BGP Load balance

bharathi.s · ‎05-13-2013

Hi, I have 2 Routers (2911), 2 ISP Connection, 1 /24 IP Block and AS Number. Indivitually, I did the BGP estbilishment with ISP. Now I trying achieve the load balancing as show in the above figure.

1. Is it possible to split the /24 IP Block into 2 /25 and advertize with 2 ISPs?

2. Is it possible to config the routers take-care routes handled by other router, in case of link failure?

3. iBGP/HSRP, which one to choose?

4. Currently my router is holding very big routing table. But my concern is only incoming traffic to my servers. I don't care about the out going traffic. I hope, ISP will takecare of it. In this case, How can I reduce the no of routes managed by my router?

antonio.guirado · ‎05-13-2013

Hello,

before going into a technical discussion about how do it, the first thing to check is if your ISP's let you

announce /25 prefix. The greatest prefix than some ISP's let is /24. Some ISP let you lower prefix but

they don't propagate the prefix to their carriers. Think in a routing table where /32 or /30 prefix exist. So

/24 is usually the most specific prefix allowed and I see that /25 would be filtered for your ISP. Please,

contact your ISP.

If we suppose that your ISP let you /25 prefixes (and propagate to uplink carriers) then you should announce:

ISP A: 192.168.22.0/25 and 192.168.22.0/24

ISP B: 192.168.22.128/25 and 192.168.22.0/24

The most specific prefix is prefered and then you can balance the download traffic. The longer prefix

is for backup in case of troubles with some ISP.

iBGP is needed if you want to have the best PATH for each prefix. If you configure iBGP, then for each prefix the

best path will selected and the path can be through ISP A or B, depending on AS numbers in the path. So a packet

can arrive from your firewall to a router (link to ISP A), and forwarding to the other router (link to ISP B) because of

the path is better througn ISP B. The cross-link between routers let exchange the packets to use the best path.

HSRP is a level 2 protocol that let you have a virtual IP as gateway for your firewall. So, you firewall always forward

traffic to this ip that can be in router A or B. If your firewall does not speak BGP, you need it. Read this:

http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a0080093f2c.shtml

And finally, if you want to reduce your routing table you can filter routes with a prefix-list.

For example (only prefixes /24 are allowed):

ip prefix-list Allow-prefix-24 seq 5 permit 0.0.0.0/0 ge 24 le 24

router bgp as-number

neighbor 62.82.64.189 distribute-list Allow-prefix-24 in

exit

Notice that if there are greaters prefix your router will not learn them and you can have some connectivity problems.

Anyway, if you do not care the upstream traffic and you do not configure iBGP to use the best path

for each prefix, you can filter all prefixes and allow only one classful prefix (A, B or C). Then use the command

"ip default-nework ". This is the same if you ISP send you an default-route in the BGP peering.

Regards.

bharathi.s · ‎05-13-2013

Thanks AG.

ISP told us, they won't route any thing above /24. Does it mean I cannot do the load balance? Any other trick?

For redentency, I will go with HSRP.

I don't understand your tips about routing table entry reduction. Can you give some info?

But what I did is, initially I used ip prefix-list as below:

router bgp MYASN

neighbor 160.10.20.30 route-map rm_peer_1_in in

neighbor 160.10.20.30 route-map rm_peer_1_out out

ip prefix-list pl_peer_1_out seq 5 permit 192.168.22.0/24

route-map rm_peer_1_out permit 5

match ip address prefix-list pl_peer_1_out

route-map rm_peer_1_in permit 5

set local-preference 100

With this, I got MALLOC error. So later I added

ip as-path access-list 100 permit ^1234_[0-9]*$ and attach it as fillter-list. Now table entries are around 50K and No MALLOC errors.

antonio.guirado · ‎05-13-2013

Hello,

local-preference is a BGP attribute that let you influence in how your traffic go out your AS (upsteam traffic). You can change the local preference for some BGP learned prefixes and do some balancing in upload. But your question was about download traffic. So local preference has no effect in the download traffic.

If your ISP's do not allow /25 prefixes is quite complicated do balancing in download. Notice that if you announce

/24 prefix to 2 different ISP's you must use BGP attributes that go through your ISPs (transitive attributes). It is very

difficult balancing in your situation. The only download balancing is the implicit depending on the if one prefix is learned better from one ISP or the another ISP.

Your route-map only set the local-preference in inbound. You can do filtering using AS numbers (

ip as-path access-list ) or prefixes (prefix-list). Sorry, my prefix list should be:

ip prefix-list Allow-prefix-24 seq 5 permit 0.0.0.0/0 le 24

This prefix-list allow any prefix whose length is /24 or lower (23, 22,21 an so on...).

