BGP config (2 routers, 1 ISP per router)

Peter Valdes · ‎09-13-2011

Hi Cisco,

Im new to routing and need help preparing a config for 2 routers.

We have 2 offices next to each other connected via a Layer 2 point to point access link. Each offices have a router running connected to separate ISP AS. Each offices have unique public and private IP Addresses.

I need to have BGP running on both sites so if ISP 2 fails in office 2 (ATLAS), it's public IP Address will be routed to and from ISP 1 via office 1 and default router traffic for office 2 (ATLAS) will use the L2 point to point link to get to the Internet via office 1 (NEXUS) link. Same scenerio with ISP 1 failing in office 1 (NEXUS).

NEXUS

interface GigabitEthernet0/0

description LINK TO ISP 1

bandwidth 10240

ip address X.X.X.2 255.255.255.252

ip nat outside

!

interface GigabitEthernet0/1

description LINK TO SWITCH STACK

no ip address

!

interface GigabitEthernet0/1.101

description LINK TO OFFICE 1 LAN

encapsulation dot1Q 101

ip address 192.168.1.1 255.255.255.0

ip nat inside

!

interface FastEthernet1/1

description LINK TO OFFICE 2

bandwidth 102400

ip address 172.17.0.1 255.255.255.252

!

router bgp 300

bgp log-neighbor-changes

neighbor X.X.X.1 remote-as 100

!

address-family ipv4

neighbor X.X.X.1 activate

neighbor X.X.X.1 soft-reconfiguration inbound

no auto-summary

no synchronization

network 61.1.1.0 mask 255.255.255.0

exit-address-family

!

ip route 192.168.2.0 255.255.255.0 172.17.0.2 name OFFICE2_ATLAS

ip route 61.1.1.0 255.255.255.0 Null0 200 name NEXUS_BGP

===========================================================================

ATLAS

interface GigabitEthernet0/0

description LINK TO ISP 2

bandwidth 10240

ip address Y.Y.Y.2 255.255.255.0

ip nat outside

!

interface GigabitEthernet0/1

description LINK TO SWITCH STACK

no ip address

!

interface GigabitEthernet0/1.101

description LINK TO OFFICE 2 LAN

encapsulation dot1Q 101

ip address 192.168.2.1 255.255.255.0

ip nat inside

!

interface FastEthernet0/0/0

description LINK TO OFFICE 1

bandwidth 102400

ip address 172.17.0.2 255.255.255.252

!

router bgp 300

bgp log-neighbor-changes

neighbor Y.Y.Y.1 remote-as 200

neighbor Y.Y.Y.1 ebgp-multihop 2

neighbor Y.Y.Y.1 update-source GigabitEthernet0/0

!

address-family ipv4

neighbor Y.Y.Y.1 activate

neighbor Y.Y.Y.1 soft-reconfiguration inbound

no auto-summary

no synchronization

network 61.2.2.0 mask 255.255.255.0

exit-address-family

!

ip route 192.168.1.0 255.255.255.0 172.17.0.1 name OFFICE1_NEXUS

ip route 61.2.2.0 255.255.255.0 Null0 200 name ATLAS_BGP

Help please.

Thanks

Marwan ALshawi · ‎09-13-2011

Hi there

Inwill divide then solution here into two sections

First section which is the connectivity between the two sites over the layer two link and advertisement of thendefault route

- you need to form iBGP peering between your two sites over the layer two link

- once then above done any you can keep the static route used for internal subnet as the path between the sites is going to be over the layer link but you can also use this link for routing Internet traffic in the case of the primary or local Internet link is down and this basedbon thenassumption that each currently send you the default route

If this the case now each router after doing iBGP peering will see two default routes one from the from the directly connected ISP ( which has to be the prefered one ) and another one from the iBGP peer up to the other ISP

To make sure each router will the directly connected ISP default route as a first choice the simple way is to increase the wieght of the route being advertised by directly connected ISP using the command bellow in each router

Neighbor weight 120

Thebsecond section herenregarding the public ip ranges this is something you need to check with each ISP because i am assuming each ISP provided you with different public ip range and this is first has to be accepted to be advertised over the ISP if this is confirmed and possible the way you do it is advertise the other site public ip range and add to it longer bgp AS path called bgp AS prepending to make it appear to the public Internet with logger path while the original site shorter and will be usedbin the fallback situation

if you are doing nating you need to consider this in eachbof the edge routersbas well

HTH

If helpful rate

ameya_oke · ‎09-13-2011

Hi Val,

Please find the config below.

