03-27-2019 11:30 AM
Dear Team,
We have 2 ISP's and BGP is running between them. Details are follows
Router 1 - ISP 1 - Airtel - AS 9895
Router 2 - ISP 2 - Reliance - AS 55435
Our AS - AS 133038
Our APNIC Pool - 103.133.130.0/23
The advertisement for ISP's are follows
Router1 (ISP1)
103.133.130.0/23
103.133.130.0/24
Router2 (ISP2)
103.133.130.0/23
103.133.131.0/24
we have a requirement to load balance the prefixes through two ISP’s. One of the ISP (Airtel) is primary for first prefix (103.133.130.0/24) and the second ISP (Reliance) is secondary for second prefix (103.133.131.0/24).If any of the ISP link fails all of the traffic must be come through another link (103.133.130.0/23).
In our present condition, we assigned one public ip from 103.133.131.0/24 segment to our server and checked the traffic. Unfortunately it is coming through ISP1 (Airtel). It is not taking the Reliance path.
For achieving this BGP loadbalacing whether ISP end has to do anything ?
Or we need to do any additional configuration for the same ?
Could some one please have a look and give the guidelines.
Regards,
Satheesh
03-27-2019 02:21 PM - edited 03-27-2019 02:30 PM
Hello Satheesh
When we talk about BGP it is not possible to have the control on how your ISPs send the traffic to your domain (AS), every AS make its own routing decisions according to its own policies. However BGP provides us the flexibility to manipulate how the traffic comes in and out from your domain (AS) by using BGP attributes (Weight, Local Preference, etc) one good practice that many ISPs use to influence how they need the traffic comes into their AS is the BGP attribute AS-Path, (regardless what your ISP is doing) using AS-Path you may get some kind of load balancing (though BGP doesn't do this like an IGP as OSFP or IS-IS), this attribute prefers the path with the shortest AS-Path length to gets its destination network. Adding copies of your AS (AS path prepend) makes a specific path longer than other one, so you may influence how you want the traffic comes into your domain.
This documentation could help to get a better knowledge what I'm talking about.
Note that AS-Path influences how the traffic comes into your domain, so you will need to influence how you want the traffic leaves your domain, as well, otherwise you will have asymetric traffic flows.
HTH
Marcelo
03-28-2019 10:45 PM
Marcelo, Thanks for your valuable comments
Regards,
Satheesh
03-29-2019 06:12 AM
I am not clear about this statement
" we assigned one public ip from 103.133.131.0/24 segment to our server and checked the traffic. Unfortunately it is coming through ISP1 (Airtel). It is not taking the Reliance path."
Are you talking about how traffic from the Internet comes to this server? Or are you talking about how traffic from this server goes to the Internet?
The configuration of BGP that you have told us about so far will influence how traffic from Internet comes into your network. Traffic to addresses in 103.133.130.0 will come through ISP 1. And traffic to addresses in 103.133.131.0 will come through ISP 2. And if either ISP fails then all traffic from Internet will come through the ISP that is still working. This should work and there is not anything that either ISP has to do to make this work. (this statement is based on the assumption that your address space is provider independent addresses. if your address space is provided by one of your ISP then you may need to do some work with the other ISP to get it to work)
The decision about how traffic from your server goes to the Internet depends on some things that you have not yet told us. Does each ISP advertise to you just a default route, advertise to you selected routes plus a default route, or advertise to you the full Internet routing table? Does your BGP configuration modify any attributes (weight, local preference, etc) on routes advertised to you from the ISPs?
If you want to achieve a situation in which traffic originating from addresses in 103.133.130.0 goes out through ISP 1 and traffic originating from 103.133.131.0 goes out through ISP 2 then you will need to implement something like Policy Based Routing.
HTH
Rick
04-01-2019 10:48 PM
Are you talking about how traffic from the Internet comes to this server?
Yes Rick,
Now the issue got cleared, We advertised 103.133.130.0/23, 103.133.130.0/24 to ISP1 and 103.133.130.0/23, 103.133.131.0/24 to ISP 2.
Now the load balancing is working properly. We checked by assigning one public ip to the server from each subnet (103.133.130.0/24 and 103.133.131.0/24 ) and checked the redundancy , all are working fine. Thanks for your comments.
Result:
Server public IP 103.133.130.150, traffic flow towards the server from public
Public ---> ISP 1----->Firewall (NAT ip: 103.133.130.150)----->Server
Server public IP 103.133.131.150, traffic flow towards the server from public
Public ---> ISP 2----->Firewall (NAT ip: 103.133.131.150)----->Server
ISP1 got failed- traffic flow towards the server 103.133.130.150 from public
Public ---> ISP 2----->Firewall (NAT ip: 103.133.130.150)----->Server
ISP2 got failied- traffic flow towards the server 103.133.131.150 from public
Public ---> ISP 1----->Firewall (NAT ip: 103.133.131.150)----->Server
Regards,
Satheesh S P
04-03-2019 04:46 PM
@satheeshckl you're very welcome!
We're happy you have found a solution thanks to the knowledge and experience from this community's members
Regards,
03-29-2019 07:13 AM
Hello
I hope you don't mind me joining this post?
I would agree with @marceaubueno and @Richard Burts that you can influence path selection using bgp path attributes and PBR, may i ask though of how many routers do you have that connect to the ISP's?
What is this 103.133.130.0/23 prefix? ( is it a PI or PA assigned address space or an Internal LAN prefix)
Do you have specific destination addresses that you wish these x.x130.0/24 and x.x131.0/24 subnets to route towards or it is just all source based traffic to be split between the two ISP's?
What external prefixes are you receiving from each ISP, Full, partial or default routes?
Depending on how many routers you are using to connect to the ISP's and what routes you are receiving can depend if a BGP PA can use be used to influence egress traffic or some else like policy based routing would be applicable.
For ingress traffic manipulation i would say utilizing the BGP AS-PATH PA could be a viable option to implement.
04-01-2019 11:02 PM
Paul,
Paul,
Could you please find below answers for your queries.
how many routers do you have that connect to the ISP's?
2
What is this 103.133.130.0/23 prefix?
It is APNIC public pool which we purchased for multi homing
Now the issue got cleared, We advertised 103.133.130.0/23, 103.133.130.0/24 to ISP1 and 103.133.130.0/23, 103.133.131.0/24 to ISP 2.
Now the load balancing is working properly. We checked by assigning one public ip to the server from each subnet (103.133.130.0/24 and 103.133.131.0/24 ) and checked the redundancy , all are working fine. Thanks for your comments.
Result:
Server public IP 103.133.130.150, traffic flow towards the server from public
Public ---> ISP 1----->Firewall (NAT ip: 103.133.130.150)----->Server
Server public IP 103.133.131.150, traffic flow towards the server from public
Public ---> ISP 2----->Firewall (NAT ip: 103.133.131.150)----->Server
ISP1 got failed- traffic flow towards the server 103.133.130.150 from public
Public ---> ISP 2----->Firewall (NAT ip: 103.133.130.150)----->Server
ISP2 got failed- traffic flow towards the server 103.133.131.150 from public
Public ---> ISP 1----->Firewall (NAT ip: 103.133.131.150)----->Server
Regards,
Satheesh S P
04-02-2019 09:23 AM
Satheesh
Thank you for the update telling us that the issue got cleared. I am glad that you found a solution that works for your situation.
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide