cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5288
Views
3
Helpful
24
Replies

BGP on dual gateway routers

Amos Kafwembe
Level 1
Level 1

hello all,

I have a problem. I have two gateway routers going to the internet. both routers have the exact BGP table and are peering to two different AS's from two different providers. I have set up HSRP between the two routers as well for redanduncy. the problem: i have shut down the secondary outgoing link due to the fact that when it is enabled, my network becomes very very slow! that is, when both routers are peering and my network is going out through my primary. but when i disable the outgoing interface on the secondary router everything stabilises. how can this be as i have HSRP right? meaning traffic should not go out the STANDBY interface anyway!

please help!!!

regards.

24 Replies 24

Subeh Sharma
Level 1
Level 1

Amos,

Might be a good idea to see the direction of incoming traffic. When you have both the BGP routers in Active/Standby mode, is the return traffic coming from the primary side or backup? It is possible that the return traffic is taking the standby router to come back due to a better path available through that. Try increasing the MED property on the standby router or use a policy-map to append router's AS multiple times so that the peering ISP router doesn't use this path when the primary is available.

Regards,

Subeh

There are several things that the original poster has not told us that might help us understand the problem better and therefore be able to give better suggestions.

- it is not clear whether the HSRP is running on the inside interface or the outside interface.

- the original poster was clear about having two routers and two ISPs and running BGP to each ISP. It is not clear whether the routers are running BGP with each other (IBGP sessions) to sync their routing tables.

- it is not clear whether the original poster is attempting to use the two ISPs as primary/backup or is trying to load share with both ISPs carrying some of the traffic

I wonder if the problem is creating assymetric routing where traffic arrives on one router and is routed out the other router.

HTH

Rick

HTH

Rick

router bgp 8000

bgp router-id xx.xx.146.2

bgp log-neighbor-changes

network xx.xx.192.0 mask 255.255.252.0

network xx.xx.196.0 mask 255.255.252.0

network xx.xx.200.0 mask 255.255.252.0

network xx.xx.204.0 mask 255.255.252.0

network xx.xx.208.0 mask 255.255.252.0

network xx.xx.212.0

network xx.xx.214.0 mask 255.255.254.0

network xx.xx.216.0 mask 255.255.252.0

network xx.xx.220.0 mask 255.255.254.0

network xx.xx.222.0

neighbor xx.xx.146.1 remote-as 95402

neighbor xx.xx.146.1 description TELECOM

neighbor xx.xx.146.1 version 4

neighbor xx.xx.146.1 send-community both

neighbor xx.xx.146.1 route-map TELECOM_IN in

neighbor xx.xx.146.1 route-map TELECOM_OUT out

neighbor xx.xx.146.1 maximum-prefix 450000

interface GigabitEthernet0/2

ip address xx.xx.212.3 255.255.255.248

standby version 2

standby 1 xx.xx.212.1

standby 1 priority 110

standby 1 preempt

standby 1 track 1 decrement 65

duplex full

speed auto

media-type rj45

router bgp 8000

no synchronization

bgp router-id xx.xx.145.38

bgp log-neighbor-changes

network xx.xx.192.0 mask 255.255.252.0

network xx.xx.196.0 mask 255.255.252.0

network xx.xx.200.0 mask 255.255.252.0

network xx.xx.204.0 mask 255.255.252.0

network xx.xx.208.0 mask 255.255.252.0

network xx.xx.212.0

network xx.xx.214.0 mask 255.255.254.0

network xx.xx.216.0 mask 255.255.252.0

network xx.xx.220.0 mask 255.255.254.0

network xx.xx.222.0

neighbor xx.xx.145.37 remote-as 44830

neighbor xx.xx.145.37 description TELECOM

neighbor xx.xx.145.37 send-community both

neighbor xx.xx.145.37 soft-reconfiguration inbound

neighbor xx.xx.145.37 route-map TELECOM_IN in

neighbor xx.xx.145.37 route-map TELECOM_OUT out

neighbor xx.xx.145.37 maximum-prefix 450000

no auto-summary

interface GigabitEthernet0/1

ip address xx.xx.212.4 255.255.255.248

duplex auto

speed auto

media-type rj45

standby version 2

standby 1 ip xx.xx.212.1

standby 1 preempt

Hello Rick,

i am running HSRP on the inside network.

I do not have synchronization between the routers.

I am trying to use one as backup and one as primary. but if possible i can load balance....just dunno howto!