1.#Setup IBGP

Nexus:

router bgp 300

neighbor 172.17.0.2 remote-as 300

Atlas

router bgp 300

neighbor 172.17.0.1 remote-as 300

2. For advertised routes to internet(EBGP neighbors) i.e 61.1.1.0/24 and 61.2.2.0/24 use route map to change as path attribute.

Nexus:(prepend Atlas public pool)

create ACL on Nexus to match 61.2.2.0/24

ip prefix-list public_pool_1 seq 10 permit 61.2.2.0/24

route-map Nexus permit 10

match ip address prefix-list public_pool_1

set as-path prepend 300 300 300

-----------------------------------------------------------------------

Atlas:(prepend Nexus public pool)

create ACL on Atlas to match 61.1.1.0/24

ip prefix-list public_pool_2 seq 10 permit 61.1.1.0/24

route-map Atlas permit 10

match ip address prefix-list public_pool_2

set as-path prepend 300 300 300

3. Use these route maps in BGP

Nexus:

neighbor route-map Nexus out

Atlas:

neighbor route-map Atlas out

This way you would take care of incoming traffic.

Please share the prefixes learned on both ISP links(Are you receiving only a default route from both ISPs?)

If yes, use weight attribute to influence outgoing traffic; by creating a route map & matching default route you can achieve it.

I would suggest you use M-HSRP for lan redundancy.

Ameya

Marwan ALshawi · ‎09-13-2011

Ameya

This not a lab setup he has to confirm and agree with each ISP about the public ip prefixes going to be advertised because each ISP filter the advertisement to only prefixed those allocated to the customer per CE

Regards,

Sent from Cisco Technical Support iPhone App

Peter Valdes · ‎09-14-2011

Thanks guys for your help. Really appreciate this.

To confirm, this is not a LAB. It's live service.

I have a meeting with both ISPs this week to advertise both IP Adress range (61.1.1.0 and 61.2.2.0) per ISP.

I found this link from Netpro but its not complete for what I want to do:

http://www.cisco.com/en/US/customer/tech/tk365/technologies_configuration_example09186a00800945bf.shtml#conf5

Both ISPs will be sending me only default routes and I will apply the following prefix-list on the eBGP config to only allow 0.0.0.0 advertise routes IN as stated by you guys above (thanks):

NEXUS

router bgp 300

bgp log-neighbor-changes

neighbor X.X.X.1 remote-as 100

!

address-family ipv4

neighbor X.X.X.1 activate

neighbor X.X.X.1 soft-reconfiguration inbound

no auto-summary

no synchronization

neighbor X.X.X.1 prefix-list BLOCKINBOUNDBGP in

neighbor X.X.X.1 prefix-list BLOCKOUTBOUNDBGP out

network 61.1.1.0 mask 255.255.255.0

exit-address-family

ip prefix-list BLOCKINBOUNDBGP seq 10 permit 0.0.0.0/0

!

ip prefix-list BLOCKOUTBOUNDBGP seq 10 permit 61.1.1.0/24

ameya_oke · ‎09-14-2011

Dear Val,

This will work.

Please rate if useful.

Ameya

Marwan ALshawi · ‎09-14-2011

Dear Val

I did not mentioned about filtering the default route, as per my first post I advised you after you enable the iBGP peering between the two routers each router will see two default routes one from the ebgp peer and other one from the iBGP peer to void any unexpected issues like the iBGP might send the default route with higher local preference use the weight attribute of bgp to make the route/default received from the ebgp peer more preferred using the command mentioned above

By the way if you ISP only sending you default route no need to the inbound filtering

For the outbound filtering if the ISP will accept the advertisement of both ip ranges make sure to update it and allow the other range to be advertised

Hope this help

ameya_oke · ‎09-14-2011

Hi Val,

Kindly share the route maps details.

Ameya

ameya_oke · ‎09-14-2011

Marwanshawi,

Your concern is obvious from IT operations perspective.

Both ISPs have already priovided pool 61.1.1 to Nexus nad 61.2.2 to Atlas, so it is obvious that their admin have to check config feasibility with ISP

Query was pertaining to config required to achive this.

I am well aware that this is not a lab setup.

CSC is a community to share technical views and i would much appreciate if you would point out errors in my config and have a healthy conversation.

