Solved: DisclaimerThe Author of this

Terence Payet · ‎01-08-2015

Hi Experts,

I am still a newbie when it comes to BGP.

Please find attached simple topology (sorry about the watermarks).

We have three providers and we are doing bgp peering with them.

We have configure multihoming and we are using route-maps to balance the traffic between the providers.

The thing is when one link goes down, we have to manually change the access-lists to move subnets around so not to avoid link congestions.

My question is, is there a simple way to manage the links automatically without the need to change access-lists, some sort of automated process.

Like adding some sort of ipsla to the config or even use EEM scripts.

Your help is greatly appreciated.

Thanks and Regards,

Steve

Amit Goyal · ‎01-09-2015

Steve,

route-map LINKS permit 10

match ip address P1

set ip default next-hop 192.168.1.1 (Next hop to P1)<<<PBR for outgoing traffic

route map LINKS permit 20

match ip address P2

set ip default next-hop 10.10.10.1 (Next hop to P2)<<<PBR for outgoing traffic

route map LINKS permit 30

match ip address P3

set ip default next-hop 172.16.32.1 (Next hop to P3)<<<PBR for outgoing traffic

I believe you want to move traffic sourced from P1 to 10.10.10.1 in case of failure of ISP 192.168.1.1. Similarly you want to do it for traffic sourced from P2 and P3.

Correct me if i am wrong?

You could use below configuration:

route-map PBR permit 10
match ip address P1
set ip next-hop verify-availability 192.168.1.1 1 track 1
set ip next-hop verify-availability 10.10.10.1 2 track 2
set ip next-hop verify-availability 172.16.32.1 3 track 3
route-map PBR permit 20
match ip address 20
set ip next-hop verify-availability 10.10.10.1 1 track 2
set ip next-hop verify-availability 192.168.1.1 2 track 1
set ip next-hop verify-availability 172.16.32.1 3 track 3
route-map PBR permit 30
match ip address P3
set ip next-hop verify-availability 172.16.32.1 1 track 3
set ip next-hop verify-availability 10.10.10.1 2 track 2
set ip next-hop verify-availability 192.168.1.1 3 track 1

ip sla 1
icmp-echo 192.168.1.1
ip sla schedule 1 life forever start-time now
ip sla 2
icmp-echo 10.10.10.1
ip sla schedule 2 life forever start-time now
ip sla 3
icmp-echo 172.16.32.1
ip sla schedule 3 life forever start-time now

track 1 ip sla 1
track 2 ip sla 2
track 3 ip sla 3

HTH

-Amit

View solution in original post

Bilal Nawaz · ‎01-09-2015

Hi Steve,

When you say you are balancing the traffic between providers, is this inbound to your network or outbound from your network?

What are the access-lists that you are talking about used for? what do they contain and where are they used (in route-maps) ?

Please rate useful posts & remember to mark any solved questions as answered. Thank you.

Terence Payet · ‎01-09-2015

Hi Bilal,

Many thanks for your reply.

Ok think of it in an ISP point of view. We have three providers with multiple prefixes in which we are learning from them. See below prefix examples:

Provider 1 Prefixes: 1.1.1.0/24, 50.50.50.0/24,
Provider 2 Prefixes: 3.3.3.0/24, 70.70.70.0/24
Provider 3 Prefixes: 6.6.6.0/24, 8.8.8.0/24

So we have configured access-lists as per below:

ip access-list standard P1

permit 1.1.1.0 0.0.0.255

permit 50.50.50.0 0.0.0.255

ip access-list standard P2

permit 3.3.3.0 0.0.0.255

permit 70.70.70.0 0.0.0.255

ip access-list standard P3

permit 6.6.6.0 0.0.0.255

permit 8.8.8.0 0.0.0.255

route-map LINKS permit 10

match ip address P1

set ip default next-hop 192.168.1.1 (Next hop to P1)

route map LINKS permit 20

match ip address P2

set ip default next-hop 10.10.10.1 (Next hop to P2)

route map LINKS permit 30

match ip address P3

set ip default next-hop 172.16.32.1 (Next hop to P3)

router bgp 65000

neighbor 192.168.1.1 remote-as 65001

neighbor 10.10.10.1 remote-as 65002

neighbor 172.16.32.1 remote-as 65003

address-family ipv4

network 1.1.1.0 mask 255.255.255.0

network 3.3.3.0 mask 255.255.255.0

network 6.6.6.0 mask 255.255.255.0

network 8.8.8.0 mask 255.255.255.0

network 50.50.50.0 mask 255.255.255.0

network 70.70.70.0 mask 255.255.255.0

neighbor 192.168.1.1 activate

neighbor 192.168.1.1 soft-reconfiguration inbound

neighbor 192.168.1.1 prefix-list rcv-default-only in

neighbor 192.168.1.1 adv-to-P1 out

neighbor 10.10.10.1 activate

neighbor 10.10.10.1 soft-reconfiguration inbound

neighbor 10.10.10.1 prefix-list rcv-default-only in

neighbor 10.10.10.1 adv-to-P2 out

neighbor 172.16.32.1 activate

neighbor 172.16.32.1 soft-reconfiguration inbound

neighbor 172.16.32.1 prefix-list rcv-default-only in

neighbor 172.16.32.1 adv-to-P1 out

I havent put all the configs, but basically this is our topology.

In event of a link failure we want to move access-list P1 to P2 automatically and revert back when the link returns back to normal.

Hope this clears things a bit.

Regards,

Steve

Amit Goyal · ‎01-09-2015

Steve,

route-map LINKS permit 10

match ip address P1

set ip default next-hop 192.168.1.1 (Next hop to P1)<<<PBR for outgoing traffic

route map LINKS permit 20

match ip address P2

set ip default next-hop 10.10.10.1 (Next hop to P2)<<<PBR for outgoing traffic

route map LINKS permit 30

match ip address P3

set ip default next-hop 172.16.32.1 (Next hop to P3)<<<PBR for outgoing traffic

I believe you want to move traffic sourced from P1 to 10.10.10.1 in case of failure of ISP 192.168.1.1. Similarly you want to do it for traffic sourced from P2 and P3.

Correct me if i am wrong?

You could use below configuration:

route-map PBR permit 10
match ip address P1
set ip next-hop verify-availability 192.168.1.1 1 track 1
set ip next-hop verify-availability 10.10.10.1 2 track 2
set ip next-hop verify-availability 172.16.32.1 3 track 3
route-map PBR permit 20
match ip address 20
set ip next-hop verify-availability 10.10.10.1 1 track 2
set ip next-hop verify-availability 192.168.1.1 2 track 1
set ip next-hop verify-availability 172.16.32.1 3 track 3
route-map PBR permit 30
match ip address P3
set ip next-hop verify-availability 172.16.32.1 1 track 3
set ip next-hop verify-availability 10.10.10.1 2 track 2
set ip next-hop verify-availability 192.168.1.1 3 track 1

ip sla 1
icmp-echo 192.168.1.1
ip sla schedule 1 life forever start-time now
ip sla 2
icmp-echo 10.10.10.1
ip sla schedule 2 life forever start-time now
ip sla 3
icmp-echo 172.16.32.1
ip sla schedule 3 life forever start-time now

track 1 ip sla 1
track 2 ip sla 2
track 3 ip sla 3

HTH

-Amit

Terence Payet · ‎01-09-2015

Hi Amit,

Thank you for the info.

I will try it in my lab and advise.

Can you also give me an example with the EEM script.

Thanks again.

Regards,

Steve

Amit Goyal · ‎01-09-2015

Hi Terence,

There are two ways of using route-map to achieve the load-balance.

> Route-map used in PBR

> Route-map under BGP process to prefer the outgoing interface.

I am not sure what kind of ACL change you are looking for but you can apply IP SLA in conjunction with track. When ever track goes up/down it will generate a log message which can be used to trigger the EEM.

HTH

-Amit

Terence Payet · ‎01-09-2015

Hi Amit,

Many thanks for the info.

Can you give me an example.

Thanks and Regards,

Steve

Terence Payet · ‎01-09-2015

Hi Amit,

Thank you very much.

That worked perfectly.

Regards,

Steve

Joseph W. Doherty · ‎01-09-2015

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Depending on what kind of device your router is, you should find OER/PfR (if supported on you device and IOS) will offer the best load balancing. Besides dynamic load balancing, it can also redirect flows to the best performing path too.

OER/PfR can work with default route to full BGP tables. If fact, in my experience, once you have OER/PfR you generally often don't need anything beyond a default route to your providers.

BGP Redundancy