Solved: BGP Multihoming - automatic failover?

brettp · ‎10-06-2017

Hi... Please don't laugh... I'm a helpdesk guy thrown into the network admin position. I have my CCNA R&S cert and did recently finish the CCNP routing book. So, I have a little book smarts, but not practical knowledge of real world scenarios. I'm currently working on a project tweaking our internet connections. We have two, with two independent paths to the internet that are unaware of each other (no IGP, iBGP, or anything.) If one ISP link goes down, I have to manually change some static routes, NATs, ACLs, etc. for our ecommerce sites to stay online (using two different IP blocks from both ISPs.) I want to simplify things by registering an IP block from ARIN, that way I can share our own public prefix with the ISPs via BGP... that way, if one link goes down, I won't have to change NATs, ACLs, etc. It should just continue to work thanks to BGP. I understand there will be some additonal eBGP / iBGP tweaking... but I am not at that point yet.vTechnically speaking, if one ISP link goes down, obviously the default route we would be getting from the ISP would change on our router connecting to both ISPs... which would keep our internet link up. My question is this... maybe I'm missing something or I don't fully understand how the internet works... Often times, it's not the link to the PE router that goes down... it's just another link on the ISP network or beyond that (for instance, a traceroute would usually show traffic making a few hops into the ISP before dropping.) What I don't understand is, how does my router know the link is down if it's not the actual link between my router the PE router? If my traffic is able to make a few hops into the ISPs network, my link really isn't down so I'd imagine... my router would not use the other providers default route. Is that correct or am I missing something? Do people really use IP SLA for such things or am misunderstanding something? Again, please forgive my ignorance but I'm trying to learn here :) Thanks!

Julio E. Moisa · ‎10-07-2017

Hi

I dont know your topology but imagine you have:

Edge router 1 -------- ISP1

Internal network |

Edge router 2 -------- ISP2

You are using for example OSPF on your internal network. And you have an iBGP between the edge routers, so:

Your could use BGP attributes to manipulate the traffic an prefer the ISP1 over ISP2, then for an automatic failover you could configure fast-fallover, bgp dampening or make a combination of EEM Scripting + IP SLA + Object Track in order to execute a script doing what you want (for example shutdown down the BGP peering). So all the traffic will be moved to the Edge router 2 passing through the ISP2.

If you are receiving a default route from BGP you can advertise this route into OSPF on the edge routers with different metrics, for example metric 10 on edge router 1 and 20 on edge router 2 so it will prefer the lowest metric, once the default route is not being received through ISP1 (because the script shutdown the bgp peering with ISP1) the internal network will prefer the route through ISP 2 automatically.

Hope it is useful

:-)

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

View solution in original post

Meheretab Mengistu · ‎10-06-2017

Hi Brett,

Sometimes, the direct connection between your Gateway router and the ISP edge could be UP (interface UP/UP) while there is connectivity issue to the Internet. If you are going to have two ISPs and you choose one of the ISPs as a Primary and the other one as a Backup, you can use IP SLA to know for sure the Internet is down. You can then remove the route automatically from the routing table and the backup route will become primary.

HTH,

Meheretab

HTH,
Meheretab

Julio E. Moisa · ‎10-07-2017

Hi

I dont know your topology but imagine you have:

Edge router 1 -------- ISP1

Internal network |

Edge router 2 -------- ISP2

You are using for example OSPF on your internal network. And you have an iBGP between the edge routers, so:

Your could use BGP attributes to manipulate the traffic an prefer the ISP1 over ISP2, then for an automatic failover you could configure fast-fallover, bgp dampening or make a combination of EEM Scripting + IP SLA + Object Track in order to execute a script doing what you want (for example shutdown down the BGP peering). So all the traffic will be moved to the Edge router 2 passing through the ISP2.

If you are receiving a default route from BGP you can advertise this route into OSPF on the edge routers with different metrics, for example metric 10 on edge router 1 and 20 on edge router 2 so it will prefer the lowest metric, once the default route is not being received through ISP1 (because the script shutdown the bgp peering with ISP1) the internal network will prefer the route through ISP 2 automatically.

Hope it is useful

:-)

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

brettp · ‎10-08-2017

Thank you! You've confirmed that IP SLA really is a viable option... and thank you for the additional input. I will still have to do much reading to learn about the other options you provided.

Julio E. Moisa · ‎10-08-2017

Hi

It was a pleasure, have a great day!

:-)

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

tech.linkwave · ‎01-16-2018

Here is my configuration of both the routers but failover is not working...

Situation: I have 2 uplinks, 2 edge routers with 3 gigabit SFP port on each and getting default router from both up-links for BGP and have my own IP block from IRINN and AS number.

Up-Link Capacity: Primary router have 310Mbps uplink and Secondary router have 45Mbps uplink.

My Goal is: i want 103.99.12.0, 103.99.14.0 and 103.99.15.0 block to use primary up-link and 103.99.13.0 to use secondary up-link for all in and out going traffic and want fail-over of each router.... if primary goes down then all traffic from 12 , 14 and 15 should switch to secondary router and if secondary fails then traffic from 13 block should go through the primary link.

Please help and let me know whats wrong on this configuration.... right now all traffic is going through secondary router which have only 45Mbps up-link and it slow down entire traffic.

Thanks,

Sandy Sharma

Garland.Dawes@scc.com · ‎11-16-2023

Check your route-map, you’re doing bgp traffic filtering so the .13 address should be prepended twice on the primary and the others .12,14 and .15 same process on the back up.
notice your also prepending .12,14 and .15 on primary those should be preferred right?

Joseph W. Doherty · ‎11-16-2023

What's described in OP, is very unusual. I.e. if you're getting a default via an ISP using BGP, the ISP should withdraw the default route.

Using IPSLA with an Internet default route might be used when you have a static route default to an ISP.

To well handle the possible issue described in OP, something like Cisco's PfR could be used.