Ameya

Marwan ALshawi · ‎09-14-2011

And I was sharing my experience when I saiid this is different than lab setup because you have to confirm with the ISP first otherwise if you/he build it on assumptions most likely won't get it working as desired

For the original poster, happy to help and let us know if you need any help after you meet with your ISP

Please rate the helpful posts

Regards,

ameya_oke · ‎09-14-2011

Marwanshawi,

Your assumption that i was considering the setup as a lab was not justified at first place.

In IT Infra Ops all decisions are taking in concurrence with ISP, Mgmt,Admin and Mediators and this was a given entity when i read orignal posters post.

Thanks and regards.

Ameya

Peter Valdes · ‎09-14-2011

Hi,

In the Nexus router, i have the following prefix-list assign on BGP:

router bgp 300

bgp log-neighbor-changes

neighbor X.X.X.1 remote-as 100

neighbor 172.17.0.2 remote-as 300 (iBGP already configured and active)

!

address-family ipv4

neighbor X.X.X.1 activate

neighbor X.X.X.1 weight 4000

neighbor X.X.X.1 soft-reconfiguration inbound

neighbor X.X.X.1 prefix-list BLOCKINBOUNDBGP in

neighbor X.X.X.1 prefix-list BLOCKOUTBOUNDBGP out

neighbor 172.17.0.2 activate

no auto-summary

no synchronization

network 61.1.1.0 mask 255.255.255.0

exit-address-family

!

ip prefix-list BLOCKINBOUNDBGP seq 10 permit 0.0.0.0/0

!

ip prefix-list BLOCKOUTBOUNDBGP seq 10 permit 61.1.1.0/24

Do I add: network 61.2.2.0 mask 255.255.255.0

for Atlas routes advertise on the Nexus router? Also, the route-map to prepend the Atlas IP, how do I add this as I already have one prefix-list BLOCKOUTBOUNDBGP out

Spoke to ISPs and they both have open their BGP filters for the two class C, just the matter of me advertising the two /24s to them via BGP.

Thanks

ameya_oke · ‎09-14-2011

Hi Val ,

That is great news!!

1. Nexus office has 61.1.1.0/24 pool right, so you use network command to advertise only this pool to IBGP and EBGP peers.

On Nexus config configure: network 61.1.1.0 mask 255.255.255.0 only

2. No need to use network61.2.2.0 mask 255.255.255.0 command on nexus as you will receive this prefix from your Atlas router..

On Atlas router configure: network 61.2.2.0 mask 255.255.255.0 only

Ameya

ameya_oke · ‎09-14-2011

Hi Val,

Instead of using these prefix lists, use route maps.

neighbor X.X.X.1 prefix-list BLOCKINBOUNDBGP in

neighbor X.X.X.1 prefix-list BLOCKOUTBOUNDBGP out

Please find the route map config below.

1. For advertised routes to internet(EBGP neighbors) i.e 61.1.1.0/24 and 61.2.2.0/24

use route map to change as path attribute.

-------------------------------------------------------------------------------

Config On Nexus:(Advertise Nexus pool and prepend Atlas public pool)

create ACLs on Nexus to match both pools

ip prefix-list public_pool_1 seq 10 permit 61.2.2.0/24

ip prefix-list public_pool_2 seq 10 permit 61.1.1.0/24

route-map Nexus permit 10

match ip address prefix-list public_pool_1

set as-path prepend 300 300 300

route-map Nexus permit 20

match ip address prefix-list public_pool_2

-----------------------------------------------------------------------

Config On Atlas:(Advertise Atlas pool and prepend Nexus public pool)

create ACLs on Atlas to match both pools

ip prefix-list public_pool_1 seq 10 permit 61.1.1.0/24

ip prefix-list public_pool_2 seq 10 permit 61.2.2.0/24

route-map Atlas permit 10

match ip address prefix-list public_pool_1

set as-path prepend 300 300 300

route-map Atlas permit 20

match ip address prefix-list public_pool_2

-------------------------------------------------------------------------

2. Use these route maps in BGP

Config On Nexus:

neighbor route-map Nexus out

Config On Atlas:

neighbor route-map Atlas out

This way you would advertise routes as below.

1. Nexus will advertise 61.1.1.0/24 without attribute change and 61.2.2.0/24 with as-path prepending.

1. Atlas will advertise 61.2.2.0/24 without attribute change and 61.1.1.0/24 with as-path prepending.

Peter Valdes · ‎09-14-2011

Hi Ameya,

Thanks for your prompt replies.

I thought so, I just had to ask.

I understand the concept now and will prepare the final config.

Thanks again for your help. I will post the results once config is setup on the live network which is next week Sunday.