BGP Routing Policy
You must follow the BGP Policy indicated below in order to run BGP from your network. Qwest can set up BGP Routing for you if you are dual homed to Qwest, or multi-homed to another provider.
In order to run BGP, please adhere to the following rules. You must have the following:
- AS number from ARIN
- be multi-homed to run BGP
- IOS 10.3 or higher to run BGP (Do not turn up new BGP sessions with less than version 10.3).
- No unfiltered redistribution from interior routing into BGP by you.
- Explicit distribute-list or network statements should be used to prevent injections of invalid routes into global tables.
- No redistribution from BGP into customers interior routing protocols. This will corrupt the as-path information.
- As-paths filters preventing leakage of routing information from customer’s other service provider to us and vice versa. Filters should be inclusive rather than exclusive (i.e. they should list customer as-es instead of excluding other provides as-es).
- IP Blocks for several specific routes should be aggregated into larger routes as much as possible.
- Networks listed in configuration should be private (i.e. no network assigned to other customers, subnets should never be annouced outside,etc.)
- Customers will not be permitted to use ‘*’ wildcards in their requested route filters.
- Not allowed to run EBGP Multi-hop. The only except will be for load balancing purposes between the loopback addresses of the customer and Qwest routers that share multiple serial connections.
- Qwest reserves the right to aggregate any annoucement for a network smaller than /19 when advertising to external peers UUnet, Sprint, AT&T) occurs.
Requirements and conditions
1. Multi-homing is a requirement to run BGP with Qwest. You must have at least one other connection with Qwest or another service provider. If you are not multi-homed, static routing is more stable and will be favored.
2. An autonomous system number is required to run BGP. To obtain one, you must fill out an Autonomous System Number Template, available from ARIN at http://www.arin.net/templates/asntemplate.txt.
3. Qwest filters the prefixes announced via BGP from our customers. The filters are built automatically from prefix information customers register in the Internet Routing Registry. For more information on the IRR, please go to http://www.merit.edu/radb/.
4. BGP can be a complicated protocol to configure and maintain. Qwest does not build or maintain customer BGP configurations.
5. Multi-homed customers must ensure that Qwest routes are not forwarded to their other service provider. In addition, BGP customers must ensure that routes from the other service provider are not announced to Qwest. AS based and/or prefix based filtering can be used to achieve this Protection.
Here is an example of a configuration using both types of filters lists. Assuming a customer of Qwest with an AS# of 1234 has a connection to another service provider(AS#1) and the customer is in turn the service provider for another company with an AS# of 100. The customer owns the networks: 201.10.3.0 and 199.16.13.0
| Commands | Description |
| router bgp 1234 | bgp configuration |
| neighbor 205.171.2.10 remote-as 209 | eighbor config for Qwest peer |
| neighbor 205.171.2.10 distribute-list 1 out | prefix based filter |
| neighbor 205.171.2.10 filter-list 2 out | as based filter |
| neighbor 199.80.10.90 remote-as 1 | neighbor config for other provider |
| various neighbor statements | |
| neighbor 206.18.33.20 remote-as-100 | neighbor config for downstream |
| various neighbor statements | |
| ip as-path access-list 2 permit ^1234$ | as filter permitting as 1234 |
| ip as-path access-list 2 permit ^1234 100$ | as filter permitting as 100 |
| access-list 1 permit 201.10.3.0 | prefix filter permitting 201.10.3.0 |
| access-list 1 permit 199.16.13.0 | prefix filter permitting 199.16.13.0 |
This example allows only the announcements of 201.10.3.0 and 199.16.13.0 to Qwest, and only if those routes come from AS 1234 or AS 100 through AS 1234
6. Bad routing information can be injected into routing tables if your internal routing protocol is simply redistributed into BGP. Please do not redistribute into BGP without explicit distribute-lists. A safer method uses BGP network statements.
7. Do not redistribute BGP into your internal routing protocol. This can lead to corrupt as-path information.
8. Due to the complexity of BGP, we request a copy of the BGP configuration from your router to check for any incompatibilities between the configurations.
9. In the event customer BGP announcements are adversely affecting the Qwest backbone, Qwest customers, or Qwest peers, Qwest reserves the right to filter customer announcements or to turn off the customer BGP peering session.
10. The bandwidth of the line, the model, cpu power, and memory of the customer router may affect the ability of Qwest to announce a full routing table to the customer. Qwest reserves the right to limit the set of routes announced to a customer if Qwest determines that the customer router will be unable to support the full routing table.
Customer Control of Qwest Backbone Routing
1. You can control the behavior of your announcements in our network by setting specific BGP community string in your BGP announcements to Qwest. The strings that can be set are as follows:
| BGP Community String | Local Preference | Description |
| none | 100 | Default |
| 209:90 | 90 | Backup for another Qwest line |
| 209:70 | 70 | Backup for a line from another ISP |
| 209:888 | 100 | Advertised only on Qwest network. Routes go to customers and are used on the backbone |
These options allow you to customize the way routes are treated on theQwest backbone. When there is more than one announcement about a particular network, the route with the highest local preference is used.
