07-06-2013 08:22 AM - edited 03-04-2019 08:23 PM
Dear All,
Please find the below attached Topology:
R3,R4 & R5 are directly connected to R1 as a Primary Service Provider to reach the Router R6. All are connected via EBGP and advertising only Loopbacks. So primary path to reach the Loopback of R6 is via R1 i.e. Primary SP.
Primary Path:
R3/R4/R5-----------------------------R1------------------------------------------R6
EBGP EBGP
R2 is Secondary SP to reach the Loopback of R6.
Branch R3, R4 are connected to R5 via IBGP and R5 is having EBGP neighborship with R2. Means to R3 & R4 to reach the Loopback of R6 should divert via R5. R5 is acting as Next-hope for R3 & R4.
If Primary of R3 or R4 is Down & R5 Primary link is up:
R3/R4-------------R5--------------------R2-------------------------R6
IBGP EBGP EBGP
R5-----------------------------R1------------------------------------------R6
EBGP EBGP
Our Requirement is:
1) The traffic of R5 should divert via Primary SP i.e. R1 even if Prmairy link of R3/R4 is down. If its primary links goes down then R5 should take path from R2.
2) If Primary Link of R3/R4 towards SP1 is down then the traffic of R3 & R4 should divert via Secondary SP i.e. R2. In this case, the Primary link of R5 is till up so the Loopback of R5 should be reachble via SP1 the Loopback of R3/R4 should be reachable via R2.
Problem we are facing:
1) Since the R5 has been configured to divert the traffic via R1, & if R3/R4's primary link is down then all traffic forwarded to R1. which we dont want.
Traffic flow should be
If primary link is up
R3/R4-------------R1--------------------R6
R5------------------R1--------------------R6
If Primary link of only R3/R4 is down then
R5------------------R1--------------------R6
R3/R4-------------R5--------------------R2-------------------------R6
2) Reverse traffic from R6 should follow the same path to keep the routing Symmetric.
3) Since R6 is HUB location, so we cant to do much changes over there.
Can anybody help us out to solve this issue.
Regards,
YSR.
Solved! Go to Solution.
07-08-2013 09:31 AM
Hi Yogesh,
I have tried another soultion to suit your requirement. Changes are made only on R3 , R4 and R5 and the desired results are acheived. Below topology was used with similar ip addresses.Do let me know if this helps
This is how you acheive it.
On R3 and R4 you can have Local Preference Set so that the routes from Primary SP is always preferred.
route-map LOCAL-PREF, permit, sequence 10
Match clauses:
Set clauses:
local-preference 500
Policy routing matches: 0 packets, 0 bytes
router bgp 3
neighbor 10.1.1.2 route-map LOCAL-PREF in
Thus under normal conditions the primary SP will always be preferred when both links are up.
-------------------------------------------------------------------------------------------------------------------
Now coming to the main config, as you said we will make some changes on R5 so that incoming and ooutgoing routes are preferred via the SP2 when the primary link at R3 or R4 is down.
First of all I set a PBR on the interfaces connecting to R3 and R4 so that whenever packets from the source address of R3 or R5's loopback is received the next hop is set to 20.1.1.10 ie link to SP2.
interface FastEthernet0/0
description Link to R3
ip address 20.1.1.2 255.255.255.252
ip policy route-map PBR-R3-R4
duplex auto
speed auto
route-map PBR-R3-R4 permit 10
match ip address 10
set ip next-hop 20.1.1.10
access-list 10 permit 3.3.3.3
access-list 10 permit 4.4.4.4
This way when traffic from source 3.3.3.3 or 4.4.4.4 is received on R5 the traffic is routed to 20.1.1.10 instead of the preferred path 10.1.1.6 on R5.
-------------------------------------------------------------------------------------------------------------------
Now coming to the incoming routes since we cannot make changes on R6 we will tweak the adverrtised routes on R5 so that R6 prefers SP2 for reverse traffic to 3.3.3.3 or 4.4.4.4
Create a route-map and set AS path prepend 3 3
route-map R3-R4-TO-SP1 permit 10
match ip address 10
set as-path prepend 3 3
access-list 10 permit 3.3.3.3
access-list 10 permit 4.4.4.4
Apply that route-map to the bgp peering with R1,
router bgp 3
neighbor 10.1.1.10 route-map R3-R4-TO-SP1 out
R1 receives two BGP routes for 3.3.3.3 and 4.4.4.4 from R3 and R4 respectively and R5 but the one from R3 and R4 in preferred becasue it has a shorter AS path than the one received from R5 and advertises the same to R6 and hence R6 always prefers SP1 under normal circumstances .
--------------------------------------------------------------------
Also at R5 I set an AS path prepend of 3 on all routes on the BGP peering with SP2 so that all routes are sent with AS path 3 3 and when R6 receives routes from SP2 the AS path is 2 3 3.
route-map TO-SP2 permit 10
set as-path prepend 3
neighbor 20.1.1.10 route-map TO-SP2 out
--------------------------------------------------------------------
When the link between R3 and R1 is down it stops receiving this route from R3 and puts the route from R5 in it BGP table and advertises the same to R6. But at R6 now the route received from SP2 R2 has a shorter AS path and hence prefers R2 for its reverse route.
At R6 the route preference will be R6-R1-R3 ( AS Path 1 3) , Next R6-R2-R5-R3 ( AS Path 2 3 3) , Next ( AS Path ( 1 3 3 3) as shown below.
R6#sh ip bgp
BGP table version is 10, local router ID is 6.6.6.6
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.1/32 100.1.1.1 0 0 1 i
*> 2.2.2.2/32 200.1.1.1 0 0 2 i
*> 3.3.3.3/32 100.1.1.1 0 1 3 i
* 200.1.1.1 0 2 3 3 i
*> 4.4.4.4/32 100.1.1.1 0 1 3 i
* 200.1.1.1 0 2 3 3 i
*> 5.5.5.5/32 100.1.1.1 0 1 3 i
* 200.1.1.1 0 2 3 3 i
*> 6.6.6.6/32 0.0.0.0 0 32768 i
-------------------------------------------------------------------------------------------------------------------
Under all conditions R5 will always prefer SP1 as it primary SP because the the AS path is prepended only for loopback addresses of R3 and R4.
Routing entry for 6.6.6.6/32
Known via "bgp 3", distance 20, metric 0
Tag 1, type external
Last update from 10.1.1.10 00:03:06 ago
Routing Descriptor Blocks:
* 10.1.1.10, from 10.1.1.10, 00:03:06 ago
Route metric is 0, traffic share count is 1
AS Hops 2
**********************************************************************************
**********************************************************************************
Trace from R3 to R6 when both links are up.
R3#sh ip bgp summary
BGP router identifier 3.3.3.3, local AS number 3
BGP table version is 15, main routing table version 15
5 network entries using 505 bytes of memory
8 path entries using 384 bytes of memory
10 BGP path attribute entries using 600 bytes of memory
3 BGP AS-PATH entries using 72 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 1561 total bytes of memory
BGP activity 5/0 prefixes, 11/3 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.1.1.2 4 1 49 42 15 0 0 00:20:50 3
20.1.1.2 4 3 69 58 15 0 0 00:44:55 4
R3#trac
R3#traceroute
Protocol [ip]:
Target IP address: 6.6.6.6
Source address: 3.3.3.3
Numeric display [n]:
Timeout in seconds [3]:
Probe count [3]:
Minimum Time to Live [1]:
Maximum Time to Live [30]:
Port Number [33434]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Type escape sequence to abort.
Tracing the route to 6.6.6.6
1 10.1.1.2 24 msec 20 msec 20 msec
2 100.1.1.2 52 msec * 48 msec
----------------------------------------------------------------------------------------------------------------
Reverse Route from R6 to R3 when both links are up.
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
100.1.1.1 4 1 51 48 8 0 0 00:41:39 4
200.1.1.1 4 2 49 49 8 0 0 00:41:42 5
R6#tr
R6#traceroute
Protocol [ip]:
Target IP address: 3.3.3.3
Source address: 6.6.6.6
Numeric display [n]:
Timeout in seconds [3]:
Probe count [3]:
Minimum Time to Live [1]:
Maximum Time to Live [30]:
Port Number [33434]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Type escape sequence to abort.
Tracing the route to 3.3.3.3
1 100.1.1.1 24 msec 28 msec 20 msec
2 10.1.1.1 44 msec * 40 msec
R6#
------------------------------------------------------------------------------------------------------
Shutting Down the Primary Link at R3
BGP activity 5/0 prefixes, 11/6 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.1.1.2 4 1 65 58 0 0 0 00:02:25 Idle
20.1.1.2 4 3 92 81 18 0 0 01:02:42 4
R3#traceroute
Protocol [ip]:
Target IP address: 6.6.6.6
Source address: 3.3.3.3
Numeric display [n]:
Timeout in seconds [3]:
Probe count [3]:
Minimum Time to Live [1]:
Maximum Time to Live [30]:
Port Number [33434]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Type escape sequence to abort.
Tracing the route to 6.6.6.6
1 20.1.1.2 36 msec 20 msec 20 msec
2 20.1.1.10 32 msec 48 msec 32 msec
3 200.1.1.2 68 msec * 68 msec
R3#
-----------------------------------------------------------------------------------------------------------
Reverse Route from R6 to R3 when primary link at R3 is down.
R6#traceroute
Protocol [ip]:
Target IP address: 3.3.3.3
Source address: 6.6.6.6
Numeric display [n]:
Timeout in seconds [3]:
Probe count [3]:
Minimum Time to Live [1]:
Maximum Time to Live [30]:
Port Number [33434]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Type escape sequence to abort.
Tracing the route to 3.3.3.3
1 200.1.1.1 44 msec 32 msec 20 msec
2 20.1.1.9 32 msec 48 msec 28 msec
3 20.1.1.1 76 msec * 76 msec
----------------------------------------------------------------------------------------------------
Traffic from R5 to R6 is aunaffected when primary link at R3 is down.
Trace from R5 to R6 when primary link at R3 is down.
R5#traceroute
Protocol [ip]:
Target IP address: 6.6.6.6
Source address: 5.5.5.5
Numeric display [n]:
Timeout in seconds [3]:
Probe count [3]:
Minimum Time to Live [1]:
Maximum Time to Live [30]:
Port Number [33434]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Type escape sequence to abort.
Tracing the route to 6.6.6.6
1 10.1.1.10 40 msec 40 msec 24 msec
2 100.1.1.2 52 msec * 44 msec
R5#
----------------------------------------------------------------------------------------------
HTH
Regards
Umesh
07-06-2013 02:05 PM
Hi Yogesh,
You can create a GRE tunnel between the R3 router and R6 router. When you create a tunnel make sure that on R3 use the tunnel source interface as the one connecting to R5 and the Tunnel destination is the as the interface on R6 that connects to the secondary SP R2. Since the interface on R6 that is connected to R2 will always be routed via R2 the physical path used by the Tunnel will be R3 -- R5 -- R2 -- R6. Next Run Ebgp over the Tunnel peer IP addresses.
Now coming to traffic manipulation. On R3 you will have 3 routes for the loopback of R6, First via R1 Ebgp , Second via R5 ibgp, third via the Tunnel Ebgp. On the Ebgp peering between R3 and R1 set a higher local preference (300) , on the Ebgp between R3 and R6 over the Tunnel set the second best LP (200) and on the Ibgp between R3 and R5 set the third best LP(100).
So effectively the first path choosen will be Best R3 -- R1 --R6 , Next will be R3--R6 (tunnel) and third will be R3--R5--R1--R6.
Now coming to incoming route selection, since you cannot make changes on the R6 Hub router, manipulate the outgoing routes on R3 by setting AS path prepend and changing the origin codes during route advertisement as below.
Peer R3 - R1 -- Do not prepend anything, advertise as it is.
Peer R3 -R6 (Tunnel) -- As path prepend 3 3 3 & ---> R6 will see AS path as 3 3 3 3
Peer R3 - R5 -- AS path prepend 3 3 & set origin code as incomplete 3 3 3 --> R6 will see AS path as 1 3 3 3 (via R1) and 2 3 3 3 (from R2)
When the three similar routes reach R6 the first preference will be given to the one received from R1 based on the lowest AS path.
Next there is a Tie in the AS path for the routes recived from R6-R1 peer and over the R6-R3 tunnel peer, but preference will be given to R6-R3 tunnel route becasue it has the best origin code.
Lastly when both these routes are unavailable the third route will be preferred.
Please do let me know if this helps !!!
HTH !!!
Regards
Umesh
07-06-2013 08:11 PM
Hi Yogesh,
I tried this scenario in GNS3 its work fine for me.
1) The traffic of R5 should divert via Primary SP i.e. R1 even if Primary link of R3/R4 is down. If its primary links goes down then R5 should take path from R2.
I shutdown R3 primary BGP neighbor relationship between R3 -- R1.
R3(config)#router bgp 3
R3(config-router)#neighbor 10.1.1.1 shutdown
R3(config-router)#^Z
R3#
R3#
Jul 7 07:12:17.555: %BGP-5-ADJCHANGE: neighbor 10.1.1.1 Down Admin. shutdown
Jul 7 07:12:17.711: %SYS-5-CONFIG_I: Configured from console by console
R3#
R3#sh ip bgp summary | B Ne
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.1.1.1 4 1 378 337 0 0 0 00:05:57 Idle (Admin)
20.1.1.1 4 3 493 439 100 0 0 06:00:24 4
R3#
I shutdown R4 primary BGP neighbor relationship between R4 -- R1.
R4(config)#router bgp 3
R4(config-router)#neighbor 10.1.1.5 shutdown
R4(config-router)#^Z
R4#
Jul 7 07:14:49.067: %SYS-5-CONFIG_I: Configured from console by console
Jul 7 07:14:49.287: %BGP-5-ADJCHANGE: neighbor 10.1.1.5 Down Admin. shutdown
R4#
R4#sh ip bgp summary | B Ne
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.1.1.5 4 1 467 392 0 0 0 00:02:47 Idle (Admin)
20.1.1.5 4 3 502 440 117 0 0 03:58:15 4
R4#
If I did the trace from R5 to R6 loopback it will go via R5.
R5 Primary link --->R1--->R6
R5#traceroute 6.6.6.6 source loopback 5
Type escape sequence to abort.
Tracing the route to 6.6.6.6
1 10.1.1.9 36 msec 32 msec 8 msec
2 100.1.1.1 72 msec * 36 msec
R5#
Reverse traffic from R6 to Loopback R5. Both the traffic are symmetric.
R6#
R6#traceroute 5.5.5.5 source loopback 6
Type escape sequence to abort.
Tracing the route to 5.5.5.5
1 100.1.1.2 60 msec 44 msec 24 msec
2 10.1.1.10 100 msec * 96 msec
R6#
Now I will shutdown the R5 primary neighbor relationship between R5 --- R1
R5(config)#router bgp 3
R5(config-router)#neighbor 10.1.1.9 shutdown
R5(config-router)#^Z
R5#
R5#
Jul 7 07:25:51.451: %BGP-5-ADJCHANGE: neighbor 10.1.1.9 Down Admin. shutdown
Jul 7 07:25:51.459: %SYS-5-CONFIG_I: Configured from console by console
R5#
Now traffic should go via R5 secondary link.
R5#traceroute 6.6.6.6 source loopback 5
Type escape sequence to abort.
Tracing the route to 6.6.6.6
1 20.1.1.9 24 msec 40 msec 0 msec
2 200.1.1.1 32 msec * 24 msec
R5#
Reverse traffic from R6 to Loopback R5. Both the traffic is symmetric.
R6#
R6#traceroute 5.5.5.5 source loopback 6
Type escape sequence to abort.
Tracing the route to 5.5.5.5
1 200.1.1.2 52 msec 44 msec 40 msec
2 20.1.1.10 16 msec * 20 msec
R6#
2) If Primary Link of R3/R4 towards SP1 is down then the traffic of R3 & R4 should divert via Secondary SP i.e. R2. In this case, the Primary link of R5 is till up so the Loopback of R5 should be reachable via SP1 the Loopback of R3/R4 should be reachable via R2.
Current traffic is going via R3--R1--R6
R3#
R3#traceroute 6.6.6.6 source loopback 3
Type escape sequence to abort.
Tracing the route to 6.6.6.6
1 10.1.1.1 48 msec 72 msec 16 msec
2 100.1.1.1 48 msec * 72 msec
R3#
After shutting the primary bgp neighbor between R3—R1.
R3#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#router bgp 3
R3(config-router)#neighbor 10.1.1.1 shutdown
R3(config-router)#^Z
R3#
Jul 7 07:42:51.763: %SYS-5-CONFIG_I: Configured from console by console
Jul 7 07:42:51.947: %BGP-5-ADJCHANGE: neighbor 10.1.1.1 Down Admin. shutdown
R3#
R3#traceroute 6.6.6.6 source loopback 3
Type escape sequence to abort.
Tracing the route to 6.6.6.6
1 20.1.1.1 24 msec 56 msec 24 msec
2 20.1.1.9 24 msec 56 msec 28 msec
3 200.1.1.1 52 msec * 80 msec
R3#
Reverse traffic from R6 to Loopback R3. Both the traffic is symmetric. Loopback of R3 is reachable via ISP 2 when primary BGP neighbor is down.
R6#traceroute 3.3.3.3 source loopback 6
Type escape sequence to abort.
Tracing the route to 3.3.3.3
1 200.1.1.2 32 msec 56 msec 20 msec
2 20.1.1.10 36 msec 48 msec 20 msec
3 20.1.1.2 40 msec * 64 msec
R6#
Current traffic is going via R4---R1---R6
R4#traceroute 6.6.6.6 source loopback 4
Type escape sequence to abort.
Tracing the route to 6.6.6.6
1 10.1.1.5 36 msec 44 msec 24 msec
2 100.1.1.1 28 msec * 28 msec
After shutting the primary bgp neighbor between R4—R1.
R4#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R4(config)#router bgp 3
R4(config-router)#neighbor 10.1.1.5 shutdown
R4(config-router)#^Z
R4#
Jul 7 07:40:32.967: %BGP-5-ADJCHANGE: neighbor 10.1.1.5 Down Admin. shutdown
Jul 7 07:40:33.111: %SYS-5-CONFIG_I: Configured from console by console
R4#
R4#traceroute 6.6.6.6 source loopback 4
Type escape sequence to abort.
Tracing the route to 6.6.6.6
1 20.1.1.5 28 msec 48 msec 24 msec
2 20.1.1.9 20 msec 16 msec 52 msec
3 200.1.1.1 20 msec * 96 msec
R4#
Reverse traffic from R6 to Loopback R4. Both the traffic is symmetric. Loopback of R4 is reachable via ISP 2 when primary BGP neighbor is down.
R6#traceroute 4.4.4.4 source loopback 6
Type escape sequence to abort.
Tracing the route to 4.4.4.4
1 200.1.1.2 40 msec 48 msec 24 msec
2 20.1.1.10 12 msec 60 msec 12 msec
3 20.1.1.6 108 msec * 68 msec
R6#
Primary link of R5 is till up so the Loopback of R5 should be reachable via SP1
R5 Primary BGP neighbor is UP.
R5#sh ip bgp sum | b Ne
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.1.1.9 4 1 600 586 91 0 0 06:01:14 3
20.1.1.2 4 3 488 548 91 0 0 06:39:37 1
20.1.1.6 4 3 483 550 91 0 0 04:38:07 1
20.1.1.9 4 2 552 584 91 0 0 06:44:12 3
R5#
Trace from R5 to R6
R5#traceroute 6.6.6.6 source loopback 5
Type escape sequence to abort.
Tracing the route to 6.6.6.6
1 10.1.1.9 24 msec 52 msec 24 msec
2 100.1.1.1 8 msec * 72 msec
R5#
Reverse traffic from R6 to Loopback R5. Both the traffic is symmetric.
R6#traceroute 5.5.5.5 source loopback 6
Type escape sequence to abort.
Tracing the route to 5.5.5.5
1 100.1.1.2 28 msec 40 msec 16 msec
2 10.1.1.10 16 msec * 68 msec
R6#
Now I will explain how I have done this.To achieve this I created 2 policy base routing in R5 on interface Fa0/1 & Fa1/0.
R5#sh running-config interface FastEthernet0/1
Building configuration...
Current configuration : 135 bytes
!
interface FastEthernet0/1
ip address 20.1.1.5 255.255.255.252
ip policy route-map Traffic_From_R3&R4
duplex auto
speed auto
end
R5#
R5#sh running-config interface FastEthernet1/0
Building configuration...
Current configuration : 135 bytes
!
interface FastEthernet1/0
ip address 20.1.1.1 255.255.255.252
ip policy route-map Traffic_From_R3&R4
duplex auto
speed auto
end
R5#
R5#sh route-map Traffic_From_R3&R4
route-map Traffic_From_R3&R4, permit, sequence 10
Match clauses:
ip address (access-lists): 100
Set clauses:
ip next-hop 20.1.1.9
Policy routing matches: 158 packets, 9560 bytes
route-map Traffic_From_R3&R4, permit, sequence 20
Match clauses:
Set clauses:
Policy routing matches: 28 packets, 1960 bytes
R5#
R5#sh ip access-list 100
Extended IP access list 100
10 permit ip host 3.3.3.3 host 6.6.6.6 (36 matches)
20 permit ip host 4.4.4.4 host 6.6.6.6 (36 matches)
R5#
Also I have used AS-path prepend attribute in R1 & R2.So that R6 choose the best path as you like.
R1 BGP configuration.
R1#sh running-config | s bgp
router bgp 1
bgp log-neighbor-changes
neighbor 10.1.1.2 remote-as 3
neighbor 10.1.1.6 remote-as 3
neighbor 10.1.1.10 remote-as 3
neighbor 100.1.1.1 remote-as 4
!
address-family ipv4
neighbor 10.1.1.2 activate
neighbor 10.1.1.2 route-map Traffic_From_R5&R3 in
neighbor 10.1.1.6 activate
neighbor 10.1.1.6 route-map Traffic_From_R5&R3 in
neighbor 10.1.1.10 activate
neighbor 10.1.1.10 soft-reconfiguration inbound
neighbor 10.1.1.10 route-map Traffic_From_R5 in
neighbor 100.1.1.1 activate
no auto-summary
no synchronization
network 1.1.1.1 mask 255.255.255.255
exit-address-family
R1#
R1#
R1#sh route-map Traffic_From_R5&R3
route-map Traffic_From_R5&R3, permit, sequence 10
Match clauses:
ip address (access-lists): 20
Set clauses:
as-path prepend last-as 2
Policy routing matches: 0 packets, 0 bytes
route-map Traffic_From_R5&R3, permit, sequence 20
Match clauses:
Set clauses:
Policy routing matches: 0 packets, 0 bytes
R1#
R1#sh ip access-list 20
Standard IP access list 20
10 permit 5.5.5.5 (5 matches)
R1#
R1#sh route-map Traffic_From_R5
route-map Traffic_From_R5, permit, sequence 10
Match clauses:
ip address (access-lists): 10
Set clauses:
as-path prepend last-as 2
Policy routing matches: 0 packets, 0 bytes
route-map Traffic_From_R5, permit, sequence 20
Match clauses:
Set clauses:
Policy routing matches: 0 packets, 0 bytes
R1#
R1#sh ip access-list 10
Standard IP access list 10
10 permit 3.3.3.3 (14 matches)
20 permit 4.4.4.4 (14 matches)
R1#
R2 BGP configuration.
