Solved: BGP Multihoming design topology - Page 2

camdoggle · ‎04-18-2012

Hello,

Currently we have a 50mb pipe with our carrier SONIC. We have signed another contract with another provider here in town (Charter) to multihome our Internet connections in an active/active configuration. We have leased our /24 space through our carrier SONIC. ARIN has already approved our org-ID for an ASN and they will be sending us that once the billing portion is finished.

There a few design considerations I was hoping I could get some insight from the community on.. Before I start, the ultimate goal for us to use BOTH Internet connections in an active/active configuration - utilizing both pipes..

Disclaimer: I have gathered this design from a lot of other posts that have somewhat of a similiar topology with ASA-->3750-->router pair-->CPE--internet.. Please keep an open mind if you think im on the wrong track..

Please see the attached design topology.

Questions related to design:

What kind of routes should I get from each carrier? I have been told that partial/partial routes plus a default route form each carrier is the way to go. Also, I've heard mention that full routes from both carriers are preferred. My ASR1001's can support ~500k routes. I know the global table is approximately ~337k routes. My goal is to use both pipes and use the best outbound path per carrier.

We will be leasing our /24 space from SONIC. I plan on running OSPF on the DC-Edge-SW1 in conjunction with iBGP - so I can default originate two equal cost routes back to my ASA. My confusion is when the traffic hits DC-Edge-SW1, there will be default equal-cost iBGP routes to both ASR1001's (DC-Edge-RT1 & DC-Edge-RT2). If the switch does not have the BGP table, it will just load-share across both ASR's. When the traffic hits the ASR's, will they know which carrier has the best path and route accordingly?

Should the iBGP connection between both routers be directly connected ? Or will it suffice through the L3 3750 connection? Also, with the limitations on the routes for the ASR1001 at ~500k. If we end up getting full routes from carriers and create a iBGP neighborship between both routers, will this exceed the route limitations on this platform?

On both routes, I will have the network statement 'network 12.231.69.0 mask 255.255.255.0.' This is a leased network from SONIC, and we NAT everything on our ASA to 12.231.69.10. My question is, will this be a problem broadcasting this network from our AS to both carriers AS?

Refer to bgp-design.jpg - is it a requirement that I use our leased public subnet 12.231.69.0/24 for the interfaces from ASA5510 -> 3750 -> ASR1001?

Thank's in advance for any assistance/insight you can provide as this is the most advanced topology I have worked with.

camdoggle · ‎07-19-2012

Hey Ibrahim, the configuration is almost an exact replica of the document I shared earlier.. The only difference is I grabbed the most updated Bogons from this site: http://www.team-cymru.org/Services/Bogons/http.html

Duncan - I ended up going with two 3750 switches in a stack configured, stricly Layer2 like you said.. There was no requirement to have them L3, basically plug-n-play with some obvious security hardening and port speed/duplex settings.

I didn't have to change anything on my firewall since its the same default route -> .1 (HSRP active router) - DC-iNet-RT1 -> iBGP to DC-iNet-RT2 (HSRP standby router). I'm tracking the gig0/0/0 interface on RT1 to ATT, if it fails, RT2 becomes primary.

I called ATT and setup carrier routes plus a default (approx. 56k) routes.. Everything is working fine. Thanks everyone for your help on this thread. If you have any questions, let me know.

VAbr AVib · ‎05-02-2013

We have a multihomed WAN connectivity, the primary link is give the priority as it has 100 Mbps and we wish to failover to secondary (30 Mbps) only when primary is down. Attached the diagram for reference.

Previous to the BGP link we had a static connectivity to single ISP(ISP1) and this used to be the default routing path. Now for redundancy purpose we have changed the default path to go via the bgp network.

After changing the default route to BGP we have noticed that the download speed dropped down to 20 kb/s, also the outside interface usage not crossing 3 Mb/s. Later for testing purpose we have shutdown the secondary ISP interface (int g0/2) and suddenly the outside interface bandwidth gone up to 50 % of its capacity and also the download speed increased to the normal values.

We are continuiing with the secondary interface shutdown and planning to manually bring this interface if primary goes down. Any idea why the bandwidth is dropping when both ISP interfaces are active. Below are the BGP configurations in the WAN router, please help me to fix this issue because i am clueless about the problem.

!

interface Loopback0

ip address 2.2.2.2 255.255.255.255

!

interface GigabitEthernet0/1

description ISP-1 OUTSIDE

ip address 141.41.176.26 255.255.255.252

load-interval 30

duplex full

speed 100

!

interface GigabitEthernet0/2

description ISP-2 OUTSIDE

ip address 180.51.19.10 255.255.255.252

load-interval 30

shutdown

duplex full

speed 1000

!

interface GigabitEthernet0/1/0

description Static INT to FIREWALL

switchport access vlan 141

no ip address

duplex full

speed 100

!

interface GigabitEthernet0/1/1

description BGP INT to FIREWALL

switchport access vlan 102

no ip address

duplex full

speed 100

!

interface GigabitEthernet0/1/2

description DNS

switchport access vlan 102

no ip address

!

interface Vlan102

description ###BGP WAN Pool - VLAN ###

ip address 102.15.150.1 255.255.255.224

!

interface Vlan141

description ISP-1 WAN Pool VLAN

ip address 141.41.176.125 255.255.255.224

!

router bgp 123456

bgp log-neighbor-changes

network 102.15.150.0 mask 255.255.255.0

neighbor 180.51.19.10 remote-as 12121

neighbor 180.51.19.10 description isp2

neighbor 180.51.19.10 soft-reconfiguration inbound

neighbor 180.51.19.10 route-map isp2 out

neighbor 141.41.176.26 remote-as 45450

neighbor 141.41.176.26 description isp1

neighbor 141.41.176.26 soft-reconfiguration inbound

neighbor 141.41.176.26 route-map isp1 out

maximum-paths 2

!

ip route 102.15.150.0 255.255.255.0 Null0 220

!

ip prefix-list isp1 seq 5 permit 102.15.150.0/24

!

ip prefix-list isp2 seq 5 permit 102.15.150.0/24

access-list 10 permit 102.15.150.0 0.0.0.255

!

route-map isp1 permit 10

match ip address prefix-list isp1

!

route-map isp2 permit 20

match ip address 10

set as-path prepend 123456 123456

!

eahmed007 · ‎06-27-2015

Hi,

I have configured EBGP between to Internet service provider and configured HSRP with IBGP for High-Availability for Local traffic. In this Network Topology, I have two Firewalls behind Two Routers where I configured EBPG Multi-homing.

ISP01 ISP02

EBGP EBGP

Router01 IBGP Router02

HSRP

Firewall01 Firewall02

I have one global network block 105.X.X.X/23. My intention is to use both ISP active for 105.X.X.X/24 and 105.X.Y.X/24 while configuring EBGP Multi-homing with HSRP protocol. That means 105.X.X.X/24 will use one ISP for incoming and outgoing traffic and 105.X.Y.X/24 will use other ISP and fail-over happens in case of one ISP goes down.

Can you tell me how I can configure to achieve this Active/Active High-Availability configuring BGP with HSRP protocol and keeping Firewall behind for LAN Network.

I am looking forward to your assistance.

With Regards

Erfan