cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
20303
Views
9
Helpful
6
Replies

BGP Multihoming with dual enterprise routers (Diagram attached)

Joshua Engels
Level 1
Level 1

Hi everyone,

Here is my scenario.  I am setting up BGP multihoming between two ISP's using the following equipment but have some questions.

Diagram Attached (IP addresses are made up for the scenario)

  • Two 20 meg internet connections from two different ISP's.  (Cox Communications and CenturyLink)
  • Two Enterprise Cisco 2911 Routers; Router 1 connecting to ISP 1 and Router 2 connecintg to ISP 2. 
  • A layer 2 Cisco 2960 Switch
  • Behind that will be my Cisco ASA 5540 Firewall and a Cisco 2811 ISR used for 50 remote DMVPN Sites and SSL VPN.
  • Behind the firewall will be my web servers etc.  (using NAT and NAT overload for user web traffic)

I would like to somehow choose the best path between the two connections or "load balance" if possible.  Here are my questions:

1. In the past, when I had only one ISP, so I just used a "default route" which was easy.  On my ASA and 2811 ISR I would just type in the default route command and that was that.  Now that I have two ISP's and two 2911 routers, I am not sure what to do. Being I want the traffic to utilize the best path, how do I do this?

2. I have read that I can request the ISP send me a default route, a full BGP table, or a partial BGP table.  I have no idea which to ask for.

P.S. (If I need to run an IGP, I would prefer EIGRP as I am more familiar with it than OSPF)

Thanks Everyone!

1 Accepted Solution

Accepted Solutions

Mani Ganesan
Level 4
Level 4

Hi Joshua,

1. I can think of two options.

a. You can run HSRP / GLBP on the edge routers and track the WAN / BGP route for failover. Default routes on all the internal devices can point to the virtual ip address of the group.

b. You can run IGP and inject a default route from both the edge routers, based on the availability of the BGP default route locally. So every device will have two equal cost default routes pointing to the edge routers.

2. It depends on memory and CPU capacity of the routers.

Unless there are some strict restrictions on traffic engineering/ load balancing, or have  a need for serious separation ,  multihoming to  different ISPs would just work fine with partial routing.  You'll get the  "customer routes" for that particular  ISP and a default.

Most routing would likely be the default route and would balance out. Full internal routing table with 350K routes could be troublesome sometimes.

HTH,

Mani

View solution in original post

6 Replies 6

Mani Ganesan
Level 4
Level 4

Hi Joshua,

1. I can think of two options.

a. You can run HSRP / GLBP on the edge routers and track the WAN / BGP route for failover. Default routes on all the internal devices can point to the virtual ip address of the group.

b. You can run IGP and inject a default route from both the edge routers, based on the availability of the BGP default route locally. So every device will have two equal cost default routes pointing to the edge routers.

2. It depends on memory and CPU capacity of the routers.

Unless there are some strict restrictions on traffic engineering/ load balancing, or have  a need for serious separation ,  multihoming to  different ISPs would just work fine with partial routing.  You'll get the  "customer routes" for that particular  ISP and a default.

Most routing would likely be the default route and would balance out. Full internal routing table with 350K routes could be troublesome sometimes.

HTH,

Mani

Went with GLBP for load balancing and default route to the Virtual IP.  Also just went default route from ISP's due to hardware constraints but i think this will be fine.

Hi Joshua,

I would like to somehow choose the best path between the two connections or "load balance" if possible.  Here are my questions:

1. In the past, when I had only one ISP, so I just used a "default route" which was easy.  On my ASA and 2811 ISR I would just type in the default route command and that was that.  Now that I have two ISP's and two 2911 routers, I am not sure what to do. Being I want the traffic to utilize the best path, how do I do this?

A. You can either choose a Primary/Secondary setup or a Active/Active(Load balance) the links for BGP. For the primay/secondary setup. you can just increase the local-pref of the prefixes coming from the ISP on Router1 (For eg) and the local-pref would be propagated to the other Router 2 n the same AS and it would prefer Router1 as well as best path and all the traffic will go via Router1

In case of  Active/Active (load balancing) as Mani has suggested , you can redis the default route into IGP( you are comfy with EIGRP so you can use that). and the other IGP speakers will get this with 2 equal paths and load balance between the links

2. I have read that I can request the ISP send me a default route, a full BGP table, or a partial BGP table.  I have no idea which to ask for.

    You are using low end routers which might not have enough CPU and memory to hold the size of internet routes and they will crash.

Hence, it might be recommended to use a default route. Most small to medium enterprise business use default route as its easy on the router( no looks ups etc)  and also doesnt make things complex. You can have parital tables as well if you like ..but just the routes from your other branches or under the same customer.

HTH,

Regards

Kishore

Please rate if helpful

hi All

I know this has been discussed multiple times but still wanted to renew this discussion- I for one can definitely use your valuable suggestions and clarifications.

Scenario :-

Here is the resources I have - 2*2900 + 2*ASA5510 + 1*/24-IPV4 Scope + 1*AS-BGP_PUBLIC I need to set up a BGP multihome to my single /24 using 2*2900 {4GB RAM } only defaults in.



Suggestions Needed :-

Setting up iBGP + OSPF0 between 2*2900's is simple and pretty straight forward.Infact I was also thinking of setting up AS_PATH Prepend on one of the ISP's to prefer that ISP and then of course local_pref for a prefered way out of my AS. Running static Ebgp to the peer ISPs A and B for the same /24 . Thing to note here is that there is only one /24 and 1 link per a 2900 router to 1 ISP. {ISPA---1link--routerA & ISPb---1link---routerB }

The issue arises with the ASA's though would you suggest i run a different OSPF area on them like say OSPF1 or HSRP to connect them to the 2900. { Note :- All devices need to be behind the firewall stack and the firewalls are behind the 2900's }.Keeping in mind that at a later date i will like to add more Firewall stacks and running HSRP would just make everything too messy.So would you suggest running a separate ospf process on the ASA and then redistribute defaults to the backbone OSPF0 Routers or just running HSRP with defaults to the routers.please suggest .


thanks ,

Hi Varun,

Could you eloborate more on the issue that arises with the ASA's ?

Just to understand, what is the limitation with running the same OSPF process between the routers and the FW ?

Thanks,

Mani

Mani ,

The issue arises when there ASA5520s already sheild existing network. I mean they have a different DMZ's behind them and our goal is to build this new core and start moving the existing DMZ behind the new core - without major interuptions.

Also note the ASA's are deployed in active/Standby state and there are atleast 2 pairs.  Both pairs sheild different networks . Attached is a quick visio scribble to put things in prespective.

really appriciate all the help i can get on this . I will soon be posting my router configurations too. for both core1 and core2 after a cleanup .

Drawing19.jpg

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: