Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7158
Views
9
Helpful
5
Replies

BGP Primary, Secondary and Tertiary Route Fail over

spreston2007
Level 1
Level 1

‎12-03-2013 12:14 PM - edited ‎03-04-2019 09:45 PM

Hey Guys,

I’m new to bgp SO I have a couple of question on a fail over scenario. I will include a link on the bottom of the topology of the network.  First of I got rid of the stacked switch and I made an iBGP connection between the two and isp 1 and isp 2 and have the asa in active/standy mode as I want isp1 to be primary and isp2 to be secondary. I have that part figured out. My question is how do I get the traffic to route to the Tertiary location if we have an outage on both isp network communication? Keep in mind this is a 24/7 operation. Just some ideas to get me rolling I’m lost where to start with this.  If you need me to be more elaborate I can do so! Let me know!

Thanks in advance!

1 person had this problem
Labels:
Preview file
100 KB
0 Helpful
5 Replies 5

John Blakley
VIP Alumni
VIP Alumni

‎12-03-2013 04:33 PM

Sean,

For outbound traffic towards the ISP, you can set your weight or local pref to prefer routes. For example, on Routers 1, 2, and 3, you could set local pref to 130, 120, and 110. The higher local pref is preferred, and it's carried throughout your routing domain for all of the other routers to know about (ibgp only).

You'd create a route map on all 3 routers and then apply that to your neighbor inbound:

ip prefix-list PreferRouter1ISP permit 0.0.0.0/0 le 32

route-map PreferRouter1ISP permit 10

match ip address prefix PreferRouter1ISP

set local-pref 130

route-map PreferRouter1ISP permit 20

router bgp 100

neighbor route-map PreferRouter1ISP in

This would set all routes that are received from the ISP to local pref of 130. Any routes learned from your ibgp neighbors will not be preferred.

You would configure this on all of your other routers, but for their respective neighbors.

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

spreston2007
Level 1
Level 1
In response to John Blakley

‎12-04-2013 06:42 AM

John,

This is great! thanks for the help on this. I will put this to work on the test env. And do some testing!

Again thanks!

sean

0 Helpful

prafull1413
Level 1
Level 1
In response to John Blakley

‎10-17-2019 01:05 AM

Hi All,

 

I have cisco 3845 Router on that two ISP link is terminated (one is TATA having 100 Mbps and second is Airtel having 10 Mbps) we want to use TATA as primary and Airtel as a backup means if TATA fail, Airtel should work and there is BGP configuration is done.

The problem is that when i test the bandwidth by speedtest i am getting uploading speed above 80 Mbps and downloading only 10 Mbps and i observed that is asymmetric routing. Pls help to me resolve this problem.below is the BGP configuration.

!

interface GigabitEthernet0/0
description Airtel_ISP_Link
ip address 182.75.54.202 255.255.255.252
ip accounting output-packets
ip flow ingress
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/1
description "TATA link"
ip address 49.248.77.138 255.255.255.252
ip flow ingress
ip flow egress
ip virtual-reassembly in
duplex auto
speed auto
media-type rj45

!

BGP config :-

 

Router#router bgp 145545
bgp log-neighbor-changes
network 103.67.27.0 mask 255.255.255.0
neighbor 49.248.77.137 remote-as 17362
neighbor 49.248.77.137 weight 600
neighbor 49.248.77.137 prefix-list default-route in
neighbor 182.75.54.201 remote-as 9438
neighbor 182.75.54.201 weight 500
neighbor 182.75.54.201 prefix-list default-route in
neighbor 182.75.54.201 route-map AIRTEL_FILTER out

!

ip prefix-list default-route seq 10 permit 0.0.0.0/0

!

route-map AIRTEL_FILTER permit 10
match ip address 10
set as-path prepend 135595 135595 135595
!

Router#sh ip bgp nei 182.75.54.201 advertised-routes
BGP table version is 56, local router ID is 182.75.54.202
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, x best-external, f RT-Filter
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 103.67.27.0/24 0.0.0.0 0 32768 i

!

 

0 Helpful

Mir Navazish Ali
Level 1
Level 1

‎12-03-2013 09:20 PM

Hi Sean,

in this scenario, you have to also consider the failover for traffic which is incoming from your ISP (i.e Internet) as well. Below is the scenario. I have named the Blue Box as InternalNW1 & Green Box as InternalNW2

In an event of the Firewalls or the link between the Firewalls & GW routers going down together in the InternalNW1, however the GW routers are still up and announcing your local supernets to the internet ( this is when you statically announce supernets with supernet static routes pointing to null 0 added).

++ In the above scenario, all your traffic will come into the InternalNW1 GW routers and get blackholed. However if you are using dynamic accouncement from these GW then obviously in this scenario the announcements will be withdrawn from the internet and only the GW from InternalNW2 will annouce the supernets to the Internet.You have to ensure that you annouce the Supernets of InternalNW1 are announces from GWs of InternalNW2 with a higher metric(like AS prepend etc) and vice versa.

In addition to this for the outgoing traffic flow, is it that you want all the traffic to exit from a single ISP? Like the egress traffic from Internal NW2 to reach internet will be traversing through the shared 100Mvps Microware connection link to the Internal NW1 and then would ride over Internal NW1 and go to the internet?

++ In the above scenario if you would want the traffic to exit the local GWs to the internet then you need to have the same local preference configured on the GW routers of both the InternalNW1 and InternalNW2. So that traffic local to the internal NW will take their local gateway to the internet and in an event of failure InternalNW1&2 will back each other. However, please ensure your accouncements to the internet are in a way so that the traffic to InternalNW1&2 come into the network via their respective GWs, This would avoid assymetrical routing and unnecessary load on the share 100Mbps Microwave connection between InternalNW1&2. In this manner you can efficiently utilize the shared 100Mbps link between the InternalNW1&2 and only the traffic between the InternalNW1 &2 will be utilizing this link.

There are other ways as well you can achieve your requirement based on your design considerations,impact and link capacities across the InternalNW1 & 2 and expected link utilization scenarios.

I hope this helps.

Thanks

Mir

spreston2007
Level 1
Level 1
In response to Mir Navazish Ali

‎12-04-2013 06:41 AM

Mir,

The first scenario Is more of what we use. and i assumed that when i annouce these routes the InternalNW2 would have to be At a higher metric or Local Pref. And thanks for the help! And Ill look in to dynamic accouncements see what i can come up with.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card