Some years ago I was consulting a project and there the team faced an issue with load-sharing the outbound traffic towards different eBGP neighbors from different ASs. They reached out to me and it took me some times to find the solution. Suddenly I was skimming through my documents and saw that, so I’m gonna share it here too.
When implementing BGP in a Cisco environment, you may want to load-share the outgoing traffic between multiple next-hops which you have. The first command which probably you are thinking of is maximum-path4 to use 4 different paths.
Yeah, that’s somehow true, but it requires the following attributes to match:
And for sure, the next-hop address for each path must also be different in order for that path to be considered. (imagine when multi-homing to the same router)
The point here is that, the router should receive the routes from the same AS.
So, what if we wanna load-share between different eBGP neighbors from different ASs?
Now we are delighted with an undocumented (unsupported) Cisco command:
OSPF external routes are automatically blocked from being redistributed in BGP by default.
A solution to minimize Internet route instability is using Aggregation. Fluctuation of any single route in an Aggregation does not cause fluctuation in the Aggregate itself.
Backdoor routes offer an alternative IGP path instead of external BGP path. Using Backdoor for specific routes, cause the administrative distance to be equal to BGP Local (200), so the IGP with the lower AD will be preferred.
By default, MED is not compared when routes are learned from different ASs. This behavior could be changed using the bgp always-compare-med command. When the bgp deterministic-med command is enabled, routes from the same autonomous system are grouped together, and the best entries of each group are compared. (useful link) An example of BGP table looks like this:
entry1: AS(PATH) 100, med 200, external, rid 220.127.116.11
entry2: AS(PATH) 500, med 100, internal, rid 172.16.8.4
entry3: AS(PATH) 500, med 150, external, rid 172.16.13.1
+ bgp deterministic-med Enabled, bgp always-compare-med Disabled: There is a group for AS 100 and a group for AS 500. The best entries for each group are compared. Entry1 is the best of its group because it is the only route from AS 100. Entry2 is the best for AS 500 because it has the lowest MED. Next, entry1 is compared to entry2. Since the two entries are not from the same neighbor autonomous system, the MED is not considered in the comparison. The external BGP route wins over the internal BGP route, making entry1 the best route.
When passing an EBGP route to an IBGP neighbor, the EBGP neighbor is set as the next-hop.
In NMBA partial-mesh networks, sometimes the next-hop-self command is required.
When connecting to an Internet eBGP neighbor, AS_PATH list that contains Private ASs, should be stripped.
An AS that advertises an Aggregate, considers itself the originator of that route, irrespective of where that route came from. This issue can cause a loop, so the solution is to use the AS_SET parameter before an aggregate-address.
Sometimes, customers prepend fake ASes, to prevent becoming a transit AS for providers.
Combine route injection in BGP with static Routes (with distance 254, for example) to Null0 if you want to prevent route fluctuation even if your IGP routing is not stable.
In most of the situations, METRIC is used for inbound traffic management and LOCAL_PREFERENCE is used for outbound traffic administration.
BGP multipath can be used to install multiple paths in the IP routing table if the paths are learned via the same neighboring AS. The maximum-paths command can be used to install up to six paths to a single destination. The following attributes of parallel paths have to match with the best path:
Service Provider should filter some IP prefixes in incoming updates, such as RFC1918. Because a customer should only advertise its global networks to the Service Provider.
Multihomed Customers should avoid becoming a Transit-AS. As by default in most of the cases the tie breaker for BGP is the Shortest AS-Path, so the providers connected to the to customer will use the customer link as a Transit-AS to reach each other.
Service Providers should filter Private addresses in incoming updates of Customers.
In a scenario where a customer has two border routers without IBGP, and IGP inside the AS, there will be no loops, but if running IBGP between the border routers, special care should be taken or a direct link between the two border routers is required.
Policy Routing only affects the Next-Hop. The destination is unchanged!
Policy Routing is CPU intensive, because it is based on the source unlike Dynamic and static routing. So, when routing based on the destination there is no need of Policy Routing.
Customers can only affect their outgoing traffic, and can’t directly affect incoming traffic.
(config)# ip as-path access-list# [permit/deny] regexp
(config-router)# neighborip-addressfilter-listas-path-filter# [in/out]