BGP communities question

Philip · July 29, 2014, 11:16pm

Hello Nanog,

I'm fairly new to running my employers multihomed BGP network with our own
ASN.
Things have been relatively smooth and stable for the past few months.

We have 2 upstream ISP's giving us full routes.
We have a single link to each provider, but I run two BGP sessions over
that single link so I can have router redundancy. My routers are run in an
active-passive configuration.

With ISP-A, they have configured our 2 BGP sessions such that the secondary
session (our passive router), although the BGP session is up, no traffic is
directed there unless the primary router's BGP session goes away. This
prevents asymmetric routing problems with my active/passive config.
ISP-A attributes this config to the fact that we have 2 sessions, but on
the same router, with a config on their router that looks like this:
#show <http://r04.lsanca03.us.bb#show> running-config interface tenGigE
0/1/0/7
interface TenGigE0/1/0/7
description: 10GbE
service-policy input cust1-in
service-policy output cust1-out
ipv4 address xxx.xxx.xxx.xxx 255.255.255.252
ipv4 address xxx.xxx.xxx.yyy 255.255.255.252 secondary
ipv4 verify unicast source reachable-via any allow-self-ping

ISP-B says they aren't able to do this active/passive config without us
getting 2 physical links (kind of opposite what ISP-A is saying)
They recommend that we use local pref and communities to direct traffic to
our primary BGP session and only using the secondary session if the primary
fails.

Does that recommendation make sense? Will setting the local pref via ISP-B
community strings accomplish this active/passive traffic split that I'm
looking for?

Looking through the documentation on this providers site about which
community string needs to be set, it seems like I just need to make the
primary router BGP session community string higher than the default, and
the passive router BGP session community string lower than the default and
that will get me the desired behavior.

Is that the proper way of achieving the traffic flows for active / passive
config from provider to my gear?

Thank you,

Philip

Dave_Bell · July 30, 2014, 1:33pm

This sounds perfectly acceptable.

Your ISP-B should have a published list of communities that do
different things. You need to choose the specific community to get the
behaviour you are after. For example you can see a list of what Level3
accept from customers about half way down here:
http://onesc.net/communities/as3356/.

From them you may choose 3356:70 and 3356:90. Arbitrarily choosing a

community may break things. For example, you probably would not want
to use 3356:9999.

You will also need to remember to set the local pref on your side of
the link to ensure that you don't get asymmetric traffic flows.

Be careful with BGP. You can break a lot of things if you don't know
what you are doing.

Regards,
Dave