Referring back to Figure 7-9, it strikes you that the Beer-Co network has come a long way in recent weeks. The network has migrated from being single-homed to one provider to being multihomed to multiple providers, and you have successfully implemented a hybrid outbound policy based on a topology-driven model for peers and a primary/secondary model for transit. With these aspects of BGP operation in check, attention is focused on your company’s inbound policy goals.
The use of stateful firewalls and NAT at the EBGP egress points
greatly benefits from symmetric routing. By this, we mean that if a packet
is routed to Destination X out of router
PBR, ideally the response traffic will return
along the same path to ingress back on router
PBR. The symmetric routing paths tend to produce
symmetric performance, which can be reason enough when asymmetric peering
links are present, but the real goal here is to ensure that response
traffic correctly matches against the dynamic state created when the
outbound request was processed by the border router’s stateful firewall.
The design goals for inbound policy indicate they should mirror your outbound policy—namely, that peers should route directly into your AS while transit traffic should arrive via the peering with Borgnet when available. In the previous section, local preference made steering traffic toward the desired EBGP speaker/egress point a straightforward matter. But as previously stated, it’s generally quite easy to control ...