I have two routers, AS50 and AS100, both are under my control. Since they are using different ASN, they should be eBGP routers. These two routers are connected by internet VPN and lease line, which means dual path between these two routers.
Lease line will take higher preference on packet routing while internet VPN will act as backup.
My questions:
-
According to my reading, Local pref seems only applicable to iBGP not eBGP router, is this correct?
-
I am currently using prepend AS-path out method on both router, so the packet cover bidirectional routing. It seems work fine and I tested couple time on connection lost, BGP pick up change very quickly. But it did have couple packet loss in between. So when internet backup link in service, the primary link is recover, it will take couple packet loss before switching to primary link, is it possible to tell BGP test and ensure the primary link is functional before switching back from internet VPN backup link?
-
prepend always use "out" direction, is there have any real situation which prepend "in" could be use?
-
what will happen if I accidentally use local pref on eBGP routers instead of prepend?
Best Answer
Most of your confusion seems to be related to your other duplicate question, which is the same as 3. above...:
I'm sorry, but you are mistaken; prepending your ASN out adjusts traffic inbound to your ASN.
Yes, it does, but prepending inbound bgp routes influences outbound traffic flow from your BGP router. This is an example prepend in BGP policy to prepend 5 more of the last-as in the received AS path for an eBGP neighbor...
Let's clarify some things...
neighbor x.x.x.x route-map FOO_out out
adjusts traffic inbound to your ASN.neighbor x.x.x.x route-map FOO_in in
adjusts traffic outbound from your ASN; use local-preference or some other criteria to influence your outbound traffic.Example configuration:
NOTE: Prepending is deceptive; it might seem like nobody should select a path if you have prepended a lot of ASNs to your announcements, but even if you did that's no guarantee that downstream routers won't send traffic to you over that prepended path. The reality is that internet routing is still a per-hop / per-ASN decision, and you're still somewhat at the mercy of others. See below for an example.
Problems with AS-prepend traffic engineering
Strictly speaking, you loose complete control of inbound routing paths when you announce your prefix to multiple providers because there are independent routing decisions made downstream for return traffic to you. Furthermore, your announcements could even be modified by downstream providers after you send them.
Example
This is one example of what can happen. Continuing with the example configuration shown above...
The problem is that you only have complete control of your outbound routing decisions. You don't get complete control inbound... so let's suppose Router A's administrator doesn't know your link to AS100 is bad. They are dual-homed to AS200 and AS100, but AS100 offers much cheaper transit, per-Mbps; therefore Router A's engineer takes full routes from AS100 and only uses AS200 as a backup (taking only a default from them).
AS 100's engineering team decides to set a high local-pref for 2.2.2.0/22 announcements from you. As such , the combination of full routes at router A and AS 100’s local pref means that you’ve lost control for ingress traffic through AS 100 to AS 777.
To summarize, As the admin of AS 777, you can force AS 777’s egress traffic to Router A through AS 200, but traffic from Router A to 2.2.0.0/22 would still take AS 100 (because the best route is through AS 100, at Router A).