Re: BGP circular routing

Sat, 01 May 2021 15:03:52 -0700 

On Thu, 29 Apr 2021 12:04:53 -0000 (UTC)
Stuart Henderson <s...@spacehopper.org> wrote:

> On 2021-04-29, Marko Cupać <marko.cu...@mimar.rs> wrote:
> > (...)
> > I have a problem with circular routing on a site which talks
> > BGP with two upstream providers, with traffic to site which has
> > static default route over third ISP:
> >
> >       --> ISP1 --> ISP3 --> 
> > SITEA                        SITEB
> >       <-- ISP2 <-- ISP3 <--
> 
> Asymmetric routing (circular suggest that it's looping so you have
> no working connecticity, which I tuink ks not what you're describing).

Yes, thank you for the correction.

> > I tried to prepend self / neighbor to ISP2 - no change (ISP1 has
> > best routes for 99% of the prefixes, including to SITEB). I
> > contacted ISP2, they said the problem is with ISP3. I contacted
> > ISP3, they said ISP2 announces my prefix (they're my LIR) so the
> > best route is over them. I contacted ISP2 again, they said they
> > prepended my prefix to ISP3, but situation is the same.
> >
> > Is it OK for ISP2 (my LIR) to announce and prepend my prefix? I
> > thought I should be in control of that.
> >
> > Is there anything I can do about the situation?
> 
> You can't do much to control incoming traffic though you can sometimes
> influence it. But you do control which routes you accept/prefer. If
> you want to avoid the assymetric path, you need to prefer ISP2's
> announcwments for SITEB, for example you could match and give it a
> higher localpref.

That was really helpful suggestion. I increased SITEB's localpref:

match from $ISP2 prefix { A.B.C.D/E } set localpref 200

...and I ended up sending and receiving traffic to SITEB through the
same interface over ISP2. This is even better because link over ISP2
until now had almost no outgoing traffic, while the one over ISP1 was
heavily utilized.

> Is it causing a problem though? This is completely normal and expected
> on the internet.

I was seeing quite a number of state-mismatch packets in SITEB's PF
info, which is the reason why I wanted to make traffic come and go
through same interface on SITEA. Traffic between the sites is ipsec
protected GRE tunnel, so isakmpd (udp) and esp. I suspect
state-mismatch was due to slight difference in latency of links.

It is to early to say that for sure, but I think I am noticing much
less state-mismatch packets in SITEB's PF info since the change.

Thanks!

-- 
Before enlightenment - chop wood, draw water.
After  enlightenment - chop wood, draw water.

Marko Cupać
https://www.mimar.rs/

Reply via email to