Hi Edison,

Thank you for the confirmation. Our apps are mainly- user browsing, get market data from external vendors FTP servers, email (external), Citrix login outside and remote & dedicated L2L VPN sessions. Iam not sure if these are sensitive to asymmetrical data flow. Incase that will be an issue, if I use the HSRP active router for both Inbound and outbound, the second link will still see some traffic is it correct?  I do not want to use dynamic protocol on Firewall (active/stdby pair) , as OSPF already existing for 'inside' interface and adding  firewall 'outside' interface to OSPF on extenal routers making them learn all internal networks.

Thank you again

MS

If you have an iBGP between the WAN routers, some traffic may exit the secondary router and some traffic may return via the secondary router without modifying local-pref/as-path. If the ISP connected to the secondary router has subnets with better BGP metrics, it will use this connection.

For instance, if you have AT&T on the active HSRP router - flows within the AT&T cloud will be preferred.

If you have Verizon on the standby HSRP router *and* iBGP between the WAN routers, the standby router will be use for flows within the Verizon cloud.

Regards,

Edison

Thank you again Edison. I will be running IBGP between the routers. Both my carriers are tier2 (Fibertech & Sidera NW). Even this way I understand some traffic will be redirected to standby router. Per your suggestion, I do not need to do anything for outbound traffic. But for inbound (advertising our /24) don't I need to add ASpath prepend on one of the route? We are receiving default routes from carriers at this time. Please suggest if both can be utilized better if I receive Full routing table.

Also, with default routes, when active router carrier having issues with upstream neighbors (sending us default but internet issues), can I use IPsla with EEM to failover to different router or is it highly unlikely situation. Both carriers are ethernet handoff.

Thank you in advance

MS

Thank you. I have 3845 with 512Meg memory.. hence looking to have default only. If I run into any issues, I will increae memory to 1Gig and will get full routes. I will check on the PfR doc. Thank you Edison.

Regards

MS

Hi Edison,

slight correction to the above post... The routers got 256Meg only. Also, the curret IOS I have does not support 'pfr' commands. So I need to look into 'OER' with IPSLA.  Can you please post a link with some good examples on this?

Another question is... With IBGP & HSRP inplace between edge routers, incase if the active router looses default route from the carrier but the router interface to ISP is still up, will the outbound traffic route via the secondary by itself? I do not have lab to test but I guess not. Please clarify. Also, if its not automatically forward options are 1. Manually shut the interface on active router   2. If I add static route on active say

  'ip route 0.0.0.0 0.0.0.0 250 ' will that work? or the standby passes the traffic via prmary rtr only?

Thank you in advance

MS

Hi Edison,

"The active router will have a backup default from the secondary router so the connection will flow via iBGP, then eBGP to the secondary ISP."

duh.. I should have known this, as this is the normal behaviour.. but thank you for confirming. Ref to OER.. I will use those example. That example work even when we receive default routes only from ISP. Is that correct?

Thank you

MS

Configure NetFlow and OER will keep track of the used flows, not just the default route.

Hi Edison,

Thanks alot. Based on your valuable suggestions, documentation & reading I done on OER, please find the attached configuration I created for OER considering the below policy. Iam stuck at MC IP to add to BRs. As Iam configuring MC/BR1 on same router...

Do I need to create a Loop back IP on the MC/BR1 to use in BR config? If so,does this IP need to be reached by both BR1 & BR2? Will that effect the bgp router-id / BGP peering in any terms? Currently Gig0/1 ip being elected by router as BGP router IP.

Considerations for the attached config:

-> Receiving default routes from both carriers

-> cef & netflow enabled.

-> 50% relative delay choosen incase the primary ISP got any upstream delays

-> 5Min traffic flow monitor @ 60Min interval

-> Policy decisions every 10Mins

-> passive monitoring

--> delay given 1st priority then range and utilization

Thank you

MS

Hi Edison,

Update.. I found an additional 3845 at our data center and is not being used. So I will use it as MC. I will Gig 0/1 with an ip 3.3.3.4 (same broadcast domain as ISP cnnected router's LAN interfaces) and then I should all be set.

Thank you for all you valuable suggestions and time.

Thanks

MS

Edit: More reading - more information:). I was going thru the 'faq' doc and it appears that I do not need Loopback i/f or seperate rtr. Based on configuration shown in figure4: The same ethernet interface (LAN side) for one BR can also be used as MC ip address.

http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6554/ps6599/ps8787/prod_qas0900aecd806c4f03.html

Thanks

MS