From KAREN wiki

Contents 1 Asymmetrical Routing 1.1 Diagrams 1.1.1 Asymetrical Routing 1.1.2 Prepended BGP Route 1.2 Config examples 2 Cisco 3 Juniper

Asymmetrical Routing

The BGP routing protocol is used by KAREN Members to exchange routes with both KAREN and their Internet Service Provider. When networks are accessable via both the Members KAREN and Internet connections, BGP must make a routing decision between these two paths. This decision is made at both ends of the network conversation, the Member end and at the Content Provider end.

Configuration of a "preference", at the Member end, for the router to use the KAREN connection partially resolves this.

This locally configured preference has no impact on the routing decision at the Content Provider end. BGP, at the Content Providers end, uses the shortest AS Path to make it's routing decision (the number of AS numbers listed in a given route). Unless the KAREN Members path has fewer AS numbers in the Content Providers Internet connection's route, then it will result in asymmetric routing. Asymmetric routing will cause significant performance problems, and if the router is also a firewall this will simply not work at all.

Members can manipulate the number of AS numbers in a particular route by "prepend"-ing their AS number on NON-KAREN connections (e.g. ISP connections). This results in the Members AS number artificially appearing multiple times in a particular route, resulting in it being less attractive to a Content Provider.

Please refer to the diagrams below for a graphical representation of this.

Diagrams

Asymetrical Routing

Prepended BGP Route

Config examples

Cisco

router bgp 38299
neighbor 299.1.1.249 remote-as 12345
neighbor 299.1.1.249 description ISP
neighbor 299.1.1.249 route-map prepend out
!
route-map prepend permit 10
set as-path prepend 38299 38299 38299

Juniper

protocols {
   bgp {
        accept-remote-nexthop;
        group ISP {
            type external;
            local-address 299.1.1.250;
            family inet {
                any;
            }
            export prepend-as-path-to-ISP;
            peer-as 12345;
            neighbor 299.1.1.249;
        }
policy-options {
    policy-statement prepend-as-path-to-ISP {
        term 1 {
            from {
                route-filter 210.7.40.0/24 exact;
            }
            then {
                as-path-prepend "38299 38299 38299";
                accept;
            }
        }
        term 2 {
            then reject;
        }
    }