Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1114
Views
15
Helpful
8
Replies

BGP loadbalancing

satheeshckl
Level 1
Level 1

‎03-27-2019 11:30 AM

Dear Team,

 

We have 2 ISP's and BGP is running between them. Details are follows

 

Router 1 - ISP 1 - Airtel - AS 9895
Router 2 - ISP 2 - Reliance - AS 55435
Our AS - AS 133038
Our APNIC Pool - 103.133.130.0/23

The advertisement for ISP's are follows

Router1 (ISP1)
103.133.130.0/23
103.133.130.0/24

Router2 (ISP2)
103.133.130.0/23
103.133.131.0/24


we have a requirement to load balance the prefixes through two ISP’s. One of the ISP (Airtel) is primary for first prefix (103.133.130.0/24) and the second ISP (Reliance) is secondary for second prefix (103.133.131.0/24).If any of the ISP link fails all of the traffic must be come through another link (103.133.130.0/23).

In our present condition, we assigned one public ip from 103.133.131.0/24 segment to our server and checked the traffic. Unfortunately it is coming through ISP1 (Airtel). It is not taking the Reliance path.

For achieving this BGP loadbalacing whether ISP end has to do anything ?

Or we need to do any additional configuration for the same ?

Could some one please have a look and give the guidelines. 

 

Regards,

Satheesh

Labels:
0 Helpful
8 Replies 8

marceaubueno
Level 1
Level 1

‎03-27-2019 02:21 PM - edited ‎03-27-2019 02:30 PM

Hello Satheesh

 

When we talk about BGP it is not possible to have the control on how your ISPs send the traffic to your domain (AS), every AS make its own routing decisions according to its own policies. However BGP provides us the flexibility to manipulate how the traffic comes in and out from your domain (AS) by using BGP attributes (Weight, Local Preference, etc) one good practice that many ISPs use to influence how they need the traffic comes into their AS is the BGP attribute AS-Path, (regardless what your ISP is doing) using AS-Path you may get some kind of load balancing (though BGP doesn't do this like an IGP as OSFP or IS-IS), this attribute prefers the path with the shortest AS-Path length to gets its destination network. Adding copies of your AS (AS path prepend) makes a specific path longer than other one, so you may influence how you want the traffic comes into your domain. 

 

This documentation could help to get a better knowledge what I'm talking about.

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_bgp/configuration/xe-3se/3850/irg-xe-3se-3850-book/irg-prefix-filter.html

 

Note that AS-Path influences how the traffic comes into your domain, so you will need to influence how you want the traffic leaves your domain, as well, otherwise you will have asymetric traffic flows. 

 

HTH

Marcelo    

satheeshckl
Level 1
Level 1
In response to marceaubueno

‎03-28-2019 10:45 PM

Marcelo, Thanks for your valuable comments 

 

Regards,

Satheesh

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to satheeshckl

‎03-29-2019 06:12 AM

I am not clear about this statement

" we assigned one public ip from 103.133.131.0/24 segment to our server and checked the traffic. Unfortunately it is coming through ISP1 (Airtel). It is not taking the Reliance path."

Are you talking about how traffic from the Internet comes to this server? Or are you talking about how traffic from this server goes to the Internet?

 

The configuration of BGP that you have told us about so far will influence how traffic from Internet comes into your network. Traffic to addresses in 103.133.130.0 will come through ISP 1. And traffic to addresses in 103.133.131.0 will come through ISP 2. And if either ISP fails then all traffic from Internet will come through the ISP that is still working. This should work and there is not anything that either ISP has to do to make this work. (this statement is based on the assumption that your address space is provider independent addresses. if your address space is provided by one of your ISP then you may need to do some work with the other ISP to get it to work)

 

The decision about how traffic from your server goes to the Internet depends on some things that you have not yet told us. Does each ISP advertise to you just a default route, advertise to you selected routes plus a default route, or advertise to you the full Internet routing table? Does your BGP configuration modify any attributes (weight, local preference, etc) on routes advertised to you from the ISPs?

 

If you want to achieve a situation in which traffic originating from addresses in 103.133.130.0 goes out through ISP 1 and traffic originating from 103.133.131.0 goes out through ISP 2 then you will need to implement something like Policy Based Routing.

 

HTH

 

Rick

 

HTH

Rick

satheeshckl
Level 1
Level 1
In response to Richard Burts

‎04-01-2019 10:48 PM

Are you talking about how traffic from the Internet comes to this server?

Yes Rick, 

 

Now the issue got cleared, We advertised 103.133.130.0/23, 103.133.130.0/24 to ISP1 and 103.133.130.0/23, 103.133.131.0/24 to ISP 2. 

Now the load balancing is working properly. We checked by assigning  one public ip to the server from each subnet (103.133.130.0/24 and 103.133.131.0/24 ) and checked the redundancy , all are working fine. Thanks for your comments.

Result:

Server public IP 103.133.130.150, traffic flow towards the server from public

Public ---> ISP 1----->Firewall (NAT ip: 103.133.130.150)----->Server

Server public IP 103.133.131.150, traffic flow towards the server from public

Public ---> ISP 2----->Firewall (NAT ip: 103.133.131.150)----->Server

ISP1 got failed-  traffic flow towards the server 103.133.130.150 from public

Public ---> ISP 2----->Firewall (NAT ip: 103.133.130.150)----->Server

ISP2 got failied-  traffic flow towards the server 103.133.131.150 from public

Public ---> ISP 1----->Firewall (NAT ip: 103.133.131.150)----->Server

 

Regards,

Satheesh S P

0 Helpful

marceaubueno
Level 1
Level 1
In response to satheeshckl

‎04-03-2019 04:46 PM

@satheeshckl you're very welcome!

We're happy you have found a solution thanks to the knowledge and experience from this community's members

 

Regards,

 

 

0 Helpful

paul driver
VIP
VIP

‎03-29-2019 07:13 AM

Hello

I hope you don't mind me joining this post?


I would agree with @marceaubueno  and @Richard Burts  that you can influence path selection using bgp path attributes and PBR, may i ask though of how many routers do you have that connect to the ISP's?

 

What is this 103.133.130.0/23 prefix? ( is it a PI or PA assigned address space or an Internal LAN prefix)

Do you have specific destination addresses that you wish these  x.x130.0/24 and x.x131.0/24 subnets to route towards or it is just all source based traffic to be split between the two ISP's?

 

What external prefixes are you receiving from each ISP, Full, partial or default routes?
Depending on how many routers you are using to connect to the ISP's and what routes you are receiving can depend if a BGP PA can use be used to influence egress traffic or some else like policy based routing would be applicable.

 

For ingress traffic manipulation i would say utilizing the BGP AS-PATH PA could be a viable option to implement.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

satheeshckl
Level 1
Level 1
In response to paul driver

‎04-01-2019 11:02 PM

Paul,

Paul,

Could you please find below answers for your queries.

 

how many routers do you have that connect to the ISP's?

2

What is this 103.133.130.0/23 prefix?

It is APNIC public pool which we purchased for multi homing

 

Now the issue got cleared, We advertised 103.133.130.0/23, 103.133.130.0/24 to ISP1 and 103.133.130.0/23, 103.133.131.0/24 to ISP 2. 

Now the load balancing is working properly. We checked by assigning  one public ip to the server from each subnet (103.133.130.0/24 and 103.133.131.0/24 ) and checked the redundancy , all are working fine. Thanks for your comments.

Result:

Server public IP 103.133.130.150, traffic flow towards the server from public

Public ---> ISP 1----->Firewall (NAT ip: 103.133.130.150)----->Server

Server public IP 103.133.131.150, traffic flow towards the server from public

Public ---> ISP 2----->Firewall (NAT ip: 103.133.131.150)----->Server

ISP1 got failed-  traffic flow towards the server 103.133.130.150 from public

Public ---> ISP 2----->Firewall (NAT ip: 103.133.130.150)----->Server

ISP2 got failed-  traffic flow towards the server 103.133.131.150 from public

Public ---> ISP 1----->Firewall (NAT ip: 103.133.131.150)----->Server

 

Regards,

Satheesh S P

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to satheeshckl

‎04-02-2019 09:23 AM

Satheesh

 

Thank you for the update telling us that the issue got cleared. I am glad that you found a solution that works for your situation.

 

HTH

 

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card