Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4998
Views
0
Helpful
3
Replies

BGP Over GRE question

JEFF SPRADLING
Level 1
Level 1

‎03-10-2011 08:31 AM - edited ‎03-04-2019 11:42 AM

Hello all,

Our company wants to put some failover in place for Internet access between two sites.  We have the same ISP at each site.  The ISP says they can advertise either site over either Internet connection so failover can occur.  We're thinking about implementing BGP on our border routers utilizing GRE to communicate through our internal network, so if and when failover occurs we'll have routes to/from the internet.

I've never setup GRE or BGP, so I'm at a complete loss as to how to implement BGP over GRE.  I understand the concept of the GRE tunnel, but the two border routers do not have routes to one another via the internal network, so how do I facitate a tunnel?  If I use static routes, wouldn't that override the BGP routes I'm trying to update across the tunnel?  Any help is appreciated.  Just getting my head around this is proving difficult...

INet Redundancy.jpg

1 person had this problem
Labels:
0 Helpful
3 Replies 3

sujinair
Level 1
Level 1

‎03-10-2011 09:00 AM

Hi Jeff,

I would like to understand your setup better, do you already have BGP implemented in your setup? How are the border routers configured to access the internet, is it a simple static default route?

The easiest solution that i can think of here for your setup is to configure GRE across your border routers, for this you need to have reachability between your border routers via your internal network. Enable keepalives across your GRE tunnel so that you can detect any failure across your internal network. Next step would be to configure a floating static default route via the tunnel interface on your border router, so that if the ISP link fails the traffic for internet will pass through the Tunnel interface via the second ISP. For the primary default route you may configure IP SLA tracking. You may check the following example for more info on that.

Reliable Static Routing Backup Using Object Tracking

http://www.cisco.com/en/US/docs/ios/dial/configuration/guide/dia_rel_stc_rtg_bckup_ps10591_TSD_Products_Configuration_Guide_Chapter.html

Please let me know if your requirement is different and you want to set this up with BGP, we can have a IBGP setup between your border routers across the GRE and congure BGP weights to influence the outgoing traffic. Also is your internal network publicably routable or are you NATing on the border routers? If you are Nating in that case you will have to permit the other side LAN in the NAT access-lists.

Regards,

Sujit

0 Helpful

JEFF SPRADLING
Level 1
Level 1
In response to sujinair

‎03-10-2011 10:56 AM

Hi Sujit,

Thanks for the reply.  The routers have only default routes pointing to the Internet; no BGP or other routes are configured.

There seems to be a lot to this, so let's start on one techonology and go deeper as I begin to understand.

As far as the GRE Tunnel goes, would I simply setup the tunnel using the existing IP's and put a static route in to point the next hop back inside?

I'm assuming it would look something like this:

ATL Router:

Interface tunnel 0
tunnel source 65.1.1.1
tunnel destination 208.1.1.1

ip route 0.0.0.0 0.0.0.0 157.1.1.153            ! current default route

ip route 208.1.1.0 255.255.255.0 65.1.1.243           ! to point the tunnel to our inside network

If that's correct, my issue now is I don't understand how traffic coming from the ISP during a failure, bound for 208.1.1.x network, would be routed over the tunnel.

0 Helpful

Kishore Chennupati
Level 7
Level 7
In response to JEFF SPRADLING

‎03-14-2011 03:57 PM

Hi Jeff,

May I suggest something here?

I reckon the easist way would be to use iBGP between the two border routers over the GRE Tunnel. Now, you choose one site to be the primary and increase the local pref on that for the default route to say 200. This will install the default route in the routing tables for both the border routers. Lets say the router on the left in your diagram is your primry. So default traffic from both sites will take that route and in case of failover traffi from both the sites will take the one on your rightside border router. The iBGP wil run on the Tunnel interfaces.

For the Tunnel reachability, you can just static routes as you have put in your prev post. As long as your iBGP is up.

I am attaching the config for the Tunnel and BGP pver GRE for you between two routers. Just labbed and used my IP's if its ok.

HTH,

Regards

Kishore

Please rate if helpful

83301-R2.txt.zip
0 Helpful
Customers Also Viewed These Support Documents