R2#sh running-config | s bgp
router bgp 2
bgp log-neighbor-changes
neighbor 20.1.1.10 remote-as 3
neighbor 200.1.1.1 remote-as 4
!
address-family ipv4
neighbor 20.1.1.10 activate
neighbor 200.1.1.1 activate
neighbor 200.1.1.1 route-map Traffic_From_R5 out
no auto-summary
no synchronization
network 2.2.2.2 mask 255.255.255.255
exit-address-family
R2#
R2#sh route-map Traffic_From_R5
route-map Traffic_From_R5, permit, sequence 10
Match clauses:
ip address (access-lists): 10
Set clauses:
as-path prepend last-as 1
Policy routing matches: 0 packets, 0 bytes
route-map Traffic_From_R5, permit, sequence 20
Match clauses:
Set clauses:
Policy routing matches: 0 packets, 0 bytes
R2#
R2#sh ip access-list 10
Standard IP access list 10
10 permit 4.4.4.4 (3 matches)
20 permit 3.3.3.3 (2 matches)
30 permit 5.5.5.5 (1 match)
R2#
In R3, R4 & R5 I have created a route-map PRIMARY_LINK and I have applied that in all primary links in inbound direction. In that route-map I have matched Loopback6 and set weight 100.
R3 BGP configuration.
R3#sh running-config | s bgp
router bgp 3
bgp log-neighbor-changes
neighbor 10.1.1.1 remote-as 1
neighbor 20.1.1.1 remote-as 3
!
address-family ipv4
neighbor 10.1.1.1 activate
neighbor 10.1.1.1 route-map PRIMARY_LINK in
neighbor 20.1.1.1 activate
no auto-summary
no synchronization
network 3.3.3.3 mask 255.255.255.255
exit-address-family
R3#
R3#sh route-map PRIMARY_LINK
route-map PRIMARY_LINK, permit, sequence 10
Match clauses:
ip address prefix-lists: LO6
Set clauses:
weight 100
Policy routing matches: 0 packets, 0 bytes
route-map PRIMARY_LINK, permit, sequence 20
Match clauses:
Set clauses:
Policy routing matches: 0 packets, 0 bytes
R3#
R3#sh ip prefix-list
ip prefix-list LO6: 1 entries
seq 5 permit 6.6.6.6/32
R3#
Message was edited by: Sindhukumar Chithamabaram
07-08-2013 02:46 AM
Hi Sindhu,
Thanks a lot for the detailed analysis.
I think after applying AS path Prepend, R6 will always prefer the Secondary SP path to reach R3 or R4.
If the Primary link to SP is up for both R3 & R4, reverse traffic from R6 should be via R1. which isn't happening in your Config.
R1 & R2 are SP in live environment, so we can't make change in those Routers.
Thanks,
Yogesh
07-08-2013 08:49 PM
Hi Yogesh,
It not like that from R1 If you see the best route for 3.3.3.3 & 4.4.4.4 is from R3 & R4 right. So R1 will advertise the best route to R6.
Note now both the router R3 & R4 primary link is UP only.
When R3 & R4 primary link is down at that time R6 will select the best path via secondary link.
Any way you can't apply this logic in ISP RTR . (R1 & R2) . Any way it nice to work this kind of complex BGP routing
07-06-2013 09:16 PM
Yogesh one question...R1 and R2 are the service provider routers right ? so you do not have access to these devices
07-07-2013 11:26 PM
Hi Umesh,
Its correct, R1 & R2 are SP Routers & I don't have access to those. We are just advertising LoopBacks to SP from Hub & Branch Side.
One way I am thinking is Tracking of routes.
We have advertised Default Route from Hub. At branch we are tracking it & set the Primary SP on the basis of that since it received from the SPs.
E.g.
Branch 2:
route-map Nonexist permit 10
match ip address 20
match as-path 20
neighbor 20.1.1.5 advertise-map Loopback non-exist-map Nonexist
route-map Loopback permit 10
match ip address 35
access-list 35 permit 2.2.2.2
access-list 35 deny any
access-list 20 permit 0.0.0.0
access-list 20 deny any
ip as-path access-list 20 permit ^1
Thinking of applying same logic on R5 router & tweaking it as per requirement.
-
Yogesh
07-08-2013 09:31 AM
Hi Yogesh,
I have tried another soultion to suit your requirement. Changes are made only on R3 , R4 and R5 and the desired results are acheived. Below topology was used with similar ip addresses.Do let me know if this helps
This is how you acheive it.
On R3 and R4 you can have Local Preference Set so that the routes from Primary SP is always preferred.
route-map LOCAL-PREF, permit, sequence 10
Match clauses:
Set clauses:
local-preference 500
Policy routing matches: 0 packets, 0 bytes
router bgp 3
neighbor 10.1.1.2 route-map LOCAL-PREF in
Thus under normal conditions the primary SP will always be preferred when both links are up.
-------------------------------------------------------------------------------------------------------------------
Now coming to the main config, as you said we will make some changes on R5 so that incoming and ooutgoing routes are preferred via the SP2 when the primary link at R3 or R4 is down.
First of all I set a PBR on the interfaces connecting to R3 and R4 so that whenever packets from the source address of R3 or R5's loopback is received the next hop is set to 20.1.1.10 ie link to SP2.
interface FastEthernet0/0
description Link to R3
ip address 20.1.1.2 255.255.255.252
ip policy route-map PBR-R3-R4
duplex auto
speed auto
route-map PBR-R3-R4 permit 10
match ip address 10
set ip next-hop 20.1.1.10
access-list 10 permit 3.3.3.3
access-list 10 permit 4.4.4.4
This way when traffic from source 3.3.3.3 or 4.4.4.4 is received on R5 the traffic is routed to 20.1.1.10 instead of the preferred path 10.1.1.6 on R5.
-------------------------------------------------------------------------------------------------------------------
Now coming to the incoming routes since we cannot make changes on R6 we will tweak the adverrtised routes on R5 so that R6 prefers SP2 for reverse traffic to 3.3.3.3 or 4.4.4.4
Create a route-map and set AS path prepend 3 3
route-map R3-R4-TO-SP1 permit 10
match ip address 10
set as-path prepend 3 3
access-list 10 permit 3.3.3.3
access-list 10 permit 4.4.4.4
Apply that route-map to the bgp peering with R1,
router bgp 3
neighbor 10.1.1.10 route-map R3-R4-TO-SP1 out
R1 receives two BGP routes for 3.3.3.3 and 4.4.4.4 from R3 and R4 respectively and R5 but the one from R3 and R4 in preferred becasue it has a shorter AS path than the one received from R5 and advertises the same to R6 and hence R6 always prefers SP1 under normal circumstances .
--------------------------------------------------------------------
Also at R5 I set an AS path prepend of 3 on all routes on the BGP peering with SP2 so that all routes are sent with AS path 3 3 and when R6 receives routes from SP2 the AS path is 2 3 3.
route-map TO-SP2 permit 10
set as-path prepend 3
neighbor 20.1.1.10 route-map TO-SP2 out
--------------------------------------------------------------------
When the link between R3 and R1 is down it stops receiving this route from R3 and puts the route from R5 in it BGP table and advertises the same to R6. But at R6 now the route received from SP2 R2 has a shorter AS path and hence prefers R2 for its reverse route.
At R6 the route preference will be R6-R1-R3 ( AS Path 1 3) , Next R6-R2-R5-R3 ( AS Path 2 3 3) , Next ( AS Path ( 1 3 3 3) as shown below.
R6#sh ip bgp
BGP table version is 10, local router ID is 6.6.6.6
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.1/32 100.1.1.1 0 0 1 i
*> 2.2.2.2/32 200.1.1.1 0 0 2 i
*> 3.3.3.3/32 100.1.1.1 0 1 3 i
* 200.1.1.1 0 2 3 3 i
*> 4.4.4.4/32 100.1.1.1 0 1 3 i
* 200.1.1.1 0 2 3 3 i
*> 5.5.5.5/32 100.1.1.1 0 1 3 i
* 200.1.1.1 0 2 3 3 i
*> 6.6.6.6/32 0.0.0.0 0 32768 i
-------------------------------------------------------------------------------------------------------------------
Under all conditions R5 will always prefer SP1 as it primary SP because the the AS path is prepended only for loopback addresses of R3 and R4.
Routing entry for 6.6.6.6/32
Known via "bgp 3", distance 20, metric 0
Tag 1, type external
Last update from 10.1.1.10 00:03:06 ago
Routing Descriptor Blocks:
* 10.1.1.10, from 10.1.1.10, 00:03:06 ago
Route metric is 0, traffic share count is 1
AS Hops 2
**********************************************************************************
**********************************************************************************
Trace from R3 to R6 when both links are up.
R3#sh ip bgp summary
BGP router identifier 3.3.3.3, local AS number 3
BGP table version is 15, main routing table version 15
5 network entries using 505 bytes of memory
8 path entries using 384 bytes of memory
10 BGP path attribute entries using 600 bytes of memory
3 BGP AS-PATH entries using 72 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 1561 total bytes of memory
BGP activity 5/0 prefixes, 11/3 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.1.1.2 4 1 49 42 15 0 0 00:20:50 3
20.1.1.2 4 3 69 58 15 0 0 00:44:55 4
R3#trac
R3#traceroute
Protocol [ip]:
Target IP address: 6.6.6.6
Source address: 3.3.3.3
Numeric display [n]:
Timeout in seconds [3]:
Probe count [3]:
Minimum Time to Live [1]:
Maximum Time to Live [30]:
Port Number [33434]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Type escape sequence to abort.
Tracing the route to 6.6.6.6
1 10.1.1.2 24 msec 20 msec 20 msec
2 100.1.1.2 52 msec * 48 msec
----------------------------------------------------------------------------------------------------------------
Reverse Route from R6 to R3 when both links are up.
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
100.1.1.1 4 1 51 48 8 0 0 00:41:39 4
200.1.1.1 4 2 49 49 8 0 0 00:41:42 5
R6#tr
R6#traceroute
Protocol [ip]:
Target IP address: 3.3.3.3
Source address: 6.6.6.6
Numeric display [n]:
Timeout in seconds [3]:
Probe count [3]:
Minimum Time to Live [1]:
Maximum Time to Live [30]:
Port Number [33434]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Type escape sequence to abort.
Tracing the route to 3.3.3.3
1 100.1.1.1 24 msec 28 msec 20 msec
2 10.1.1.1 44 msec * 40 msec
R6#
------------------------------------------------------------------------------------------------------
Shutting Down the Primary Link at R3
BGP activity 5/0 prefixes, 11/6 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.1.1.2 4 1 65 58 0 0 0 00:02:25 Idle
20.1.1.2 4 3 92 81 18 0 0 01:02:42 4
R3#traceroute
Protocol [ip]:
Target IP address: 6.6.6.6
Source address: 3.3.3.3
Numeric display [n]:
Timeout in seconds [3]:
Probe count [3]:
Minimum Time to Live [1]:
Maximum Time to Live [30]:
Port Number [33434]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Type escape sequence to abort.
Tracing the route to 6.6.6.6
1 20.1.1.2 36 msec 20 msec 20 msec
2 20.1.1.10 32 msec 48 msec 32 msec
3 200.1.1.2 68 msec * 68 msec
R3#
-----------------------------------------------------------------------------------------------------------
Reverse Route from R6 to R3 when primary link at R3 is down.
R6#traceroute
Protocol [ip]:
Target IP address: 3.3.3.3
Source address: 6.6.6.6
Numeric display [n]:
Timeout in seconds [3]:
Probe count [3]:
Minimum Time to Live [1]:
Maximum Time to Live [30]:
Port Number [33434]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Type escape sequence to abort.
Tracing the route to 3.3.3.3
1 200.1.1.1 44 msec 32 msec 20 msec
2 20.1.1.9 32 msec 48 msec 28 msec
3 20.1.1.1 76 msec * 76 msec
----------------------------------------------------------------------------------------------------
Traffic from R5 to R6 is aunaffected when primary link at R3 is down.
Trace from R5 to R6 when primary link at R3 is down.
R5#traceroute
Protocol [ip]:
Target IP address: 6.6.6.6
Source address: 5.5.5.5
Numeric display [n]:
Timeout in seconds [3]:
Probe count [3]:
Minimum Time to Live [1]:
Maximum Time to Live [30]:
Port Number [33434]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Type escape sequence to abort.
Tracing the route to 6.6.6.6
1 10.1.1.10 40 msec 40 msec 24 msec
2 100.1.1.2 52 msec * 44 msec
R5#
----------------------------------------------------------------------------------------------
HTH
Regards
Umesh
07-15-2013 09:58 AM
Hi Yogesh,
Did you get a chance to try this solution ??? or did you find any other solution for your requirement.
Regards
Umesh Shetty
07-25-2013 08:43 AM
Hi Umesh,
Thanks for the reply with all details.
Topology of the solution which was approved is given below:
1) Every Branc is having Primary Connection to Primary SP via EBGP towards HUB Location.
2) At one of the Branch, additional Aggregator Router has been added just to terminate the Secondary Link from the Rest of the Branches via IBGP. This Aggregator Router will have EBGP with Secondary SP and thus if any Primary link fails, only Secondary SP can be utilized without much manipulation.
The Secondary Links on all the branches would be on Wireless...UBR concept.
By using the earlier Design I was actually trying to reduce the cost of additional aggregator Router which was used in approved design.
Earlier design was rejected due to below reasons:
1) Client dont want any of their branch to become Transit Branch for Other branches.
2) There might be issue with Crypto, RRI which they are using.
Excuse for the delay reply since I was not keeping well.
Once again, thanks for reply.
Regards,
Yogesh.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide