cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
8074
Views
10
Helpful
8
Replies

BGP Configuration & Failover

keen4.net
Level 1
Level 1

Hello All,

We have two links from two different ISPs on BGP. Both links are connected on different CE router at our end. Network diagram attached for reference.

We are advertising two pools on this links , 192.168.10.0/24 from one ISP and 192.168.30.0/24 from other ISP.

Couple of days back we have experienced a problem during outage of ISP-1 link. We were not able to access pool advertised on ISP-1. Failover to second ISP was also not happened.

Requesting to help to validate the BGP configuration and suggest where might be the problem, so that we can fix the same and failover to either of the ISP can happen smoothly.

Also, if please anyone can help me the understand the configuration on BGP, as bit confused what exactly happened the time of failover so that IP were not reachable from outside.

Configuration is below.

ISP-1

router bgp 200
 no bgp log-neighbor-changes
 network 192.168.10.0 mask 255.255.255.0
 network 192.168.30.0 mask 255.255.255.0
 neighbor 172.16.1.1 remote-as 100
 neighbor 172.16.1.1 next-hop-self
 neighbor 172.16.1.1 soft-reconfiguration inbound
 neighbor 172.16.1.1 route-map AS_PREP out
 neighbor 172.16.1.1 maximum-prefix 50000 50
 neighbor 172.16.1.1 filter-list 10 out
 neighbor 192.168.10.3 remote-as 200
 neighbor 192.168.10.3 version 4
 neighbor 192.168.10.3 next-hop-self
 neighbor 192.168.10.3 soft-reconfiguration inbound
 neighbor 192.168.10.3 prefix-list default out
 neighbor 192.168.10.3 maximum-prefix 25000 50

ip as-path access-list 1 permit ^100$
ip as-path access-list 10 permit ^$

ip prefix-list LAN1 seq 5 permit 192.168.30.0/24
!
ip prefix-list LAN2 seq 5 permit 192.168.10.0/24
!
ip prefix-list block seq 5 deny 0.0.0.0/0 ge 1
!
ip prefix-list default seq 5 permit 0.0.0.0/0

route-map WAN_OUT permit 10
 match as-path 10
!
route-map AS_PREP permit 10
 match ip address prefix-list LAN1
 set as-path prepend 200 200 200 200 200
!
route-map AS_PREP permit 20

ip route 0.0.0.0 0.0.0.0 172.16.1.1 name ISP-1

interface GigabitEthernet0/0
 description ISP-1 Link
 ip address 172.16.1.1 255.255.255.252
 ip access-group 100 in
 ip access-group 100 out
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip accounting output-packets
 ip flow ingress
 ip flow egress
 duplex auto
 speed auto
 no cdp enable

interface GigabitEthernet0/1
 description *** Conected to LAN **
 ip address 192.168.30.2 255.255.255.0 secondary
 ip address 192.168.10.2 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 standby 1 ip 192.168.10.1
 standby 1 timers 5 15
 standby 1 priority 110
 standby 1 preempt
 duplex auto
 speed auto
 no cdp enable


+++++++++++
ISP-2 :-


router bgp 200
 no bgp log-neighbor-changes
 network 192.168.10.0 mask 255.255.255.0
 network 192.168.30.0 mask 255.255.255.0
 neighbor 192.168.10.2 remote-as 200
 neighbor 192.168.10.2 version 4
 neighbor 192.168.10.2 next-hop-self
 neighbor 192.168.10.2 soft-reconfiguration inbound
 neighbor 192.168.10.2 prefix-list default out
 neighbor 192.168.10.2 maximum-prefix 25000 50
 neighbor172.16.100.1 remote-as 300
 neighbor172.16.100.1 next-hop-self
 neighbor172.16.100.1 soft-reconfiguration inbound
 neighbor172.16.100.1 route-map AS_PREP out
 neighbor172.16.100.1 maximum-prefix 50000 50
 neighbor172.16.100.1 filter-list 10 out

ip as-path access-list 1 permit ^300$
ip as-path access-list 10 permit ^$

ip prefix-list LAN1 seq 5 permit 192.168.30.0/24
!
ip prefix-list LAN2 seq 5 permit 192.168.10.0/24
!
ip prefix-list block seq 5 deny 0.0.0.0/0 ge 1
!
ip prefix-list default seq 5 permit 0.0.0.0/0

route-map WAN_OUT permit 10
 match as-path 10
!
route-map AS_PREP permit 10
 match ip address prefix-list LAN2
 set as-path prepend 200 200 200 200 200
!
route-map AS_PREP permit 20

ip route 0.0.0.0 0.0.0.0 172.16.1.1 name Default

interface GigabitEthernet0/0
 description ISP-2 Link
 ip address 192.168.30.3 255.255.255.0 secondary
 ip address 192.168.10.3 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 standby 1 ip 192.168.10.1
 standby 1 timers 5 15
 standby 1 preempt
 duplex auto
 speed auto
 no cdp enable
!
interface GigabitEthernet0/1
 description *** Connected to LAN ***
 ip address 172.16.100.2 255.255.255.252
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 ip flow egress
 duplex auto
 speed auto
 no cdp enable

Regards

JN

8 Replies 8

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello JN,

>> 

We are advertising two pools on this links , 192.168.10.0/24 from one ISP and 192.168.30.0/24 from other ISP.

Couple of days back we have experienced a problem during outage of ISP-1 link. We were not able to access pool advertised on ISP-1. Failover to second ISP was also not happened.

>>

The first and most important question is the following?

Are the IP prefixes 192.168.10.0/24 owned by ISP1 and 192.168.30.0/24 owned by ISP2?

I mean has your company received two address blocks that belong to respective ISPs?

If so, ISP1 and ISP2 need to make a special agreement to cover the fault cases, because normally an ISP does not expect or accept that one address block it owns is advertised by another ISP.

Things are different if your company owns its own address space and this address space is made of 192.168.10.0/24 and 192.168.30.0/24. (I'm considering these two private IP addresses placeholders for the real public IP addresses).

Hope to help

Giuseppe

Hi Giuseppe

I have never worked for an ISP so just for my own information do they usually agree to do this sort of thing ie. advertise out a block that is not owned by them.

Obviously it breaks their summarisation further upstream so are they reluctant to do it, is there a cost involved and will they only consider it for /24's or greater ?

Jon

ISPs will advertise blocks owned by other ISP. You just have to ask them to do it and submit a documents confirming you are using a block from another ISP.

Also, ISPs will only accept /24 or larger blocks.

Thanks.

Jon

Hi Friends,

You are right !  Both the IP pools 192.168.10.0 and 192.168.30.0 are owned by our company only  and not provided by any of the ISPs.

Anyway, seems we deviated from issues here, Please suggest as requested.

Rgds

JN

It's not clear what all your configuration is doing.

At the moment each router sends a default route to the other router via BGP but on both routers you also have static default routes configured which will override the BGP ones.

The next hop IP of those static routes is 172.16.1.1 on both routers which is the CE outside interface to ISP1, is that a typo ?

Note also ISP2 does not have the full BGP routing table so it may be that if you were trying to access from a client on the internet that ISP2 did not have a route for it would then use it's static default route pointing to the other CE.

In which case you have a routing loop.

Difficult to say what happened without more details but there are certainly some things in the configuration that are confusing especially the static default routes.

What does a "sh ip bgp neigh <ISP IP > advertised-routes" show on each CE device ?

What does a "sh ip route 0.0.0.0 0.0.0.0" show on each CE device ?

Jon

Hello Jon,

I agree with Pashtet13, it is the multi homed customer that makes agreements with the two ISPs to have them accept each other /24 address blocks.

You can expect the two ISP to have a peering session between them and in case of fault the missing address block starts to be received over the peering session with the other ISP.

For this reason agreements are needed.

Hope to help

Giuseppe

Giuseppe

Thanks for that, like I say was just wondering how easy it was to get ISPs to agree to this and it sounds like it is not actually that much of a problem.

Jon

Review Cisco Networking for a $25 gift card