Re: BGP witch 2 defaults routes - Page 2

joana_magally · ‎03-22-2013

Hi

I have 2 links with diferentes ISP, both send me the default route via BGP, I want to use both links so I want to that some of my networks send traffic via the ISP A and other networks send traffic via ISP B.

And when the ISP B is down my networks use the link A and vice versa.

I tried use SLA but my device does not support it.

Thanks.

Richard Burts · ‎08-17-2015

A

I am glad to know that you now understand better the difference between ip policy and ip local policy and that using ip local policy does allow you to control the outbound traffic to achieve your objective.

As you are seeing PBR is a solution for outbound traffic but not for inbound traffic. To get the response traffic to use ISP2 you will need to prepend the advertisement of your PBR subnet when you advertise to ISP1. When you prepend an advertisement you are adding additional AS# entries in the advertisement and the ISP will recognize that the better way to send traffic to that subnet is to send it through ISP2.

HTH

Rick

HTH

Rick

bankan19791 · ‎09-10-2015

Hi Rick,

Hope you are doing well. Incoming traffic issue has been solved after follow your instruction. I am really thankful to you for that. Now I am facing another issue i.e. when peering goes down between ISP-I & II,I can reach on network 20.20.20.0/24 from 40.40.40.0/24[ISP-II] but not to the network 10.10.10.0/24 through 192.168.200.1. Same is happening from 30.30.30.0/24 also. From network 30.30.30.0/24[ISP-I] I can't reach to 10.10.10.0/24 network but not to the 20.20.20.0/24 through 192.168.100.1. If I am not wrong this is happening due to route-map applied on the interfaces for managing lan traffic , from where traffic for network 10.10.10.0/24 & 20.20.20.0/24 are passing. But if, the peering between ISP-I & II goes up then I can reach on both network from ISP-I & II with the same path like before[when peering goes down between ISP-I & II then there is only one path to reach the destination is 192.168.100.1 for ISP-I & 192.168.200.1 for ISP-II].

For better understand I am sending the network diagram & also the bgp configuration & log taken on both situation.

Log taken after peering goes down between ISP-I & II

R2#traceroute 10.10.10.10 source 30.30.30.1
Type escape sequence to abort.
Tracing the route to 10.10.10.10
VRF info: (vrf in name/id, vrf out name/id)
1 192.168.100.1 164 msec 20 msec 104 msec
2 *
10.10.10.10 [AS 100] 80 msec 120 msec
R2#traceroute 20.20.20.20 source 30.30.30.1
Type escape sequence to abort.
Tracing the route to 20.20.20.20
VRF info: (vrf in name/id, vrf out name/id)
1 192.168.100.1 172 msec 44 msec 40 msec
2 * * *
3 * * *
4 * * *
5
R2#ping 10.10.10.10 sour
R2#ping 10.10.10.10 source 30.30.30.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.10, timeout is 2 seconds:
Packet sent with a source address of 30.30.30.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 80/107/140 ms
R2#ping 20.20.20.20 source 30.30.30.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 20.20.20.20, timeout is 2 seconds:
Packet sent with a source address of 30.30.30.1
.....
Success rate is 0 percent (0/5)

R3#traceroute 20.20.20.20 source 40.40.40.1
Type escape sequence to abort.
Tracing the route to 20.20.20.20
VRF info: (vrf in name/id, vrf out name/id)
1 * * *
2 *
20.20.20.20 [AS 100] 84 msec 152 msec
R3#traceroute 10.10.10.10 source 40.40.40.1
Type escape sequence to abort.
Tracing the route to 10.10.10.10
VRF info: (vrf in name/id, vrf out name/id)
1 * * *
2 * * *
3 * * *
4
R3#ping 20.20.20.20 source 40.40.40.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 20.20.20.20, timeout is 2 seconds:
Packet sent with a source address of 40.40.40.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 76/114/140 ms
R3#ping 10.10.10.10 source 40.40.40.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.10, timeout is 2 seconds:
Packet sent with a source address of 40.40.40.1
.....
Success rate is 0 percent (0/5)

R2#show ip bgp
BGP table version is 9, local router ID is 192.168.100.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path
0.0.0.0 0.0.0.0 0 i
*> 10.10.10.0/24 192.168.100.1 0 0 100 i
*> 20.20.20.0/24 192.168.100.1 0 0 100 100 100 100 100 100 i
*> 30.30.30.0/24 0.0.0.0 0 32768 i
*> 50.50.50.0/24 172.16.1.2 0 0 400 i
*> 172.16.1.0/30 0.0.0.0 0 32768 i
*> 192.168.100.0/30 0.0.0.0 0 32768 i

R3#show ip bgp
BGP table version is 34, local router ID is 192.168.254.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path
0.0.0.0 0.0.0.0 0 i
*> 10.10.10.0/24 192.168.200.1 0 0 100 i
*> 20.20.20.0/24 192.168.200.1 0 0 100 i
*> 40.40.40.0/24 0.0.0.0 0 32768 i

