Solved: Adding a second wan router to the same ISP BGP AS#

Amafsha1 · ‎04-10-2018

Hello, I have attached a drawing of our "current design" and our potential "future design":

We are looking to make redundant wan routers with the help of our ISP so that we don't have a single point of failure anymore.

As you can see, we're going to add a 2nd wan router and configure iBGP between them. No load-balancing will happen; just a pure primary/active configuration. Our ISP said that we would need to use local pref on BGP to advertise all our prefixes to them so that when CE1 fails, CE2 with local pref of 90 will begin to become the primary bgp router.

Now my question is this: So I get how the failover happens to the ISP, but what about the inside knowing the default way out? I don't believe iBGP will help all the networks in/behind the core find a way out to the internet without something like HSRP right? If CE1 was to fail, how will all the networks in the inside of our network know which way to take? As you can see, the links in brown are routed EIGRP links that connect the core to the WAN router....will that do the internal failover trick for us?

i guess the main problem is, whether CE1 fails, or the link to the ISP fails will result in different outcomes so it's tough to decide how to configure this.

Thank you in advance!

Richard Burts · ‎04-11-2018

Thanks for the clarification that this is for MPLS connectivity to your branches and that you have a separate router and ISP for Internet connectivity. So in your network the default route needs to point to the Internet router and ISP. So in the routers we are discussing the MPLS ISP would not be advertising a default route and would need to advertise the networks/subnets from all the branch offices.

HTH

Rick

HTH

Rick

View solution in original post

Dennis Mink · ‎04-10-2018

in very general term, both your CE;s have access to the internet through btheir respective PE's. so both your CE's have a default route to their respective PE. If you are using EIGRP, then both CE's can inject a default route into EIGRP, where one CE is more preferred over the other. so you will need to tweak the metrics. (this way you dont need HSRP)

what are you using between CE and PE? is it BGP or just a static default route on the CE pointing to your PE?

Please remember to rate useful posts, by clicking on the stars below.

Amafsha1 · ‎04-11-2018

we are using BGP between CE and PE. In our current design, we have a BGP neighborship with the PE, then in our future design our CE2 will also have a BGP neighborship with a different ISP router, but same AS#.

Ok, so EIGRP will do the trick for us internally...so if CE1 dies, CE2 will be used as the default route out to the BGP.

Richard Burts · ‎04-11-2018

Yes if you run EBGP on both of your routers to receive advertisements from the ISP and run IBGP between your routers then you can use local preference on the routers to establish which one is preferred in BGP and it would be the one to forward traffic to the ISP. If the primary router fails (or if its BGP session to its ISP fails) then the secondary router would begin to be used to forward traffic to the ISP. Both of your routers would learn a default route from its BGP peer and you can redistribute that default route into EIGRP. By manipulating the metric used in the redistribution you can make one of the default routes more attractive and if that router goes down (or if its default route from the ISP is withdrawn then its default route in EIGRP will be withdrawn). That is how the devices inside your network will know to which router they should forward traffic for the Internet.

Note that this addresses how to have primary and backup for traffic going from your network to the Internet. It does not address how the ISP will forward traffic to your network. You need to work something out with the ISP so that they will have the primary and backup relationship. That might use prepending, or might use MED, or might use communities, or the ISP might suggest some other mechanism. This is something to discuss with the ISP.

It is not an important factor in how to establish primary and backup but I wonder what your ISP is advertising to your routers. Is it default only? Is it default with selected other routes? Or is I default plus full Internet routing table? In your situation all you really need is the default route.

HTH

Rick

HTH

Rick

Amafsha1 · ‎04-11-2018

That's a good question Richard. This is an MPLS BGP router that we use strictly to connect to all our remote branches. This is not used for example, our internet access here at the office. We have a separate router and circuit for that. How would I find out the answer to your last set of questions?

Richard Burts · ‎04-11-2018

Thanks for the clarification that this is for MPLS connectivity to your branches and that you have a separate router and ISP for Internet connectivity. So in your network the default route needs to point to the Internet router and ISP. So in the routers we are discussing the MPLS ISP would not be advertising a default route and would need to advertise the networks/subnets from all the branch offices.

