Hi, I have 2 Routers (2911), 2 ISP Connection, 1 /24 IP Block and AS Number. Indivitually, I did the BGP estbilishment with ISP. Now I trying achieve the load balancing as show in the above figure.
1. Is it possible to split the /24 IP Block into 2 /25 and advertize with 2 ISPs?
2. Is it possible to config the routers take-care routes handled by other router, in case of link failure?
3. iBGP/HSRP, which one to choose?
4. Currently my router is holding very big routing table. But my concern is only incoming traffic to my servers. I don't care about the out going traffic. I hope, ISP will takecare of it. In this case, How can I reduce the no of routes managed by my router?
before going into a technical discussion about how do it, the first thing to check is if your ISP's let you
announce /25 prefix. The greatest prefix than some ISP's let is /24. Some ISP let you lower prefix but
they don't propagate the prefix to their carriers. Think in a routing table where /32 or /30 prefix exist. So
/24 is usually the most specific prefix allowed and I see that /25 would be filtered for your ISP. Please,
contact your ISP.
If we suppose that your ISP let you /25 prefixes (and propagate to uplink carriers) then you should announce:
ISP A: 192.168.22.0/25 and 192.168.22.0/24
ISP B: 192.168.22.128/25 and 192.168.22.0/24
The most specific prefix is prefered and then you can balance the download traffic. The longer prefix
is for backup in case of troubles with some ISP.
iBGP is needed if you want to have the best PATH for each prefix. If you configure iBGP, then for each prefix the
best path will selected and the path can be through ISP A or B, depending on AS numbers in the path. So a packet
can arrive from your firewall to a router (link to ISP A), and forwarding to the other router (link to ISP B) because of
the path is better througn ISP B. The cross-link between routers let exchange the packets to use the best path.
HSRP is a level 2 protocol that let you have a virtual IP as gateway for your firewall. So, you firewall always forward
traffic to this ip that can be in router A or B. If your firewall does not speak BGP, you need it. Read this:
And finally, if you want to reduce your routing table you can filter routes with a prefix-list.
For example (only prefixes /24 are allowed):
ip prefix-list Allow-prefix-24 seq 5 permit 0.0.0.0/0 ge 24 le 24
router bgp as-number
neighbor 18.104.22.168 distribute-list Allow-prefix-24 in
Notice that if there are greaters prefix your router will not learn them and you can have some connectivity problems.
Anyway, if you do not care the upstream traffic and you do not configure iBGP to use the best path
for each prefix, you can filter all prefixes and allow only one classful prefix (A, B or C). Then use the command
ISP told us, they won't route any thing above /24. Does it mean I cannot do the load balance? Any other trick?
For redentency, I will go with HSRP.
I don't understand your tips about routing table entry reduction. Can you give some info?
But what I did is, initially I used ip prefix-list as below:
router bgp MYASN
neighbor 22.214.171.124 route-map rm_peer_1_in in
neighbor 126.96.36.199 route-map rm_peer_1_out out
ip prefix-list pl_peer_1_out seq 5 permit 192.168.22.0/24
route-map rm_peer_1_out permit 5
match ip address prefix-list pl_peer_1_out
route-map rm_peer_1_in permit 5
set local-preference 100
With this, I got MALLOC error. So later I added
ip as-path access-list 100 permit ^1234_[0-9]*$ and attach it as fillter-list. Now table entries are around 50K and No MALLOC errors.
local-preference is a BGP attribute that let you influence in how your traffic go out your AS (upsteam traffic). You can change the local preference for some BGP learned prefixes and do some balancing in upload. But your question was about download traffic. So local preference has no effect in the download traffic.
If your ISP's do not allow /25 prefixes is quite complicated do balancing in download. Notice that if you announce
/24 prefix to 2 different ISP's you must use BGP attributes that go through your ISPs (transitive attributes). It is very
difficult balancing in your situation. The only download balancing is the implicit depending on the if one prefix is learned better from one ISP or the another ISP.