Anybody feel free to correct me, but I recommend the following and work from there;

 

If you want Active/Standby between the two ISP's I suggest IBGP between your internal interfaces to propagate the table between the two and honour metrics between both. Advertise a higher local pref for the routes from the primary ISP than the secondary so the routers aren’t pre-empting each other.

access-list 1 permit ip any any

route-map TELECOM_IN permit 10

match ip address 1

set local-pref 200

router bgp 8000

neighbor xx.xx.145.38 remote-as 8000

neighbor xx.xx.146.1 route-map TELECOM_IN

For fast BGP peer down detection;

Add a track object that we'll use for a host route;

track 10 interface Fax/xx ip routing

carrier-delay

Create a static host route in your router for the next hop i.e.

ip route xx.xx.146.1 255.255.255.255 fax/xx xx.xx.146.1 track 10

Match the host route with a pre-fix list embedded in a route map;

ip prefix-list BGP_OK seq 5 permit xx.xx.146.1/32

route-map BGP_OK permit 10

match ip address prefix-list BGP_OK

Add the route-map as a fall-over command on the peer

router bgp 8000

neighbor xx.xx.146.1 fall-over route-map BGP_OK

Have HSRP with a higher priority on the primary router (as you already have). Within HSRP, track the external interface to the primary ISP.

Does this help or have I over complicated things?

Simon

You probably don't even need IBGP to be honest.

Your HSRP should be tracking the external interface of the primary ISP connection.  You say that if you have your secondary link active you have internal performance issues, can you confirm that all devices internally are using the VIP address as their DGW ?  Could some be using the secondary's physical IP ?

You could simplify it by having IP SLA pinging an external host on the internet rather than detecting the link status of the R1-ISP1.  Have this tied into the HSRP by tracking the track object. and it should give you instant failover.  The issue of slow convergence on the internet is taken out of your hands then though as BGP re-convergence to reach your internal networks will take time. 

Be careful doing anything I suggested though along with "testing" it, you could you find yourself route dampened by your ISP.

Simon

hello Simon, thanks for taking the time to respond.

my router does not accept IP SLA TRACKING. I had tried to do this initially but hit a brick wall with it, so everytime i lose internet connectivity I have to unplug or shutdown the interface going out on the primary link!

FIBER_rtr_gateway(config)#ip sla ?

  key-chain  Use MD5 Authentication for IP SLAs Control Messages

  responder  Enable IP SLAs Responder

  server     IPPM server configuration

No worries, just use object tracking then for the line-protocol;

Step 1

configure terminal

Example:

switch# configure terminal

switch(config)#

Enters configuration mode.

Step 2

track object-id interface interface-type number {{ip | ipv6} routing | line-protocol}

Example:

switch(config)# track 1 interface ethernet 1/2 line-protocol

switch(config-track)#

Creates a tracked object for an interface and enters tracking configuration mode. The object-id range is from 1 to 500.

Step 3

show track [object-id]

Example:

switch(config-track)# show track 1

(Optional) Displays object tracking information.

Simon

Hello Simon,

I think you are pointing me in the right direction with this post. i have noticed and tried that I can track IP ROUTING. what does this mean and how can i use it in my situation? what do I track? where do I apply it?

Simon starts with a recommendation that I agree with about using IBGP. But then he backs away from it. I still believe that IBGP is important. For one thing, if there is no IBGP then the suggestion about higher local preference could not work since neither of the customer routers would have any idea that there was another router, much less what local preference the router was advertising.

What the current configuration creates is an environment where each of the customer routers believes that it is the only router connecting to the Internet for the customer. With the current configuration some traffic from the Internet will come to the first router and some will come to the second router and there is no way to tell which is which when sending a response. So it is likely that some traffic will arrive on one router and be sent back via the other router.

Configuring IBGP could help with this issue. It would allow the routers to compare the content of their routing tables and direct traffic to the preferred route (creating a primary and a backup router).

I wonder about the impact of HSRP here. If we were connected from these routers directly to the subnets where users are the impact would be clear - traffic would go to the active router. But with a subnet mask of 255.255.255.248 on the interface I get the impression that these routers are connected to other routers (or layer 3 switches) which are connected to users. And in that case the impact of HSRP is a bit more difficult to detect. Do those routers have static routes for Internet access or do they run a routing protocol with the routers? If running a routing protocol then HSRP has essentially no effect on how traffic is forwarded.

I see that the existing config has route maps applied to both neighbors and that there is an in route map and an out route map. But we do not know what the route maps are doing, and whether there is a local preference being set or not.

HTH

Rick

HTH

Rick

Completely agree, I didn't forsee adding local-pref if not having iBGP (agreed it would have no functionality).

As for an internal Layer 3 device, then I agree (otherwise he hasn;t got a lot of clients:) and my question was are they all pointing to the HSRP address.

Thinking about your 'split-brain' situation for forwarding and returning traffic, agreed it could cause performance issues. 

I standby my original comment of iBGP, thanks for the relevant advice though.

Simon

        kindly take a look at the attached network diagram for a clearer understanding.

paulstone80
Level 3
Level 3

Hi,

How many routes are you learning from the ISPs?

Could be the routing tables are too big for the spec of router you're using?


Sent from Cisco Technical Support Android App

HTH Paul ****Please rate useful posts****

Paul, I kind of agree, but the fact they have a route-map inbound from the ISP suggests to me they are only accepting default-routes or other selected routes using access-lists or AS access-lists.

But we don't know what is in this route-map.

Simon