04-18-2012 02:23 PM - edited 03-04-2019 04:04 PM
Hello,
Currently we have a 50mb pipe with our carrier SONIC. We have signed another contract with another provider here in town (Charter) to multihome our Internet connections in an active/active configuration. We have leased our /24 space through our carrier SONIC. ARIN has already approved our org-ID for an ASN and they will be sending us that once the billing portion is finished.
There a few design considerations I was hoping I could get some insight from the community on.. Before I start, the ultimate goal for us to use BOTH Internet connections in an active/active configuration - utilizing both pipes..
Disclaimer: I have gathered this design from a lot of other posts that have somewhat of a similiar topology with ASA-->3750-->router pair-->CPE--internet.. Please keep an open mind if you think im on the wrong track..
Please see the attached design topology.
Questions related to design:
Thank's in advance for any assistance/insight you can provide as this is the most advanced topology I have worked with.
Solved! Go to Solution.
07-19-2012 09:01 AM
Hey Ibrahim, the configuration is almost an exact replica of the document I shared earlier.. The only difference is I grabbed the most updated Bogons from this site: http://www.team-cymru.org/Services/Bogons/http.html
Duncan - I ended up going with two 3750 switches in a stack configured, stricly Layer2 like you said.. There was no requirement to have them L3, basically plug-n-play with some obvious security hardening and port speed/duplex settings.
I didn't have to change anything on my firewall since its the same default route -> .1 (HSRP active router) - DC-iNet-RT1 -> iBGP to DC-iNet-RT2 (HSRP standby router). I'm tracking the gig0/0/0 interface on RT1 to ATT, if it fails, RT2 becomes primary.
I called ATT and setup carrier routes plus a default (approx. 56k) routes.. Everything is working fine. Thanks everyone for your help on this thread. If you have any questions, let me know.
05-02-2013 11:49 PM
We have a multihomed WAN connectivity, the primary link is give the priority as it has 100 Mbps and we wish to failover to secondary (30 Mbps) only when primary is down. Attached the diagram for reference.
Previous to the BGP link we had a static connectivity to single ISP(ISP1) and this used to be the default routing path. Now for redundancy purpose we have changed the default path to go via the bgp network.
After changing the default route to BGP we have noticed that the download speed dropped down to 20 kb/s, also the outside interface usage not crossing 3 Mb/s. Later for testing purpose we have shutdown the secondary ISP interface (int g0/2) and suddenly the outside interface bandwidth gone up to 50 % of its capacity and also the download speed increased to the normal values.
We are continuiing with the secondary interface shutdown and planning to manually bring this interface if primary goes down. Any idea why the bandwidth is dropping when both ISP interfaces are active. Below are the BGP configurations in the WAN router, please help me to fix this issue because i am clueless about the problem.
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface GigabitEthernet0/1
description ISP-1 OUTSIDE
ip address 141.41.176.26 255.255.255.252
load-interval 30
duplex full
speed 100
!
interface GigabitEthernet0/2
description ISP-2 OUTSIDE
ip address 180.51.19.10 255.255.255.252
load-interval 30
shutdown
duplex full
speed 1000
!
interface GigabitEthernet0/1/0
description Static INT to FIREWALL
switchport access vlan 141
no ip address
duplex full
speed 100
!
interface GigabitEthernet0/1/1
description BGP INT to FIREWALL
switchport access vlan 102
no ip address
duplex full
speed 100
!
interface GigabitEthernet0/1/2
description DNS
switchport access vlan 102
no ip address
!
interface Vlan102
description ###BGP WAN Pool - VLAN ###
ip address 102.15.150.1 255.255.255.224
!
interface Vlan141
description ISP-1 WAN Pool VLAN
ip address 141.41.176.125 255.255.255.224
!
router bgp 123456
bgp log-neighbor-changes
network 102.15.150.0 mask 255.255.255.0
neighbor 180.51.19.10 remote-as 12121
neighbor 180.51.19.10 description isp2
neighbor 180.51.19.10 soft-reconfiguration inbound
neighbor 180.51.19.10 route-map isp2 out
neighbor 141.41.176.26 remote-as 45450
neighbor 141.41.176.26 description isp1
neighbor 141.41.176.26 soft-reconfiguration inbound
neighbor 141.41.176.26 route-map isp1 out
maximum-paths 2
!
ip route 102.15.150.0 255.255.255.0 Null0 220
!
ip prefix-list isp1 seq 5 permit 102.15.150.0/24
!
ip prefix-list isp2 seq 5 permit 102.15.150.0/24
access-list 10 permit 102.15.150.0 0.0.0.255
!
route-map isp1 permit 10
match ip address prefix-list isp1
!
route-map isp2 permit 20
match ip address 10
set as-path prepend 123456 123456
!
06-27-2015 11:01 PM
Hi,
I have configured EBGP between to Internet service provider and configured HSRP with IBGP for High-Availability for Local traffic. In this Network Topology, I have two Firewalls behind Two Routers where I configured EBPG Multi-homing.
ISP01 ISP02
EBGP EBGP
Router01 IBGP Router02
HSRP
Firewall01 Firewall02
I have one global network block 105.X.X.X/23. My intention is to use both ISP active for 105.X.X.X/24 and 105.X.Y.X/24 while configuring EBGP Multi-homing with HSRP protocol. That means 105.X.X.X/24 will use one ISP for incoming and outgoing traffic and 105.X.Y.X/24 will use other ISP and fail-over happens in case of one ISP goes down.
Can you tell me how I can configure to achieve this Active/Active High-Availability configuring BGP with HSRP protocol and keeping Firewall behind for LAN Network.
I am looking forward to your assistance.
With Regards
Erfan
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide