Hi,
We currently had a great working setup with our MX routers each connected to their own ISP and providing an ECMP default path to our public facing devices. Here was the layout, l3 only:
DEV1 (ASN21) DEV2 (ASN22)
3.3.3.11/26 3.3.3.12/26
| |
-------------------------
| |
3.3.3.1/26 3.3.3.2/26
3.3.3.254/31------------3.3.3.255/31
R1 (ASN11) R2 (ASN11)
1.1.1.2/31 2.2.2.2/31
| |
1.1.1.1/31 2.2.2.1/31
ISP-A (ASN1) ISP-B (ASN2)
And here was the export policy from the routers, from R1:
set logical-systems internet policy-options policy-statement export-public term default-ispa from protocol bgp
set logical-systems internet policy-options policy-statement export-public term default-ispa from as-path ispa
set logical-systems internet policy-options policy-statement export-public term default-ispa from route-filter 0.0.0.0/0 exact
set logical-systems internet policy-options policy-statement export-public term default-ispa then metric 10
set logical-systems internet policy-options policy-statement export-public term default-ispa then accept
set logical-systems internet policy-options policy-statement export-public term default-ispb from protocol bgp
set logical-systems internet policy-options policy-statement export-public term default-ispb from as-path ispb
set logical-systems internet policy-options policy-statement export-public term default-ispb from route-filter 0.0.0.0/0 exact
set logical-systems internet policy-options policy-statement export-public term default-ispb then metric 20
set logical-systems internet policy-options policy-statement export-public term default-ispb then accept
set logical-systems internet policy-options policy-statement export-public term else then reject
Both ISPs send us the full Internet table + the default route and R1 and R2 also exchange full Internet table + default route. This allows us to ensure that although the ISPs sent us a full Internet table we only redistribute the default route *if* it is receveid, which validates BGP peering, and also allows to prevent any traffic blackholing while the routing tables are being synchronized. It also allowed us to use uptimal route selection between each ISP from either router. Also, it allowed us to keep optimized redundancy as the MED would be equal if the route was coming from the directly connected ISP, but if that connection was lost, it would still be able to advertise a default route to the DEVs if it was being received from the other router, but with an increased MED.
Now for the new problem at hand... We have a new device in our public facing network that *cannot* accept ECMP with different AS-PATHs. Our current route advertisement, when both ISPs were available, was AS11, AS1 from R1 and AS11, AS2 from R2. Now we need to find a way to have an exact same AS-PATH to that new DEV, example DEV2 from the above layout and ideally while keeping the
We tried to generate a default route based on the same redistribution priority and the route is properly generated, but it will never be redistributed as it's not active in the routing table, as per the example below:
R1# run show route 0.0.0.0 logical-system internet all
inet.0: 637819 destinations, 1130616 routes (637819 active, 0 holddown, 1 hidden)
+ = Active Route, - = Last Active, * = Both
0.0.0.0/0 *[BGP/170] 1w2d 18:22:18, localpref 100
AS path: 11 I, validation-state: unverified
> to 1.1.1.1 via ge-0/1/0.0
[BGP/170] 1d 15:13:00, MED 100, localpref 100, from 3.3.3.255
AS path: 12 I, validation-state: unverified
> to 10.1.1.21 via ge-0/0/1.0
to 10.1.1.37 via ge-0/1/1.0
[Aggregate] 00:00:13
Reject
The only way we managed to redistribute the route with equal paths, was to redistribute a static route, but then the problem was that it would always have precedence over the BGP received routes, which means that if the BGP session to the ISP was to go down, but not the link, our routing would be screwed as we would still advertise the route to the DEV devices, but we would blackhole the traffic...
Is there any way that this could actually be achieved? I don't think we can actually manipulate the AS-PATH (which I know is not a good idea, but in this case would not be a big problem...) and as-override would skew outbound traffic, so I am out of inspiration at this moment.
Thanks for any suggestion!