Hi Georg,

Thanks for your response.

I haven't configured them both yet and I am still working on it.

Currently only one router is operating in the production and have BGP configured for 2 ISPs.

So by adding the 2nd router in the production network I would like to achieve the scenario described in the above message.

Here is the configuration I have so far only on the 2nd router which should be connected to the 2nd ISP.

ip as-path access-list 1 permit ^222$
!
ip prefix-list ANNOUNCE
seq 5 permit 10.99.99.0/24
!
route-map ONLY-ISP2-NETS-OUT permit 10
match as-path 1
set local-preference 150
!
router bgp 111
neighbor 10.222.222.222 remote-as 222
neighbor 10.222.222.222 update-source lo1
neighbor 10.222.222.222 ebgp-multihop 2
neighbor 10.1.1.1 remote-as 111
neighbor 10.1.1.1 update-source lo2
neighbor 10.1.1.1 next-hop-self
!
address-family ipv4
neighbor 10.222.222.222 activate
neighbor 10.222.222.222 prefix-list ANNOUNCE out
neighbor 10.1.1.1 activate
neighbor 10.1.1.1 route-map ONLY-ISP2-NETS-OUT out

Hello,

have a look at the link below (scroll down to BGP topology 6), it has a couple of dual BGP sample configurations. You don't necessarily need the IP SLA, as the failover should be automatic...

https://showipbgp.com/sample-cisco-bgp-configuration-by-topology/

Thanks for sharing such a nice examples.

However, I have only one /24 block and based on the configuration of topology 6-1-2. Cisco dual BGP with AS prepend-iBGP (Load-sharing)

it will not work for me.

Any suggestion would be greatly appreciated. 

Hello,

I will lab this up and get back with you...

Hello,

I have labbed this up, this is what I have come up with. Basically, on the E1 router you set the local preference and the as path prepend, and on the E2 router, an IP SLA triggers an EEM script that changes the local preference in case the SLA fails. All IP addressing is obviously arbitrary...

hostname E1
!
interface Loopback1
ip address 100.100.100.100 255.255.255.255
!
interface GigabitEthernet0/0
description Link to E2
ip address 192.168.1.1 255.255.255.252
duplex auto
speed auto
!
interface GigabitEthernet0/1
description Link to ISP_1
ip address 1.1.1.1 255.255.255.252
duplex auto
speed auto
media-type rj45
!
router bgp 1
bgp router-id 100.100.100.100
bgp log-neighbor-changes
neighbor 1.1.1.2 remote-as 2
neighbor 1.1.1.2 route-map LOCAL_PREFERENCE_150 in
neighbor 1.1.1.2 route-map AS_PATH_PREPEND out
neighbor 192.168.1.2 remote-as 1
neighbor 192.168.1.2 next-hop-self
!
route-map AS_PATH_PREPEND permit 10
set as-path prepend 5
!
route-map LOCAL_PREFERENCE_150 permit 10
set local-preference 150

hostname E2
!
track 1 ip sla 1 reachability
!
interface Loopback2
ip address 200.200.200.200 255.255.255.255
!
interface GigabitEthernet0/0
description Link to E1
ip address 192.168.1.2 255.255.255.252
duplex auto
speed auto
!
interface GigabitEthernet0/1
description Link to ISP_2
ip address 2.2.2.1 255.255.255.252
duplex auto
speed auto
media-type rj45
!
router bgp 1
bgp router-id 200.200.200.200
bgp log-neighbor-changes
neighbor 2.2.2.2 remote-as 3
neighbor 192.168.1.1 remote-as 1
neighbor 192.168.1.1 next-hop-self
!
ip sla 1
icmp-echo 8.8.8.8 source-interface GigabitEthernet0/0
frequency 5
!
ip sla schedule 1 start-time now life forever
!
event manager applet ISP_1_DOWN
event track 1 state down
action 1.0 cli command "enable"
action 2.0 cli command "conf t"
action 3.0 cli command "route-map LOCAL_PREFERENCE_200 permit 10"
action 4.0 cli command "set local-preference 200"
action 5.0 cli command "exit"
action 6.0 cli command "router bgp 1"
action 7.0 cli command "neighbor 2.2.2.2 route-map LOCAL_PREFERENCE_200 in"
action 8.0 cli command "end"
!
event manager applet ISP_1_UP
event track 1 state up
action 1.0 cli command "enable"
action 2.0 cli command "conf t"
action 3.0 cli command "no route-map LOCAL_PREFERENCE_200 permit 10"
action 4.0 cli command "exit"
action 5.0 cli command "router bgp 1"
action 6.0 cli command "no neighbor 2.2.2.2 route-map LOCAL_PREFERENCE_200 in"
action 7.0 cli command "end"

Hi Georg,

Thank You once again for your assistance.

Let me comment my understanding regarding your configs: 

E1<->ISP1:

1. neighbor 1.1.1.2 route-map LOCAL_PREFERENCE_150 in - makes Outgoing route preferable as compared to E2<->ISP2

So, the path of packet is become: E1-ISP1 or E2-E1-ISP1

2. neighbor 1.1.1.2 route-map AS_PATH_PREPEND out - makes Inbound route preferable ISP2-R2 

Please correct me if I am wrong.

E2<->ISP2:

Here, everything is clear.

Only one thing connected with event manager applet - Don't we need clear ip bgp command inside it as well?

Hello

I would say with your current setup you wouldn't require tracking with ip sla if any isp has a failure upstream then those routes wouldn't be advertised towards your rtrs as such the less preferable prefix in the bgp rip would would take precedence in the global route table and resiliency would be provided based in the path attributes you have applied be it weight-local preference as prepending etc..

Hello

---

@arturmelyan wrote:

Currently only one router is operating in the production and have BGP configured for 2 ISPs.

So by adding the 2nd router in the production network I would like to achieve the scenario described in the above

---

Looking at your posted configuration the LP route map is applied in the wrong direction, it should be ingress on received routes and egress on advertised routes, However as this is currently for a single bgp rtr  peering towards two ips ebgp rtr you would set a weight path attribute for a preferred received prefixes again ingress. 

As/when you have dual ibgp rtrs then weight pa would'nt be applicable, you would need to incorporate local preference again using the same logic.

Lastly you also need to make sure your enterprise rtr do not become a transit path for either isp.

Example1: <--- Single rtr with two ISP ebgp peers

Router1 to  isp 1<-->  isp2

Example2: <---Dual ibgp rtrs with two ISP ebgp peers

Router 1 <->Isp1
route-map ASPREPEND permit 10
set as-path prepend 111 111 111

Hello Paul,

Thank you so much for your response.

I'll start by answering to your last 2 questions.

1. Its only your enterprise rtrs that IBGP peers to each other correct and the ISP peering is EBGP? - Correct.

2. Also are the isps in the same or different ASN? - In the different ASN

Regarding the LP route map is applied in the wrong direction, it should be ingress on received routes and egress on advertised routes - Exactly, I wrote it incorrect.  I just was confused a bit about Ingress and Egress concepts. Now it is everything clear. 

So, now I am solely interested in Dual rtrs with 2 ISPs.

As for Lastly you also need to make sure your enterprise rtr do not become a transit path for either isp - Doesn't below prefix-list on both enterprise routers solve this problem?  

ip prefix-list ANNOUNCE
seq 5 permit 10.99.99.0/24

neighbor 10.222.222.222 prefix-list ANNOUNCE out

Thank you for support.

Hello

---

@arturmelyan wrote:

As for Lastly you also need to make sure your enterprise rtr do not become a transit path for either isp - Doesn't below prefix-list on both enterprise routers solve this problem?  

ip prefix-list AN

NOUNCE
seq 5 permit 10.99.99.0/24

neighbor 10.222.222.222 prefix-list ANNOUNCE out

---

Apologies I was looking at this ONLY-ISP2-NETS-OUT so YES the current prefix-list would only advertised that subnet
but to save amending a prefix list you could use an as-path filter on your local asn and that would do the trick with less future administration.

Hello,

to safe amending a prefix list you could use an as path filter on your local asn and that would do the trick with less administration - I will keep it in mind, thank you. 

ONLY-ISP2-NETS-OUT out - This route map is needed for directing Outgoing traffic through ISP2 (E2-ISP2 or E1-E2-IPS2) which is destined for ISP2 clients only. And certainly, the direction should be changed to IN.

The same route map should be set on the E1 as well by pointing ASN of ISP1 as an as-path value. 

Will this all work correctly along with the rest configuration provided here by you? 

Hello

---

@arturmelyan wrote:

Hello,

Will this all work correctly along with the rest configuration provided here by you? 

---

---

The example 2 configuration should indeed work, just append the config ( access-list) to accommodate what prefix(s) you would like to take the non default ISP path

Thank you, Really helpful.