Solved: BGP Multihoming, load sharing / failover

german.persello · ‎01-10-2017

Hello everyone,

I've a question regarding BGP. I've a customer with a Cisco ISR 4321 configured as BGP peer to one ISP. Our customer's AS is advertising its own set of provider-independent addresses.

We now have to add another ISP to provide redundancy. I've found this article: Load Sharing with BGP in Single and Multihomed Environments: Sample Configurations - Cisco

where it states how to establish load sharing to two ISPs through a single router (Load Sharing When Multihomed to Two ISPs Through a Single Local Router).

I understand that it basically 'divides' the load using access-lists and route-maps. So far so good. Now, what happens if one bgp peer fails with this configuration? Will I 'lose' all the traffic what was previously going through that ISP?

Is it possible to have a load sharing + failover configuration? If this is not possible, how can I configure a failover? I've found this article regarding BGP Conditional Advertisement: BGP Conditional Advertisement Is this the way to do this?

I'm aware that a single local router is a single point of failure, our customer is planning on buying a second router but it's going to take a while and we have to get this working with a single router for some time.

Any help would be appreciated, thanks!

Germán.

paul driver · ‎01-10-2017

Hello
Yes it is, and because you have only one rtr at present peering with two isps, it would be fairly straight forward to accomplish this and should be able ultilize both ISP peerings at the same time:

Outgoing traffic -
On either peers towards your ISP;s you advertise all your internal networks ONLY -via network command and also apply as-path filter lists,This would be negate your rtr being a transit path for either ISP.
For route preference you can utilize this with route-maps which on call acls matching certain prefixes with the weight path attribute ( this depends on if you are receiving full/partial prefixes from either isp) otherwise if you are going to receive just defaults from either of them, then it would just be a case of giving the higher weight preference to the preferred ISP via the neighbor xxx weight xxx command.

Incoming traffic -
For this can utilize the as-prepend path attribute again with route-maps calling on acls which will be advertised to each ISP prefixes with a longer as-path sequence thus to them its a less preferred option than the same prefixes with a shorter as-path.

Basic example:
ISP1 = ASN 321
ISP2 =ASN 421
Local = ASN 123

ISP 1/2 are advertising 100.100.100.0/24 & 200.200.200.0/24
You are advertising 1.1.1.0/24 & 11.11.11.0/24

router bgp 123
network 1.1.1.0 mask 255.255.255.0
network 11.11.11.0 mask 255.255.255.0
neighbor <ISP1> remote-as 321
neighbor <ISP1> route-map Weight-ISP1 IN
neighbor <ISP1> filter-list 10 out
neighbor <ISP1> route-map ASPREPEND-ISP1 OUT
neighbor <ISP2> remote-as 421
neighbor <ISP2> route-map Weight-ISP2 IN
neighbor <ISP2> filter-list 10 out
neighbor <ISP2> route-map ASPREPEND-ISP2 OUT

ip as-path access-list 10 permit ^$
access-list 1 permit 1.1.1.0 0.0.0.255
access-list 1 permit 11.11.11.0 0.0.0.255
access-list 20 permit 100.100.100.0 0.0.0.255
access-list 30 permit 200.200.200.0 0.0.0.255

route-map Weight-ISP1 10
description Prefix-100
match ip address 20
set weight 500000

route-map Weight-ISP1 99

route-map Weight-ISP2 10
description Prefix-200
match ip address 20
set weight 500000

route-map Weight-ISP2 99

route-map ASPREPEND-ISP1 permit 10
Description Local Prefix-1
match ip address 1
set as-path prepend 123 123 123

route-map ASPREPEND-ISP1 permit 99

route-map ASPREPEND-ISP2 permit 10
Description Local Prefix-1
match ip address 2
set as-path prepend 123 123 123

route-map ASPREPEND-ISP2 permit 99

res
Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

Georg Pauwen · ‎01-10-2017

Hello,

check the link below, it has numerous sample configurations for different load-balancing and redundancy scenarios:

http://showipbgp.com/bgp-configurations/cisco.html

german.persello · ‎01-12-2017

Thanks, great link! My topology fits in one of those configs. I'll take a look, use them in some tests and let you know.

paul driver · ‎01-12-2017

Hello

one thing I forgot to mention and may have misled you - It not 100% certain you will ever get return traffic as you plan it due possible iSp restriction on as pre prending as they may overwrite such action so it best to discuss your intentions with them prior to any changes you wish to make

res

paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

paul driver · ‎01-10-2017

Hello
Yes it is, and because you have only one rtr at present peering with two isps, it would be fairly straight forward to accomplish this and should be able ultilize both ISP peerings at the same time:

Outgoing traffic -
On either peers towards your ISP;s you advertise all your internal networks ONLY -via network command and also apply as-path filter lists,This would be negate your rtr being a transit path for either ISP.
For route preference you can utilize this with route-maps which on call acls matching certain prefixes with the weight path attribute ( this depends on if you are receiving full/partial prefixes from either isp) otherwise if you are going to receive just defaults from either of them, then it would just be a case of giving the higher weight preference to the preferred ISP via the neighbor xxx weight xxx command.

Incoming traffic -
For this can utilize the as-prepend path attribute again with route-maps calling on acls which will be advertised to each ISP prefixes with a longer as-path sequence thus to them its a less preferred option than the same prefixes with a shorter as-path.

Basic example:
ISP1 = ASN 321
ISP2 =ASN 421
Local = ASN 123

ISP 1/2 are advertising 100.100.100.0/24 & 200.200.200.0/24
You are advertising 1.1.1.0/24 & 11.11.11.0/24

router bgp 123
network 1.1.1.0 mask 255.255.255.0
network 11.11.11.0 mask 255.255.255.0
neighbor <ISP1> remote-as 321
neighbor <ISP1> route-map Weight-ISP1 IN
neighbor <ISP1> filter-list 10 out
neighbor <ISP1> route-map ASPREPEND-ISP1 OUT
neighbor <ISP2> remote-as 421
neighbor <ISP2> route-map Weight-ISP2 IN
neighbor <ISP2> filter-list 10 out
neighbor <ISP2> route-map ASPREPEND-ISP2 OUT

ip as-path access-list 10 permit ^$
access-list 1 permit 1.1.1.0 0.0.0.255
access-list 1 permit 11.11.11.0 0.0.0.255
access-list 20 permit 100.100.100.0 0.0.0.255
access-list 30 permit 200.200.200.0 0.0.0.255

route-map Weight-ISP1 10
description Prefix-100
match ip address 20
set weight 500000

route-map Weight-ISP1 99

route-map Weight-ISP2 10
description Prefix-200
match ip address 20
set weight 500000

route-map Weight-ISP2 99

route-map ASPREPEND-ISP1 permit 10
Description Local Prefix-1
match ip address 1
set as-path prepend 123 123 123

route-map ASPREPEND-ISP1 permit 99

route-map ASPREPEND-ISP2 permit 10
Description Local Prefix-1
match ip address 2
set as-path prepend 123 123 123

route-map ASPREPEND-ISP2 permit 99

res
Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

german.persello · ‎01-12-2017

Paul, thanks for such detailed response. I need to make some simulations on packet tracer, will probably get back with some questions. Thanks again!