09-09-2010 01:40 PM - edited 03-04-2019 09:43 AM
Hello all,
I've got 2 edge routers, each with a fiber connection to my ISP (2 separate circuits, same ISP). I've got my public ASN, and BGP is working properly with my ISP on each of these routers. What I need to set up is failover...so if one router's neighbor fails than my outbound internet traffic automatically fails over to the other. I assume I need to set up iBGP peer group for these 2 routers?
Thanks,
Sean
Solved! Go to Solution.
09-13-2010 10:40 AM
Sean
Based on what you have described here it is possible that there is some problem with how you advertise your networks to the ISP from the second router or there could be a problem on the ISP side about receiving those routes. I would suggest that we start by looking at how you advertise your networks to the ISP from the second router. Can you post the config (at least the BGP parts) for the second router?
HTH
Rick
09-09-2010 03:08 PM
pondersean wrote:
Hello all,
I've got 2 edge routers, each with a fiber connection to my ISP (2 separate circuits, same ISP). I've got my public ASN, and BGP is working properly with my ISP on each of these routers. What I need to set up is failover...so if one router's neighbor fails than my outbound internet traffic automatically fails over to the other. I assume I need to set up iBGP peer group for these 2 routers?
Thanks,
Sean
Sean
Depends on how you are routing from the edge routers to your internal network. If you are using HSRP you can simply track the WAN facing interfaces of your edge routers.
If you are propagating the BGP learned routes to the internal devices then if one link goes down the internal device will simply use the one remaining link.
So how exactly how are you routing from your LAN to your edge routers ?
Jon
09-09-2010 03:17 PM
I've got HSRP set up on the "inside" of my edge routers...so my firewalls use a virtual IP for next hop and out of my LAN. I'm not running any internal routing protocols (OSPF, EIGRP, RIP, etc) instead using static routes.
I've got eBGP set up on each router to my ISP (Level3) and is working properly. Now I just want to ensure that if one of these circuits goes down then my traffic automatically flops over to the backup.
09-09-2010 04:12 PM
sounds like you need to just add #standby (group number) track (wan interface) ---- into your HSRP configuration on the active router, also you will want to add the #standby (group number) preempt ----- command on the active router configuration to force a re-election when the interface comes back up.
09-10-2010 04:37 AM
pondersean wrote:
I've got HSRP set up on the "inside" of my edge routers...so my firewalls use a virtual IP for next hop and out of my LAN. I'm not running any internal routing protocols (OSPF, EIGRP, RIP, etc) instead using static routes.
I've got eBGP set up on each router to my ISP (Level3) and is working properly. Now I just want to ensure that if one of these circuits goes down then my traffic automatically flops over to the backup.
Sean
Then as James says you just need to HSRP track the WAN interfaces on your edge routers. Make sure you have preempt enabled on both routers.
Jon
09-09-2010 03:20 PM
I agree 100% with jon.marshall.
09-10-2010 05:21 AM
I would offer a word of caution here. The solution is probably not quite as simple as just adding track the WAN interface in HSRP. In the original post Sean describes the connection to the router as fiber. It would help to know specifics of how the fiber connects to the router. If the connection is an Ethernet interface on the router then there is an issue. With Ethernet it is quite possible that you lose connectivity to the next hop but the interface still shows as up/up. And in this situation a simple track the WAN interface does not catch the loss of connectivity.
I agree that since the firewalls are forwarding to a virtual address that the solution needs to deal with HSRP. But I think that HSRP needs to track availability of the ISP router or track the presence of some route advertised by the ISP.
HTH
Rick
09-10-2010 09:34 AM
Each of the routers has a direct link via SMF to my ISP's router. So this is using the SFP interface in auto-negotiate mode.
I've added neighbor entries to initiate iBGP on the two routers...and eBGP is working properly. Just isn't failing over when I do a "shut" on my primary router's SFP interface.
HSRP is monitoring the inside interface only...I'll add the WAN interface to this.
-Sean
09-10-2010 12:19 PM
pondersean wrote:
Each of the routers has a direct link via SMF to my ISP's router. So this is using the SFP interface in auto-negotiate mode.
I've added neighbor entries to initiate iBGP on the two routers...and eBGP is working properly. Just isn't failing over when I do a "shut" on my primary router's SFP interface.
HSRP is monitoring the inside interface only...I'll add the WAN interface to this.
-Sean
Sean
I don't think IBGP gives you anything here. You are not a transit AS and you are only really concerned with failing over outbound. Just simply track the WAN interfaces. Not sure what you mean by tracking the inside interface - do you mean you are tracking it or simply running HSRP ?
Jon
09-10-2010 01:06 PM
Hello all,
I agree with Rick's concerns
one possible solution to take advantage on an iBGP session is to add a direct link between the two edge routers, in this way even if HSRP state is not the correct one ( it missed an indirect failure for example) BGP routing will do the job.
Otherwise HSRP should track more then simple WAN interface state, an IP SLA towards eBGP peer address could be a good test.
Hope to help
Giuseppe
09-13-2010 10:25 AM
I got HSRP working properly...so now my outbound traffic fails over correctly. Thanks for all the help guys!
The one last piece that isn't working is external connections. If I "down" one of my routers, traffic destined for my BGP-advertised network never reaches it. Both routers are advertising the network to my ISP, but only one router is actually receiving traffic for that network.
09-13-2010 10:40 AM
Sean
Based on what you have described here it is possible that there is some problem with how you advertise your networks to the ISP from the second router or there could be a problem on the ISP side about receiving those routes. I would suggest that we start by looking at how you advertise your networks to the ISP from the second router. Can you post the config (at least the BGP parts) for the second router?
HTH
Rick
09-13-2010 12:01 PM
OK we figured it out. Turns out my ISP had a static route to the primary router that didn't get removed when they turned up the backup circuit to my second router. They removed the static route and everything is working as intended.
Thanks for all of your help guys!
-Sean
09-13-2010 12:20 PM
Sean
I am glad that you got the issue resolved. Thank you for posting back to the forum indicating that it was fixed (and thanks for the rating). It makes the forum more useful when people can read about a problem and can know from the markings that the problem was solved. And your is a good example of the point that the problem is not always something on our side of the network.
HTH
Rick
09-13-2010 02:54 PM
Yes Sean, I am glad to see the HSRP worked for you.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide