BGP Layer 3 environment on Site A and backup Site issue on Switch 9300

Xx20GaryL21xX · ‎04-10-2022

Hi All,

Site A <BGP protocol> Backup Site B

We did the scenario of Stacked Site A whole switches 9300 are down and backup site of Stacked Switch 9300 did not pick up on it because the subnet of switch gateway vlan IP (Vlan 221) on Site A which is normal. By the way, We did the test of BGP which are able to sync to ISP.

Mainly, I set on Backup Site B and add a Vlan 221 with 221.126.192.X /28 and our server able to ping on our Vlan IP, but it cannot go out to ISP internet temporary.

Do anyone have any ideal how to do that? Static Routing to allowed Vlan 221 through Vlan 222 go for ISP internet?

Site A

Vlan 221

221.126.192.97/28 ISP Internet

Vlan 222

no addr

Backup Site B

Vlan 221

no addr

Vlan 222

221.126.192.113/28 ISP Internet

Site A Conf

int Port-channel1
switchport trunk allowed vlan 172,173,221,222
switchport mode trunk

Gi1/1/1
no switchport
ip address 10.100.248.X 255.255.255.252
speed nonnegotiate

Gi1/1/2
switchport trunk allowed vlan 172,173,221,222
switchport mode trunk
channel-group 1 mode active

Gi2/1/1
no switchport
ip address 10.100.248.X 255.255.255.252
speed nonnegotiate

Gi2/1/2
switchport trunk allowed vlan 172,173,221,222
switchport mode trunk
channel-group 1 mode active

int Vlan 172
ip addr 172.24.44.X 255.255.255.192 secondary
ip addr 172.24.33.X 255.255.255.192

int vlan 173
ip addr 192.168.18.X 255.255.255.0

int Vlan 221
ip addr 221.126.192.X 255.255.255.240

int vlan 222
no ip addr

router bgp 64990
bgp router-id 10.100.248.X
bgp log-neighor-changes
bgp dampening 5 1900 2000 10
network 172.24.33.0 mask 255.255.255.192
network 172.24.44.0 mask 255.255.255.192
network 221.126.192.100 mask 255.255.255.240
network 221.126.192.112 mask 255.255.255.240
neighbor 10.100.248.X remote-as 65303
neighbor 10.100.248.X route-map PRIORITY_REDIST out
neighbor 10.100.248.X remote-as 65303
neighbor 10.100.248.X route-map PRIORITY_REDIST out

ip access-list standard VL172
10 permit 172.24.33.0 0.0.0.63
20 permit 172.24.44.0.0.0.0.63
ip access-list standard VL221
10 permit 221.126.192.100 0.0.0.15 Site A internet subnet
ip access-list stadnard VL222
10 permit 221.126.192.112 0.0.0.15 Site B internet subnet

ip access-list standard 1
10 permit 221.126.192.100 0.0.0.15
20 permit 172.24.33.0 0.0.0.63
30 permit 172.24.44.0 0.0.0.63
40 deny any log

ip access-list standard 2
10 permit 221.126.192.100 0.0.0.15
20 deny any log
30 permit 221.126.192.112 0.0.0.15

route-map PPRIORITY_REDIST permit 10
match ip address VL172
set as-path prepend 64990 64990

route-map PPRIORITY_REDIST permit 20
match ip address VL221

route-map PPRIORITY_REDIST permit 30
match ip address VL222

Backup Site B

int Port-channel1
switchport trunk allowed vlan 172,173,221,222
switchport mode trunk

Gi1/1/1 ISP
no switchport
ip address 10.100.248.x 255.255.255.252
speed nonnegotiate

Gi1/1/2 dark fiber
switchport trunk allowed vlan 172,173,221,222
switchport mode trunk
channel-group 1 mode passive

Gi2/1/1 ISP
no switchport
ip address 10.100.248.x 255.255.255.252
speed nonnegotiate

Gi2/1/2 dark fiber
switchport trunk allowed vlan 172,173,221,222
switchport mode trunk
channel-group 1 mode passive

int Vlan 172
ip addr 172.24.44.x 255.255.255.192 secondary
ip addr 172.24.33.x 255.255.255.192

int vlan 173
ip addr 192.168.18.x 255.255.255.0

int Vlan 221
no address

int vlan 222
ip addr 221.126.192.x 255.255.255.240

router bgp 64990
bgp router-id 10.100.248.X
bgp log-neighor-changes
bgp dampening 5 1900 2000 10
network 172.24.33.0 mask 255.255.255.192
network 172.24.44.0 mask 255.255.255.192
network 221.126.192.100 mask 255.255.255.240
network 221.126.192.112 mask 255.255.255.240
neighbor 10.100.248.x remote-as 65303
neighbor 10.100.248.x route-map PRIORITY_REDIST out
neighbor 10.100.248.x remote-as 65303
neighbor 10.100.248.x route-map PRIORITY_REDIST out

ip access-list standard VL172
10 permit 172.24.33.0 0.0.0.63
20 permit 172.24.44.0.0.0.0.63
ip access-list standard VL221
10 permit 221.126.192.100 0.0.0.15 Site A ISP internet subnet
ip access-list stadnard VL222
10 permit 221.126.192.112 0.0.0.15 Site B ISP internet subnet

ip access-list standard 1
10 permit 221.126.192.112 0.0.0.15
20 permit 172.24.33.0 0.0.0.63
30 permit 172.24.44.0 0.0.0.63
40 deny any log

ip access-list standard 2
10 permit 221.126.192.100 0.0.0.15
20 deny any log
30 permit 221.126.192.112 0.0.0.15

route-map PPRIORITY_REDIST permit 10
match ip address VL172
set as-path prepend 64990 64990

route-map PPRIORITY_REDIST permit 20
match ip address VL221

route-map PPRIORITY_REDIST permit 30
match ip address VL222

Flavio Miranda · ‎04-10-2022

Hi

This is not a complex scenario to build. But, I did not understand exactly what you did. For example, what is VL221 on the route-map ?

If possible, share a simple draw to help us understand.

Xx20GaryL21xX · ‎04-10-2022

Hi Miranda,

I updated my post of my ip access standard VL172, VL221 and VL222 that route-map used these route-map.

It hopes to easy and understand this BGP.

Last time. We have one situation which are Site A stack 9300 suddenly shut down for power issue IP.

We would like to temporality shrift the vlan 221 subnet through Backup site Vlan 222 to go internet.

Site A <--BGP--> Backup site B

Site A <--Dark fiber local trunk Vlan 172, Vlan 221 and Vlan 222--> Backup Site B for the server communication.

Backup site

Vlan 221 have vlan tagged but do not have ip address

Vlan 222 is a this site internet with BGP with vlan ip address.

After that, we added Vlan 221 with Vlan ip address.

Server able to ping on Vlan 221 on backup site but it cannot go out to internet.

Do you configuration that I missed or additional I can able to add on our switch 9300? static route?

Thanks

Flavio Miranda · ‎04-11-2022

If I understood correctly, you dont even need BGP to accomplish that. You can use HRSP depending on the topology.

When you say stack 9300 this means this stack is used as L3 and you have users connected on it? I mean, it is you ISP connected directly on the 9300 or do you have a router between 9300 and ISP?

Sorry, I can not see your topology if you attached it.

Do you use eBGP which ISP?

Xx20GaryL21xX · ‎04-11-2022

Hi Miranda,

HRSP depending our Switches 9300 at Site A and Site B

Vlan 172

Vlan 221

Vlan 222

Backup Site B, do we need to set default route 0.0.0.0 0.0.0.0 221.126.192.113?

When you say stack 9300 this means this stack is used as L3 and you have users connected on it? I mean, it is you ISP connected directly on the 9300 or do you have a router between 9300 and ISP?

Yes. ISP (client) connected directly on 9300 fiber channel.

We do not have router between 9300 and ISP. We just switch 9300 as L3 switches which directed connect with ISP (Huawei core switches) for the BGP routing protocol.

Do you use eBGP which ISP?

The ISP (client) have IBGP on their Huawei switches

ISP

Site A Core stack Switches EBGP <-----IBGP---> Backup Site B Core stack switches EBGP

We do not use the ebgp on our 9300 switches configuration as our post.

Do we set the cost of BGP on Both site?

Do I miss on route-map missing following command on 9300.

route-map PPRIORITY_REDIST permit 20
match ip address VL221

set as-path prepend 64990 64990

route-map PPRIORITY_REDIST permit 30
match ip address VL222

set as-path prepend 64990 64990

Thanks

MHM Cisco World · ‎04-11-2022

even second topology I don't get it,
but let first
bluse site A and green stack site A connect via ?
why you connect Green stack site A to both Blue Site A and Site B and then config BGP between two green stack ?

Xx20GaryL21xX · ‎04-11-2022

Hi MHW,

bluse site A and green stack site A connect via ?

Blue Site A and green stack Site A connect via their ISP Huawei (221.126.XXX.XXX) for internet.

why you connect Green stack site A to both Blue Site A and Site B and then config BGP between two green stack?

It is because we provide the SBC phone services to them and we config the BGP between the Client ISP switches (blue) and our 9300 switches (green) to our servers.

We set the BGP and make sure it able to failover to Site A and backup site B. It uses BGP as same number with same ISP provider.

Last time, we corporated with them for the BGP setting between Site A and backup Site B which able to sync completed.

They have already set this two similar subnet (221.126.192.X) on their BGP setting.

Before

Site A

we just Vlan 221

221.126.192.100/28

221.126.192.112/28 Secondary

Backup Site B

221.126.192.112/28

221.126.192.100/28 Secondary

After we configurated.

Vlan 221 Site A 221.126.192.100/28

Vlan 222 Site B 221.126.192.112/28

Updated

ip access-list standard VL

ip access-list standard

route-map PPRIORITY_REDIST

We tried to test the site A down and backup Site B pick up the Vlan 221 subnet through Vlan 222 to internet which failed. it just Internal network vlan 221 is ping normal from Server, but it does not able to ping outside.

MHM Cisco World · ‎04-11-2022

Hi Friend,
you use three path
two vis Blue Site A & B and other via Green Site B "BGP".

for the two primary and backup please config the cost for primary in each site.
In Site Green A cost for the Blue site A is better than Blue Site B
In Site Green B cost for the Blue Site B is better than Blue Site A

and for inter-connect both Green Site A and Green Site B I need to see show ip bgp.

Xx20GaryL21xX · ‎04-12-2022

Hi MHW

By the way, Blue Site A & B is from ISP ((Huawei core switches 9300) and not for us.

Site Green A and Green B is for our stack switches 9300

Site A

sh ip bgp

BGP table version is 5, local router ID is 10.100.248.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path, L long-lived-stale,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path
*> 0.0.0.0 10.100.248.9 0 65303 9304 i
*> 172.24.33.0/26 0.0.0.0 0 32768 i
*> 172.24.44.0/26 0.0.0.0 0 32768 i
*> 221.126.192.100/28
0.0.0.0 0 32768 i

Backup Site B

sh ip bgp
BGP table version is 41, local router ID is 10.100.248.14
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path, L long-lived-stale,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path
* 0.0.0.0 10.100.248.5 0 65303 9304 i
*> 10.100.248.13 0 65303 9304 i
*> 172.24.33.0/26 0.0.0.0 0 32768 i
*> 172.24.44.0/26 0.0.0.0 0 32768 i
*> 221.126.192.112/28
0.0.0.0 0 32768 i

Current setting of Vlan 221 and 222 on Both Site A and B

Site A

Vlan 221

ip addr 221.126.192.97 255.255.255.240

Vlan 222

no addr

Site B

Vlan 221

no addr

Vlan 222

ip addr 221.126.192.113 255.255.255.0

Both Site for the cost of BGP

Do I miss on route-map missing following command on 9300.

route-map PPRIORITY_REDIST permit 10
match ip address VL172
set as-path prepend 64990 64990

route-map PPRIORITY_REDIST permit 20
match ip address VL221

set as-path prepend 64990 64990

route-map PPRIORITY_REDIST permit 30
match ip address VL222

set as-path prepend 64990 64990

By the way, is that possible make Vlan 221, 172 to be HSRP on both site of Switch 9300?

Backup Site B, do we need to set default route 0.0.0.0 0.0.0.0 221.126.192.113?

Thanks