04-12-2021 11:51 PM
Hi All,
We have four tunnels(tunnel 1, tunnel 2, tunnel 3 and tunnel 4) configured to reach the AWS Network through BGP on an single default virtual router on the firewall and all the tunnels are up.
There are three ISP in total connected to the default router and Balanced round robin method is enabled on the firewall to pass the traffic. The Tunnel 2 and Tunnel 4 are used currently to pass the traffic.
tunnel 1 and 2 --> on ISP 1
Tunnel 2 and 3 --> on ISP 2
We need to use tunnel 1 to pass traffic to AWS and other tunnel should be idle.
I am thinking of using PBF to forward traffic to AWS through tunnel 1.
Is it the good idea or can we change some priority or metric values on the paths used by BGP to make the tunnel 1 priority and give lowest metric value to other tunnels.
04-13-2021 07:52 AM
Hi there,
You should look at BGP local preference to influence the outbound path to a prefix.
What you need to do is create separate BGP Peer Groups for each of the AWS BGP peers, eg: GrpAWSTun01... GrpAWSTun04.
Then create a BGP Import Rule, specifying that it is 'Used by' GrpAWSTun01, then under the 'Action' tab set the Local Preference to a value higher than the default of 100, eg 200. OK and commit.
Under the default router runtime stats, check the BGP Local RIB and observe that prefix received from the BGP Peers in GrpAWSTun01 have a higher Local Preference and are marked with a '*' to denote the preferred route.
To ensure symmetric route into and out of AWS it will be a good idea to set a complementary Export rules for the same peer and set a explicit MED value of 0 . Now because the default MED value is zero you need to create another Export rule, this time not specifying any peers (so as to match all remaining ones) and under the 'Action' tab set a higher MED value, eg 100.
OK and commit.
Now under the default router runtime stats -> BGP -> RIB out observe that all prefixes advertised to the non-GrpAWSTun01 peers have a MED value of 100.
cheers,
Seb.
04-13-2021 07:52 AM
Hi there,
You should look at BGP local preference to influence the outbound path to a prefix.
What you need to do is create separate BGP Peer Groups for each of the AWS BGP peers, eg: GrpAWSTun01... GrpAWSTun04.
Then create a BGP Import Rule, specifying that it is 'Used by' GrpAWSTun01, then under the 'Action' tab set the Local Preference to a value higher than the default of 100, eg 200. OK and commit.
Under the default router runtime stats, check the BGP Local RIB and observe that prefix received from the BGP Peers in GrpAWSTun01 have a higher Local Preference and are marked with a '*' to denote the preferred route.
To ensure symmetric route into and out of AWS it will be a good idea to set a complementary Export rules for the same peer and set a explicit MED value of 0 . Now because the default MED value is zero you need to create another Export rule, this time not specifying any peers (so as to match all remaining ones) and under the 'Action' tab set a higher MED value, eg 100.
OK and commit.
Now under the default router runtime stats -> BGP -> RIB out observe that all prefixes advertised to the non-GrpAWSTun01 peers have a MED value of 100.
cheers,
Seb.
04-13-2021 12:52 PM
Hello,
Yes you can use the PBF rule to get traffic down one tunnel rather than the other. Please make sure to use the monitor:
And use an IP address on the other side of the tunnel for the monitor. Remember that PBF takes priority over the default router, so you have to disable this if the tunnel is down otherwise dynamic routing wont switch the traffic to the proper path.
Regards,
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
