There are several things that the original poster has not told us that might help us understand the problem better and therefore be able to give better suggestions.

- it is not clear whether the HSRP is running on the inside interface or the outside interface.

- the original poster was clear about having two routers and two ISPs and running BGP to each ISP. It is not clear whether the routers are running BGP with each other (IBGP sessions) to sync their routing tables.

- it is not clear whether the original poster is attempting to use the two ISPs as primary/backup or is trying to load share with both ISPs carrying some of the traffic

I wonder if the problem is creating assymetric routing where traffic arrives on one router and is routed out the other router.

HTH

Rick

router bgp 8000

bgp router-id xx.xx.146.2

bgp log-neighbor-changes

network xx.xx.192.0 mask 255.255.252.0

network xx.xx.196.0 mask 255.255.252.0

network xx.xx.200.0 mask 255.255.252.0

network xx.xx.204.0 mask 255.255.252.0

network xx.xx.208.0 mask 255.255.252.0

network xx.xx.212.0

network xx.xx.214.0 mask 255.255.254.0

network xx.xx.216.0 mask 255.255.252.0

network xx.xx.220.0 mask 255.255.254.0

network xx.xx.222.0

neighbor xx.xx.146.1 remote-as 95402

neighbor xx.xx.146.1 description TELECOM

neighbor xx.xx.146.1 version 4

neighbor xx.xx.146.1 send-community both

neighbor xx.xx.146.1 route-map TELECOM_IN in

neighbor xx.xx.146.1 route-map TELECOM_OUT out

neighbor xx.xx.146.1 maximum-prefix 450000

interface GigabitEthernet0/2

ip address xx.xx.212.3 255.255.255.248

standby version 2

standby 1 xx.xx.212.1

standby 1 priority 110

standby 1 preempt

standby 1 track 1 decrement 65

duplex full

speed auto

media-type rj45

router bgp 8000

no synchronization

bgp router-id xx.xx.145.38

bgp log-neighbor-changes

network xx.xx.192.0 mask 255.255.252.0

network xx.xx.196.0 mask 255.255.252.0

network xx.xx.200.0 mask 255.255.252.0

network xx.xx.204.0 mask 255.255.252.0

network xx.xx.208.0 mask 255.255.252.0

network xx.xx.212.0

network xx.xx.214.0 mask 255.255.254.0

network xx.xx.216.0 mask 255.255.252.0

network xx.xx.220.0 mask 255.255.254.0

network xx.xx.222.0

neighbor xx.xx.145.37 remote-as 44830

neighbor xx.xx.145.37 description TELECOM

neighbor xx.xx.145.37 send-community both

neighbor xx.xx.145.37 soft-reconfiguration inbound

neighbor xx.xx.145.37 route-map TELECOM_IN in

neighbor xx.xx.145.37 route-map TELECOM_OUT out

neighbor xx.xx.145.37 maximum-prefix 450000

no auto-summary

interface GigabitEthernet0/1

ip address xx.xx.212.4 255.255.255.248

duplex auto

speed auto

media-type rj45

standby version 2

standby 1 ip xx.xx.212.1

standby 1 preempt

Hello Rick,

i am running HSRP on the inside network.

I do not have synchronization between the routers.

I am trying to use one as backup and one as primary. but if possible i can load balance....just dunno howto!

Anybody feel free to correct me, but I recommend the following and work from there;

If you want Active/Standby between the two ISP's I suggest IBGP between your internal interfaces to propagate the table between the two and honour metrics between both. Advertise a higher local pref for the routes from the primary ISP than the secondary so the routers aren’t pre-empting each other.

access-list 1 permit ip any any

route-map TELECOM_IN permit 10

match ip address 1

set local-pref 200

router bgp 8000

neighbor xx.xx.145.38 remote-as 8000

neighbor xx.xx.146.1 route-map TELECOM_IN

For fast BGP peer down detection;

Add a track object that we'll use for a host route;

track 10 interface Fax/xx ip routing

carrier-delay

Create a static host route in your router for the next hop i.e.

ip route xx.xx.146.1 255.255.255.255 fax/xx xx.xx.146.1 track 10

Match the host route with a pre-fix list embedded in a route map;

ip prefix-list BGP_OK seq 5 permit xx.xx.146.1/32

route-map BGP_OK permit 10

match ip address prefix-list BGP_OK

Add the route-map as a fall-over command on the peer

router bgp 8000

neighbor xx.xx.146.1 fall-over route-map BGP_OK

Have HSRP with a higher priority on the primary router (as you already have). Within HSRP, track the external interface to the primary ISP.

Does this help or have I over complicated things?

Simon

You probably don't even need IBGP to be honest.

Your HSRP should be tracking the external interface of the primary ISP connection.  You say that if you have your secondary link active you have internal performance issues, can you confirm that all devices internally are using the VIP address as their DGW ?  Could some be using the secondary's physical IP ?

You could simplify it by having IP SLA pinging an external host on the internet rather than detecting the link status of the R1-ISP1.  Have this tied into the HSRP by tracking the track object. and it should give you instant failover.  The issue of slow convergence on the internet is taken out of your hands then though as BGP re-convergence to reach your internal networks will take time. 

Be careful doing anything I suggested though along with "testing" it, you could you find yourself route dampened by your ISP.

Simon

hello Simon, thanks for taking the time to respond.

my router does not accept IP SLA TRACKING. I had tried to do this initially but hit a brick wall with it, so everytime i lose internet connectivity I have to unplug or shutdown the interface going out on the primary link!

FIBER_rtr_gateway(config)#ip sla ?

  key-chain  Use MD5 Authentication for IP SLAs Control Messages

  responder  Enable IP SLAs Responder

  server     IPPM server configuration

No worries, just use object tracking then for the line-protocol;

Simon

Hello Simon,

I think you are pointing me in the right direction with this post. i have noticed and tried that I can track IP ROUTING. what does this mean and how can i use it in my situation? what do I track? where do I apply it?

Simon starts with a recommendation that I agree with about using IBGP. But then he backs away from it. I still believe that IBGP is important. For one thing, if there is no IBGP then the suggestion about higher local preference could not work since neither of the customer routers would have any idea that there was another router, much less what local preference the router was advertising.

What the current configuration creates is an environment where each of the customer routers believes that it is the only router connecting to the Internet for the customer. With the current configuration some traffic from the Internet will come to the first router and some will come to the second router and there is no way to tell which is which when sending a response. So it is likely that some traffic will arrive on one router and be sent back via the other router.

Configuring IBGP could help with this issue. It would allow the routers to compare the content of their routing tables and direct traffic to the preferred route (creating a primary and a backup router).

I wonder about the impact of HSRP here. If we were connected from these routers directly to the subnets where users are the impact would be clear - traffic would go to the active router. But with a subnet mask of 255.255.255.248 on the interface I get the impression that these routers are connected to other routers (or layer 3 switches) which are connected to users. And in that case the impact of HSRP is a bit more difficult to detect. Do those routers have static routes for Internet access or do they run a routing protocol with the routers? If running a routing protocol then HSRP has essentially no effect on how traffic is forwarded.

I see that the existing config has route maps applied to both neighbors and that there is an in route map and an out route map. But we do not know what the route maps are doing, and whether there is a local preference being set or not.

HTH

Rick

Completely agree, I didn't forsee adding local-pref if not having iBGP (agreed it would have no functionality).

As for an internal Layer 3 device, then I agree (otherwise he hasn;t got a lot of clients:) and my question was are they all pointing to the HSRP address.

Thinking about your 'split-brain' situation for forwarding and returning traffic, agreed it could cause performance issues. 

I standby my original comment of iBGP, thanks for the relevant advice though.

Simon

        kindly take a look at the attached network diagram for a clearer understanding.

Paul, I kind of agree, but the fact they have a route-map inbound from the ISP suggests to me they are only accepting default-routes or other selected routes using access-lists or AS access-lists.

But we don't know what is in this route-map.

Simon