Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1360
Views
0
Helpful
1
Replies

BGP - Advertise multiple default routes with one backing up the other without ISP intervention

AlohaJoeman
Level 1
Level 1

‎04-15-2019 07:09 PM

 Have a BGP routing/advertising question involving implementation of multiple default routes via BGP without getting the ISP involved in metrics. ISP is providing MPLS for Full mesh between all remotes sites, Data Center, and Corporate HQ site.

 

I have a remote site that I am about to bring up and it currently has a default route to a router at a Data Center with a 20 Mbps Internet connection.  I want to change the default route just for this site to go to the Corporate HQ site (via the ISP MPLS) which has a 100 Mbps Internet connection. I still need all other defined routes (for 3rd party Site-to-Site VPNs and DMZ at the firewall in the Data Center) to go to the Data Center, just anything else not defined (like Internet traffic which would include apps like Office 365) would go through the Corporate HQ Internet connection. 

 

In the CE router at the Data Center that connects to the ISP PE Router, I have the following BGP configuration:

 

router bgp 65180
bgp log-neighbor-changes
network 10.168.100.2 mask 255.255.255.255
network 192.168.168.100 mask 255.255.255.255
redistribute eigrp 10 metric 10
neighbor xxx.xxx.xxx.xxx remote-as 4323
neighbor xxx.xxx.xxx.xxx default-originate

 

The default-originate command is what I believe advertising this router as the default for all other sites to send to if a route is not defined in each sites routing table. The redistribute EIGRP command is where the default route is originating from on a Layer 3 switch that has the firewall connected to it.

 

router eigrp 10
network 192.168.102.0 0.0.0.3
redistribute connected
redistribute static metric 1544 10 255 1 1500 route-map REDIST-IP-LIST
redistribute bgp 65180 metric 1544 10 255 1 1500

 

The route-map is for specific routes and doesn't have the default route in any of the prefix lists associated to it. 

 

How do I accomplish this? Do I need to add the "default-originate" command on the HQ CE Router that then peers to the ISP PE router? 

 

The Corporate HQ CE Router BGP configuration:

 

router bgp 65180
bgp log-neighbor-changes
neighbor xxx.xxx.xxx.xxx remote-as 3549
!
address-family ipv4
network 10.38.6.0 mask 255.255.255.0
network 10.40.6.0 mask 255.255.255.0
network 10.60.6.0 mask 255.255.255.0
network 10.70.6.0 mask 255.255.255.0
network 10.70.150.0 mask 255.255.255.0
network 10.80.6.0 mask 255.255.255.0
network 10.100.106.0 mask 255.255.255.0
network 172.16.60.0 mask 255.255.255.0
network 172.22.60.0 mask 255.255.255.0
network 172.22.86.0 mask 255.255.255.0
network 172.22.200.0 mask 255.255.255.0
network 172.25.60.0 mask 255.255.255.0
network 192.168.106.0
network 192.168.168.6 mask 255.255.255.255
redistribute static metric 10 route-map REDISTRIBUTE
neighbor xxx.xxx.xxx.xxx activate
exit-address-family

 

ip route 0.0.0.0 0.0.0.0 192.168.106.1

****** other static routes to the firewall above excluded ******

 

ip access-list standard REDISTRIBUTE
permit 0.0.0.0
****** other static routes to the firewall above excluded ******

 

For the 2nd one thing after this works, I would like to send all the remote sites to the Corporate HQ Internet with 100 Mbps and then have the Data Center 20 Mbps Internet connection as the backup... would I need to manipulate AS-Prepend attributes for that? Would I also need to implement IP SLA Monitoring as well to monitor each Internet link? 

 

Thanks in advance,

 

      Joe

 

Labels:
0 Helpful
1 Reply 1

Jon Marshall
Hall of Fame
Hall of Fame

‎04-16-2019 05:57 AM

 

Assuming this is a L3 MPLS VPN which it sounds like it is you can't really do the first thing without provider involvement and even then you may not be able to do it. 

 

If all your site routers peered directly with each using BGP then obviously you can use BGP attributes to tell each site which default to use but all your site routers peer with the provider PE devices so you can't do that ie. if you originated a default route at the HQ site how do you tell the provider to only use that route for a specific branch. 

 

Probably the easiest solution would be to use a tunnel across the MPLS network between the branch and the HQ site and then you could peer directly as well as to the PE router from the branch although that assumes a different AS number at the branch.

 

As for the second thing of using HQ for all internet and DC as backup yes that is exactly what you can do and that will work without any provider involvement and yes you could use IP SLA to monitor your internet links to remove the default route advertisement if needed. 

 

Jon 

 

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card