Your route-map only set the local-preference in inbound. You can do filtering using AS numbers (
ip as-path access-list ) or prefixes (prefix-list). Sorry, my prefix list should be:
ip prefix-list Allow-prefix-24 seq 5 permit 0.0.0.0/0 le 24
This prefix-list allow any prefix whose length is /24 or lower (23, 22,21 an so on...).
You can use the length you want.
You must to decide if you want balancing in upload or you allow go only through an ISP. Why do you need a full BGP peer?. Only if you want mix the both ISP internet views to use the best path to a prefix. If your router are very load (memory resources) and you do not care the balancing in upload, think use only a default-route BGP peer.
Do you know "ip default-network" command?. It is a way to configure a default route. You configure a classful network (be careful) and if the router has a route to that network, that route is flagged as a candidate default route. So, you can:
If you want check only a prefix use:
ip prefix-list only-a-prefix seq 5 permit prefix/length
you have written a good post.
However, the route filtering example is not a good one.
I see that you have already realized this in a later post.
>> ip prefix-list Allow-prefix-24 seq 5 permit 0.0.0.0/0 le 24
Let's go on about your suggestions:
ask your ISP that propagate a default-route: OK
>>filter all BGP prefix except one and configure "ip default-network". This can be temporaly or if you want do test.
I have tested ip default-network with EIGRP only. I didn't know it can be used with BGP.
I see it in the protocol indipendent routing command reference
Nice to learn something new!
Hope to help
I still don't think that ip default-network feature interacts nicely with BGP.
Let's consider the following link.
the default network can be used with EIGRP or RIP. RIP advertises a 0/0 route, EIGRP sends out the prefix with a bit flag set as explained in books like Jeff Doyle's excellent one.
May you recall me what bit flag or BGP attribute can be used to flag a route as a candidate default route in BGP update message?
I don't remember any one. BGP might be able to send a 0/0 route when ip default-network is configured, but this would need to be tested.
I have trusted you in another thread where I have found your answer totally agreeable.
In any case let me say wellcome to CSC forums you are doing a good job here.
Keep going on this way
the objetive is not to create a default route in the BGP session as RIP or EIGRP. My suggestion is "simulating" a BGP peer that only send a default route. I know some ISP's (Telefonica in Spain) do not want to propagate default route in the BGP session. So, the only way to simulate a default route is inject only a prefix (in the ISP side) and use the "ip default-nework" command to BGP learned network (in the customer side). I suggest it as a way (temporally if the ISP can propagate the default route) to reduce the routing table.
Thank you for your posts and congratulations for your rating.
Not sure i understand-
"I have 2 Routers (2911), 2 ISP Connection, 1 /24 IP Block and AS Number. Indivitually, - 192.168.22.0/24 "
You wouldn't be advertising the ip range above to your ISP's and these are not routable addresses.- also you wouldn't want to advertise any addressing/routes between the ISP's as you would open yourself up as a transit path.
1. Is it possible to split the /24 IP Block into 2 /25 and advertise with 2 ISPs? - you mean split your lan
outgoing traffic between the two ISPs - if so then yes this can be done by Local preference ( higher value wins)
2. Is it possible to config the routers take-care routes handled by other router, in case of link failure? yes this can be done with with IBGP between your routers
3. iBGP/HSRP, which one to choose? - IBGP
4. Currently my router is holding very big routing table. But my concern is only incoming traffic to my servers. I don't care about the out going traffic. I hope, ISP will takecare of it. In this case, How can I reduce the no of routes managed by my router? - you can request the ISP to advetised to you a default route instead of the full routing table or filter them out as already suggested and if applicable use the local preferance to choose which path is the primary and which is the secondary or use both at the same time.
As for incoming traffic from ISP's - you can manipulate traffic path by AS -path prepending or Med ( the latter is way down the bgp order listing and only is advertised as far as the your neighboring AS meaning it isnt then forward on.
Please don't forget to rate any posts that have been helpful.