209:90 – Backup Route
If you have a second line with Qwest for backup, setting the BGP community string 209:90 on your announcements over the second link sets the local preference to 90 on those backup routes. The primary link will have routes with a preference of 100, so they will be preferred over the backup routes if both are available. If the primary route became unavailable, the line with a local-preference of 90 will pick up the traffic. These BGP communities can be set on a prefix by prefix basis, so a customer with two connections can use the 209:90 BGP community to favor certain routes over one link to Qwest and other routes over a different link to Qwest, with mutual backup.
209:70 – Off Qwest Backup Route
To back up a line from another provider, you could set your local preference to 70. This is less preferred than announcements from another provider, but should your line with the other provider become unavailable, the 209:70 tagged routes would pick up the traffic.
209:888 – On Qwest Announcements Only
The 209:888 BGP community string does not set any local preference, but instead prevents any routes with that tag from being announced to Qwest peers. This could be used if you have lines to other providers and would like your Qwest line to only be used for traffic to and from direct Qwest customers.
The following is an example of using these BGP community strings. We will assume the same customer as in the previous example has a second line with Qwest. The customer wishes to use this second line as a backup line for the two networks listed in the previous example. They also wish to use this line to backup two other networks that they are advertising from another provider.
| Commands |
Description |
| router bgp 1234 | bgp configuration |
| neighbor 205.3171.4.14 remote-as 209 | neighbor config for Qwest peer |
| neighbor 205.171.4.14 send-community | Tells router to attach BGP community strings |
| neighbor 205.171.4.14 route-map sendcomm out | route-map to set BGP community strings |
| access-list 1 permit 201.10.3.0 | Specifies routes to be tagged |
| access-list 1 permit 199.16.13.0 | Specifies routes to be tagged |
| access-list 2 permit 200.10.10.0 | Specifies routes to be tagged |
| access-list 2 permit 200.11.11.0 | Specifies routes to be tagged |
| route-map sendcomm permit 10 | First step of route map |
| match ip address 1 | Matches addresses in access list 1 |
| set community 209:90 | Sets BGP community string to 209:90 |
| route-map sendcomm permit 20 | Second step of route map |
| match ip address 2 | Matches addresses in access list 2 |
| set community 209:70 | Sets BGP community string to 209:70 |
This example sets a BGP community string of 209:90 to the networks of 201.10.3.0 and 199.16.13.0. These networks are advertised on Qwest’s network with a local preference of 90. This allows this line to be a backup for those two networks should the customers’ other line become unavailable. It also sets a BGP community string of 209:70 to the networks of 200.10.10.0 and 200.11.11.0. This allows this line to be a backup for those two networks should the customers’ line on the other provider become unavailable.
Applying BGP Community string with sample configuration
1. Get the latest BGP community string from your ISP/upstream provider or check www.ShowipBGP.com
2. Pick the best BGP community string for your traffic shaping plan (mainly incoming traffic).
Most of ISPs are providing community string with local preference and AS prepending
option. Cannot tell which one is better than the other. It will depend on your global traffic shaping plan.
3. Follow the below commands ( Cisco only )
The below Sample configuration will tag the 10.0.0.0/24 route with [ISP AS]:120 or [ISP AS]:3 and will not tag any other routes.
router#config t
router(config)#ip bgp-community new-format
router(config)#access-list 10 permit 10.0.0.0 0.0.0.255
router(config)#access-list 10 deny any
router(config)#route-map [to-ISP] permit 10
router(config-route-map)#match ip address 10
router(config-route-map)#set community [ISP AS]:120 <—- using Local Preference
or
router(config-route-map)#set community [ISP AS]:3 <——- using AS prepending
router(config-route-map)#route-map [to-ISP] permit 20
router(config-route-map)#exit
router(config)#router bgp [xxxx] <——————————- xxxx = customer’s ASN
router(config-router)#neighbor x.x.x.x send-community
router(config-router)#neighbor x.x.x.x route-map [to-ISP] out
router(config-router)#exit
router(config)#exit
router#copy running-config startup-config
4. And then, go to www.routeserver.org and pick one of route server on the map to see your announcement. If you are using AS prepending option, you will see your AS prepends on route servers. Sometime you might not see your route with particular ISP path.
In most of case it might not be any routing problem, just the route path was dropped at somewhere by BGP best path selection scheme. Try Oregon route server, if you can see your route. The Oregon route server is providing many possible and available paths between BGP speakers and neighbors.
If you don’t see your route on there? check other route servers and also check your
BGP configuration. You might need to contact your upstream provider to check what they are learning BGP route from you.
The www.ipBalance.com runs by a volunteer group with IT professionals and experts at least over 25 years of experience developing and troubleshooting IT in general. ipBalance.com is a free online resource that offers IT tutorials, tools, product reviews, and other resources to help you and your need.