HTH

Rick

HTH

Rick

cofee · ‎04-11-2018

Good Evening,

Richard's explanation is very comprehensive. I just wanted to add that when redistribution of bgp prefix/s is done into eigrp whether it is a default route or set of networks/subnets that you are receiving from the ebgp ISP routers; just keep in mind that metric manipulation is set in a manner that if the primary CE router loses connectivity to its ebgp neighbor than the secondary CE router is preferred by your internal routers to forward traffic, because primary CE router is still receiving routes from its ibgp neighbor which is your secondary CE router and if eigrp metric is not properly configured then it's quite possible that primary CE router continues to be preferred over secondary CE router even after losing bgp peering with ISP router.

Now this is not a show stopper, packets will continue to be forwarded but you will have one extra hop.

Amafsha1 · ‎04-17-2018

Thank you for this information.

Amafsha1 · ‎05-07-2018

Hey Cofee,

Thanks for writing that last statement, I'm actually trying to configure that part of right now but I'm having troubles.

Would it be something like this:

CE1

router eigrp 200
network 172.31.255.0 0.0.0.3
network 172.31.255.4 0.0.0.3
redistribute bgp 65000 route-map bgp-to-eigrp
!

ip prefix-list bgp-to-eigrp seq 100 permit 0.0.0.0/0 le 32

!

route-map bgp-to-eigrp permit 100
match ip address prefix-list bgp-to-eigrp
set metric 100 1 255 1 1500

-------------------------------------------------------

CE2

router eigrp 200
network 172.31.255.9 0.0.0.3
network 172.31.255.13 0.0.0.3
redistribute bgp 6500 route-map bgp-to-eigrp

!

ip prefix-list bgp-to-eigrp seq 100 permit 0.0.0.0/0 le 32

!

route-map bgp-to-eigrp permit 100
match ip address prefix-list bgp-to-eigrp
set metric 100 1 155 1 1500

I just posted a new thread on here just regarding this exact question.

https://supportforums.cisco.com/t5/wan-routing-and-switching/eigrp-internal-routes-to-wan-mpls-bgp-router/m-p/3379592#M295626

Thank you for your help

cofee · ‎05-07-2018

I will try to lab it tonight and get back to you. I have seen your other post.

Amafsha1 · ‎05-07-2018

Thank you sir! Please ask me more questions if you need, I have a tendency of confusing people.

Here is the link for how I perform the failover on our 2 routers for BGP.

http://www.centurylink.com/business/help/network/configuring-your-centurylink-mpls-circuits-for-failover.html

Amafsha1 · ‎04-17-2018

Hey Richard,

To address your question about the inbound from the ISP, this is what I read in their document:

"

By sending a community via the external BGP session (eBGP), the CE router is signaling to the PE router to modify the LP. (Note: Local preference isn’t advertised between two eBGP peers.) LP is a non-transitive attribute, meaning it won’t be advertised outside of an autonomous system (AS).

In our ISP network, route maps are built on every PE (provider edge) to modify LP when certain BGP communities are sent by the CE (customer edge). The local preference value is used by BGP to determine the best path. (The largest local preference wins the tiebreaker.)

"

I'm not sure if I'm understanding this correctly, but it seems that since I'll be using communities to send the LP values to the PE, it seems that they will automatically be able to do the routing on their end back to accommodate the redundant paths.

Richard Burts · ‎04-19-2018

Yes. The use of communities is one alternative that I mentioned. It is good to know that your ISP has worked out a solution using communities. By having your primary router send the community that tells the ISP to set a more attractive LP and having your backup router send the community that tells the ISP to set a less attractive LP then the ISP will easily accomplish the routing to implement the primary backup relationship in routing traffic to you. And it will automatically respond in the correct way if there is some issue with your primary router. I believe that this is the optimum solution.

HTH

Rick

HTH

Rick