[vc_row][vc_column][vc_column_text]For incoming traffic, the first option is to prepend the AS path towards the ISP that sends too much incoming traffic. This adds our own AS number one or more extra times to the AS path, making the AS path longer and thus less attractive.
router bgp 64496
neighbor 10.93.194.25 remote-as 65550
neighbor 10.93.194.25 description ISP A
neighbor 10.93.194.25 route-map traffic-eng-in-ispa out
!
route-map traffic-eng-in-ispa permit 10
set as-path prepend 64496
!
However, the AS hierarchy of the internet is very flat. This means that most networks see the same path length through ISPs A and B, and make their selection based on (rather meaningless) tie breakers. By now making the path over ISP A longer, all those paths that were previously the same length as seen by many remote ASes are now shorter through ISP B. So in most cases, a path prepend is too effective.
See Figure 7. Here, ASes 100, 200, 300 and 400 see the same path length towards AS 1 through ISPs A and B. Three of them select the path through ISP A due to the BGP tie breaker rules and one selects the path through ISP B. So AS 1 receives 75% of its traffic through ISP A. Figure 8 shows what happens when AS 1 prepends the AS path towards ISP A: now the path through A is longer for all four remote ASes, so 100% of traffic arrives through ISP B in this limited example.[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_single_image image=”6403″ img_size=”full”][vc_column_text]
Figure 7: Without traffic engineering, most incoming traffic flows through ISP A
[/vc_column_text][vc_column_text][wc_divider style=”solid” line=”single” margin_top=”” margin_bottom=””][/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_single_image image=”6407″ img_size=”full”][vc_column_text]
Figure 8: After an AS path prepend towards AS 10, all traffic flows through ISP B
[/vc_column_text][vc_column_text][wc_divider style=”solid” line=”single” margin_top=”” margin_bottom=””][/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_column_text]Some ISPs offer a mechanism to selectively prepend towards some of their peers. For instance, Level 3 customers can set the following communities:
remarks: customer traffic engineering
communities – Prepending
remarks: ————————————
remarks: 65001:0 – prepend once to all peers
remarks: 65001:XXX – prepend once at peerings
to AS XXX
remarks: 65002:0 – prepend twice to all peers
remarks: 65002:XXX – prepend twice at
peerings to AS XXX
remarks: 65003:0 – prepend 3x to all peers
remarks: 65003:XXX – prepend 3x at peerings
to AS XXX
remarks: 65004:0 – prepend 4x to all peers
remarks: 65004:XXX – prepend 4x at peerings to
AS XXX
remarks: ————————————–
So the following configuration asks Level 3 to prepend once towards Orange (AS 5511), Tata Communications (AS 6453) and AT&T (AS 7018).
router bgp 64496
neighbor 10.93.194.25 remote-as 65550
neighbor 10.93.194.25 description ISP A
neighbor 10.93.194.25 route-map traffic-eng-in-ispa out
neighbor 10.93.194.25 send-community
!
! the router may not send communities to BGP neighbors
! by default
!
route-map traffic-eng-in-ispa permit 10
set community 65001:5511 65001:6453 65001:7018
!
Another way to limit the effect of AS path prepending is rather than
advertise the entire address block as one prefix, split the block up
in smaller prefixes and only prepend some of those.
router bgp 64496
network 10.0.16.0 mask 255.255.252.0
network 10.0.16.0 mask 255.255.254.0
network 10.0.18.0 mask 255.255.254.0
neighbor 10.93.194.25 remote-as 65550
neighbor 10.93.194.25 description ISP A
neighbor 10.93.194.25 route-map traffic-eng-in-ispa
out
neighbor 10.93.194.25 prefix-list outfilter out
neighbor 10.93.194.25 send-community
!
ip route 10.0.16.0 255.255.252.0 Null0
ip route 10.0.16.0 255.255.254.0 Null0
ip route 10.0.18.0 255.255.254.0 Null0
!
! null route: our own prefix needs to be in the
! routing table or it won’t be advertised in BGP
!
ip as-path access-list 1 permit ^(64496_)*$
!
! regular expression that only allows AS paths
! with our AS 0 or more times
!
ip prefix-list outfilter seq 5 permit 10.0.16.0/22 le
23
!
! allow advertising subprefixes up to /23
!
ip prefix-list prepend seq 5 permit 10.0.16.0/23
!
route-map traffic-eng-in-ispa permit 10
match ip address prefix-list prepend
set as-path prepend 64496
!
route-map traffic-eng-in-ispa permit 20
!
The result is that the /22 address block is now advertised as two /23s, where 10.0.16.0/23 is prepended but 10.0.18.0/23 isn’t. The entire 10.0.16.0/22 is also still advertised to make sure the network remains reachable should the /23s be filtered out.
Networks that only have an IPv4 /24 or IPv6 /48 can’t use this technique effectively because prefixes longer than those aren’t generally accepted by remote ASes. Also, advertising more prefixes than necessary should be avoided, as it leads to unnecessary growth of the BGP table in routers throughout the world.
< previous[/vc_column_text][/vc_column][/vc_row]
