RE: Verifying BGP MED when we don't have access to an AS

From: Marc (tan@dia.janis.or.jp)
Date: Fri Apr 25 2003 - 02:48:31 GMT-3

• Next message: Oliver Ziltener: "AW: ACL/prefix lists + VLANs load balancing"
• Previous message: Daniel Cisco Group Study: "RE: Frame-Relay Traffic Shaping "Be" Value"
• Maybe in reply to: Umair Hoodbhoy: "Verifying BGP MED when we don't have access to an AS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Umair,

You may also set the origin attribute to manipulate path choice on a router
out of your domain control.

example
r1
conf t
 router b 666
  nei r3 route-map tor3 out
  exit
 route-map tor3 permit 10
  match route to manipulate
  set origin igp
 rm tor3 permit 20

r2
repeat as above except
  set origin unknown

R3 and r4 will swap routes and the route with origin igp will be preferred.
To test this, send a ping into AS999 with source of the manipulated route
range and run debug ip packet detail with no ip route-cache on r1 and see
which edge router, r1 or r2, is first stop on return path.

Marc

> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
> Umair Hoodbhoy
> Sent: Monday, April 21, 2003 7:16 AM
> To: ccielab@groupstudy.com
> Subject: Verifying BGP MED when we don't have access to an AS
>
>
> Hi all,
>
> The Problem:
> AS 666 is multihomed to another ISP which owns AS 999. R1 and R2 (IBGP
> neighbors) are in AS666 while R3 and R4 (also IBGP neighbors) are in
> AS999. I'm pretty lousy at art, but here's an attempt with ASCII art:
>
> AS666 AS999
> R1 ---------- R3
> | |
> | |
> R2 ---------- R4
>
> This is simplified of course and in reality there are other
> networks in
> either AS. The question is make all attempts to access a particular
> network X in AS666 from AS999 go through R2.
>
> The Solution:
> Okay, it sounds very simple, all you have to do is tweak MED on the
> R1->R3 and R2->R4 EBGP links. The problem is how to verify that the
> solution works. According to Doyle II, Halabi, and CCO (Doc CD + Tech
> Tips), you just do a 'show ip bgp neighbor a.b.c.d routes' on R3 or R4
> and you'll see the metric bumped up. But what if you don't have access
> to those routers? I'm wondering how they do it in the real
> world between
> ISPs. By just doing a 'show ip bgp neighbor a.b.c.d advertised' on R1
> and R2 doesn't reflect the altered MED. Sure you can do a
> 'debug ip bgp
> updates out' and see the metric set in the outgoing update but it
> doesn't give a nice comparative indication like the 'show ip bgp
> neighbor a.b.c.d advertised' output does. Moreover, the
> question was to
> make sure that all attempts to access a particular network X in AS666
> from AS999 go through R2. The way I see it, since you don't
> have access
> to the other ISP's routers, you can't really verify. Is that correct?
>
> Am also interested to know how folks manage this in the real world of
> ISPs. TIA.
>
> -- Umair

• Next message: Oliver Ziltener: "AW: ACL/prefix lists + VLANs load balancing"
• Previous message: Daniel Cisco Group Study: "RE: Frame-Relay Traffic Shaping "Be" Value"
• Maybe in reply to: Umair Hoodbhoy: "Verifying BGP MED when we don't have access to an AS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu May 01 2003 - 13:36:06 GMT-3