You can use the length you want.

You must to decide if you want balancing in upload or you allow go only through an ISP. Why do you need a full BGP peer?. Only if you want mix the both ISP internet views to use the best path to a prefix. If your router are very load (memory resources) and you do not care the balancing in upload, think use only a default-route BGP peer.

Do you know "ip default-network" command?. It is a way to configure a default route. You configure a classful network (be careful) and if the router has a route to that network, that route is flagged as a candidate default route. So, you can:

ask your ISP that propagate a default-route
filter all BGP prefix except one and configure "ip default-network". This can be temporaly or if you want do test. You can use some google prefix to ensure that always exist.

If you want check only a prefix use:

ip prefix-list only-a-prefix seq 5 permit prefix/length

Regards

Giuseppe Larosa · ‎05-13-2013

Hello Antonio,

you have written a good post.

However, the route filtering example is not a good one.

I see that you have already realized this in a later post.

>> ip prefix-list Allow-prefix-24 seq 5 permit 0.0.0.0/0 le 24

Let's go on about your suggestions:

ask your ISP that propagate a default-route: OK

>>filter all BGP prefix except one and configure "ip default-network". This can be temporaly or if you want do test.

I have tested ip default-network with EIGRP only. I didn't know it can be used with BGP.

I see it in the protocol indipendent routing command reference

http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_pi/command/iri-cr-a1.html#GUID-2D9C0FC7-DF72-48A9-A8A6-660EB44869E4

Nice to learn something new!

Hope to help

Giuseppe

antonio.guirado · ‎05-13-2013

Hi,

please if you consider it helpful rate it.

Thank in advanced.

Regards

Giuseppe Larosa · ‎05-13-2013

Hello Antonio,

I still don't think that ip default-network feature interacts nicely with BGP.

Let's consider the following link.

http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094374.shtml#ipnetwork

the default network can be used with EIGRP or RIP. RIP advertises a 0/0 route, EIGRP sends out the prefix with a bit flag set as explained in books like Jeff Doyle's excellent one.

May you recall me what bit flag or BGP attribute can be used to flag a route as a candidate default route in BGP update message?

I don't remember any one. BGP might be able to send a 0/0 route when ip default-network is configured, but this would need to be tested.

I have trusted you in another thread where I have found your answer totally agreeable.

In any case let me say wellcome to CSC forums you are doing a good job here.

Keep going on this way

Best Regards

Giuseppe

antonio.guirado · ‎05-13-2013

Hello Giuspee,

the objetive is not to create a default route in the BGP session as RIP or EIGRP. My suggestion is "simulating" a BGP peer that only send a default route. I know some ISP's (Telefonica in Spain) do not want to propagate default route in the BGP session. So, the only way to simulate a default route is inject only a prefix (in the ISP side) and use the "ip default-nework" command to BGP learned network (in the customer side). I suggest it as a way (temporally if the ISP can propagate the default route) to reduce the routing table.

Thank you for your posts and congratulations for your rating.

Regards.

paul driver · ‎05-13-2013

Hello

Not sure i understand-

"I have 2 Routers (2911), 2 ISP Connection, 1 /24 IP Block and AS Number. Indivitually, - 192.168.22.0/24 "

You wouldn't be advertising the ip range above to your ISP's and these are not routable addresses.- also you wouldn't want to advertise any addressing/routes between the ISP's as you would open yourself up as a transit path.

1. Is it possible to split the /24 IP Block into 2 /25 and advertise with 2 ISPs? - you mean split your lan

outgoing traffic between the two ISPs - if so then yes this can be done by Local preference ( higher value wins)

2. Is it possible to config the routers take-care routes handled by other router, in case of link failure? yes this can be done with with IBGP between your routers

3. iBGP/HSRP, which one to choose? - IBGP

4. Currently my router is holding very big routing table. But my concern is only incoming traffic to my servers. I don't care about the out going traffic. I hope, ISP will takecare of it. In this case, How can I reduce the no of routes managed by my router? - you can request the ISP to advetised to you a default route instead of the full routing table or filter them out as already suggested and if applicable use the local preferance to choose which path is the primary and which is the secondary or use both at the same time.

As for incoming traffic from ISP's - you can manipulate traffic path by AS -path prepending or Med ( the latter is way down the bgp order listing and only is advertised as far as the your neighboring AS meaning it isnt then forward on.

res

Paul

Please don't forget to rate any posts that have been helpful.

Thanks.

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul