Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
827
Views
1
Helpful
5
Replies

asymmetric routing issue

rhap4boyz
Level 1
Level 1

‎05-23-2023 09:16 AM

Example.png

Simplified example diagram.

We currently have dual ISPs, dual routers, dual firewalls with single AS with two subnets. As an example, 10.10.10.0/24 and 20.20.20.0/24.  Both ISPs passes BGP default route to the routers. Both routers runs HSRP. 

Server 2 is able to ping 10.10.10.1 on the firewall interfaces.  However when Server 2 pings 20.20.20.1, it gets dropped because of asymmetric routing.  What would be the correct way to fix this issue?

Labels:
0 Helpful
5 Replies 5

MHM Cisco World
VIP
VIP

‎05-23-2023 09:26 AM

 

Example.png
the ONLY think here the the Edge router use two path toward the Server Subnet one via 10.10.10.x and other via 20.20.20.x 
you must config static route OR IGP which prefer one path not use ECMP

0 Helpful

rhap4boyz
Level 1
Level 1
In response to MHM Cisco World

‎05-23-2023 05:45 PM - edited ‎05-23-2023 11:13 PM

Thank you for the fast response.  Currently Router 1 and Router 2 communicate with Firewall 1 and 2 via BGP. 

Where should this preference be set? Router1? Firewall 1? using weight?

If I want incoming traffic from Server 2 to use ISP1 for subnet 10.10.10.X as primary and ISP2 for subnet 20.20.20.X as primary and failover to each other for those subnets, how should the routing be configured? Could you give an example?

0 Helpful

MHM Cisco World
VIP
VIP
In response to rhap4boyz

‎05-24-2023 02:52 AM

Why you use BGP inside between FW and Edge routers?
anyway 
for FW to prefer the path though the ISP1 edge router1 use weight in FW 
for Edge router to prefer path through the 10.10.10.x use weight in Edge router. 

the Cisco devices prefer the path with highest Weight 

0 Helpful

rhap4boyz
Level 1
Level 1
In response to MHM Cisco World

‎05-24-2023 09:08 PM

Example2.png

Got it.  Thank you for the explanation.

There were some errors in the diagram.  Here is an updated diagram.  I remove the switches to simplify the diagram.  Both Router1 and Router2 are in AS 400.  However, they do not have each other as BGP neighbors.

Router1 and Router2 both have Firewall 1&2's VIP as BGP neighbor using the 20.20.20.X network.

Should Router 1 and Router 2 be BGP neighbors to each other?  That probably explains why Server2 can reach Router1 but can't reach Router2 at 20.20.20.12 when ISP2 goes down?

Should this designed in a different way in your opinion?  If so how?

MHM Cisco World
VIP
VIP
In response to rhap4boyz

‎05-25-2023 02:52 AM

Example2.png
the FW HA meaning only the FW1 is run BGP with both Router1 and Router2 
the issue is the traffic OUTbound from FW1 via 10.10.10.0 and return via 20.20.20.0 
so start in FW1 share show route 
and in router1 and router2 show ip route 
let me check 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card