Re: BGP communities question

[Dave Bell <me () geordish org>]

This sounds perfectly acceptable.

Your ISP-B should have a published list of communities that do
different things. You need to choose the specific community to get the
behaviour you are after. For example you can see a list of what Level3
accept from customers about half way down here:
http://onesc.net/communities/as3356/.

> From them you may choose 3356:70 and 3356:90. Arbitrarily choosing a
community may break things. For example, you probably would not want
to use 3356:9999.

You will also need to remember to set the local pref on your side of
the link to ensure that you don't get asymmetric traffic flows.

Be careful with BGP. You can break a lot of things if you don't know
what you are doing.

Regards,
Dave

On 30 July 2014 00:16, Philip <disordr () gmail com> wrote:
> Hello Nanog,
>
> I'm fairly new to running my employers multihomed BGP network with our own
> ASN.
> Things have been relatively smooth and stable for the past few months.
>
> We have 2 upstream ISP's giving us full routes.
> We have a single link to each provider, but I run two BGP sessions over
> that single link so I can have router redundancy. My routers are run in an
> active-passive configuration.
>
> With ISP-A, they have configured our 2 BGP sessions such that the secondary
> session (our passive router), although the BGP session is up, no traffic is
> directed there unless the primary router's BGP session goes away. This
> prevents asymmetric routing problems with my active/passive config.
> ISP-A attributes this config to the fact that we have 2 sessions, but on
> the same router, with a config on their router that looks like this:
> #show <http://r04.lsanca03.us.bb#show> running-config interface tenGigE
> 0/1/0/7
> interface TenGigE0/1/0/7
>  description: 10GbE
>  service-policy input cust1-in
>  service-policy output cust1-out
>  ipv4 address xxx.xxx.xxx.xxx 255.255.255.252
>  ipv4 address xxx.xxx.xxx.yyy 255.255.255.252 secondary
>  ipv4 verify unicast source reachable-via any allow-self-ping
>
>
> ISP-B says they aren't able to do this active/passive config without us
> getting 2 physical links (kind of opposite what ISP-A is saying)
> They recommend that we use local pref and communities to direct traffic to
> our primary BGP session and only using the secondary session if the primary
> fails.
>
> Does that recommendation make sense? Will setting the local pref via ISP-B
> community strings accomplish this active/passive traffic split that I'm
> looking for?
>
> Looking through the documentation on this providers site about which
> community string needs to be set, it seems like I just need to make the
> primary router BGP session community string higher than the default, and
> the passive router BGP session community string lower than the default and
> that will get me the desired behavior.
>
> Is that the proper way of achieving the traffic flows for active / passive
> config from provider to my gear?
>
> Thank you,
>
> Philip