2. next-hop
3. interfaces.
cheersthe More I know, that is more and More I dont know. -
bighornsheep Member Posts: 1,506Could you perhaps tag the 35 hosts as a BGP community and set an inbound policy on your border routers to forward to the next-hop of the desire ISP?
I've seen something similar with load balancing all traffic to 2 ISP in combination with ospf default-info originate.Jack of all trades, master of none -
APA Member Posts: 959rossonieri#1 wrote: »hmm ... let me help a little bit
1. defined ACL to match some criteria
2. next-hop
3. interfaces.
cheers
no that's just how you configure it
I meant an actualy criteria list.... which if not met means the PBR may not work as expected.... Now I've got some spare time I'm goin to try and dig up that link..
CCNA | CCNA:Security | CCNP | CCIP
JNCIA:JUNOS | JNCIA:EX | JNCIS:ENT | JNCIS:SEC
JNCIS:SP | JNCIP:SP -
APA Member Posts: 959bighornsheep wrote: »Could you perhaps tag the 35 hosts as a BGP community and set an inbound policy on your border routers to forward to the next-hop of the desire ISP?
I've seen something similar with load balancing all traffic to 2 ISP in combination with ospf default-info originate.
Yeah I don't see why not.... that is essentially a PBR.... but if you tag the specific hosts that means your setting the next hop for all their traffic.....
Generally with PBR's you are trying to be as specific as possible...
e.g this SRC to this DST -> send via this next-hop... if the SRC & DST doesn't match ignore the PBR and use a route-table lookup to send it to either via the gateway of last resort or the closest prefix match in the normal route table.
CCNA | CCNA:Security | CCNP | CCIP
JNCIA:JUNOS | JNCIA:EX | JNCIS:ENT | JNCIS:SEC
JNCIS:SP | JNCIP:SP -
rossonieri#1 Member Posts: 799 ■■■□□□□□□□@ APA
hahaha ... PBR's ACL doesnt drop traffic
all those traffic that dont match the ACL will just passing thru regular link.
so, basically this thread has nothing to do with BGP right?
its just a basic PBR thing?
oooo ... i missed my cisco certs
nope, i cant do that. i'm not tempted yet
its junos session now
i'll continue after my JNCISthe More I know, that is more and More I dont know. -
APA Member Posts: 959rossonieri#1 wrote: »@ APA
hahaha ... PBR's ACL doesnt drop traffic
all those traffic that dont match the ACL will just passing thru regular link.
Mate, what are you smoking?
Where did I say it would drop the traffic? I said it wouldn't work as expected... meaning the next hop wouldn't be followed.... so it defeats the purpose of setting the next-hop address, it would as you said use the usual route table to lookup the exit point...
Now back to what are you smoking??? Remember... Puff, Puff, Pass....
CCNA | CCNA:Security | CCNP | CCIP
JNCIA:JUNOS | JNCIA:EX | JNCIS:ENT | JNCIS:SEC
JNCIS:SP | JNCIP:SP -
rossonieri#1 Member Posts: 799 ■■■□□□□□□□Now back to what are you smoking??? Remember... Puff, Puff, Pass....
hahahaha .. you've got me partnerthe More I know, that is more and More I dont know. -
tim100 Member Posts: 162bighornsheep wrote: »Could you perhaps tag the 35 hosts as a BGP community and set an inbound policy on your border routers to forward to the next-hop of the desire ISP?
He wants to force outbound traffic from certain source hosts in his internal network to take a different path. BGP communities / community lists would not be an option.