==============================================================

Log taken after peering goes up between ISP-I & II

R2#traceroute 10.10.10.10 source 30.30.30.1
Type escape sequence to abort.
Tracing the route to 10.10.10.10
VRF info: (vrf in name/id, vrf out name/id)
1 192.168.100.1 80 msec 64 msec 12 msec
2 10.10.10.10 [AS 100] 96 msec 20 msec 72 msec

R2#traceroute 20.20.20.20 source 30.30.30.1
Type escape sequence to abort.
Tracing the route to 20.20.20.20
VRF info: (vrf in name/id, vrf out name/id)
1 192.168.254.2 68 msec 80 msec 72 msec
2 192.168.200.1 124 msec 104 msec 112 msec
3 20.20.20.20 [AS 100] 224 msec 156 msec 176 msec

R2#ping 10.10.10.10 source 30.30.30.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.10, timeout is 2 seconds:
Packet sent with a source address of 30.30.30.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 108/139/232 ms
R2#ping 20.20.20.20 source 30.30.30.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 20.20.20.20, timeout is 2 seconds:
Packet sent with a source address of 30.30.30.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 176/195/240 ms

R3#traceroute 20.20.20.20 source 40.40.40.1
Type escape sequence to abort.
Tracing the route to 20.20.20.20
VRF info: (vrf in name/id, vrf out name/id)
1 192.168.200.1 172 msec 120 msec 84 msec
2 20.20.20.20 [AS 100] 108 msec 116 msec 116 msec

R3#traceroute 10.10.10.10 source 40.40.40.1
Type escape sequence to abort.
Tracing the route to 10.10.10.10
VRF info: (vrf in name/id, vrf out name/id)
1 192.168.200.1 116 msec 144 msec 124 msec
2 10.10.10.10 [AS 100] 136 msec 140 msec 164 msec

R3#ping 20.20.20.20 source 40.40.40.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 20.20.20.20, timeout is 2 seconds:
Packet sent with a source address of 40.40.40.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/73/120 ms
R3#ping 10.10.10.10 source 40.40.40.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.10, timeout is 2 seconds:
Packet sent with a source address of 40.40.40.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 128/164/240 ms

R2#show ip bgp
BGP table version is 16, local router ID is 192.168.100.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path
0.0.0.0 0.0.0.0 0 i
* 10.10.10.0/24 192.168.254.2 0 300 100 i
*> 192.168.100.1 0 0 100 i
*> 20.20.20.0/24 192.168.254.2 0 300 100 i
* 192.168.100.1 0 0 100 100 100 100 100 100 i
*> 30.30.30.0/24 0.0.0.0 0 32768 i
*> 40.40.40.0/24 192.168.254.2 0 0 300 i
*> 50.50.50.0/24 172.16.1.2 0 0 400 i
*> 172.16.1.0/30 0.0.0.0 0 32768 i
*> 192.168.100.0/30 0.0.0.0 0 32768 i
*> 192.168.254.0/30 0.0.0.0 0 32768 i

R3#show ip bgp
BGP table version is 39, local router ID is 192.168.254.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path
0.0.0.0 0.0.0.0 0 i
* 10.10.10.0/24 192.168.254.1 0 200 100 i
*> 192.168.200.1 0 0 100 i
*> 20.20.20.0/24 192.168.200.1 0 0 100 i
*> 30.30.30.0/24 192.168.254.1 0 0 200 i
*> 40.40.40.0/24 0.0.0.0 0 32768 i
*> 50.50.50.0/24 192.168.254.1 0 200 400 i
*> 172.16.1.0/30 192.168.254.1 0 0 200 i
*> 192.168.100.0/30 192.168.254.1 0 0 200 i
r> 192.168.254.0/30 192.168.254.1 0 0 200 i

Router configuration of R-1

R1#show running-config
Building configuration...

Current configuration : 2936 bytes
!
! Last configuration change at 17:12:53 UTC Thu Sep 10 2015
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
!
!
no ip domain lookup
no ipv6 cef
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
description ABSPL
ip address 192.168.100.1 255.255.255.252
speed auto
duplex auto
!
interface FastEthernet0/1
ip address 192.168.200.1 255.255.255.252
speed auto
duplex auto
!
interface Ethernet1/0
ip address 10.10.10.1 255.255.255.0
duplex full
!
interface Ethernet1/1
ip address 20.20.20.1 255.255.255.0
ip policy route-map FILTER-20
duplex full
!
interface Ethernet1/2
ip address 192.168.255.1 255.255.255.252
ip policy route-map FILTER-20
duplex full
!
interface Ethernet1/3
no ip address
shutdown
duplex full
!
router bgp 100
bgp log-neighbor-changes
network 10.10.10.0 mask 255.255.255.0
network 20.20.20.0 mask 255.255.255.0
neighbor 192.168.100.2 remote-as 200
neighbor 192.168.100.2 description ISP-I
neighbor 192.168.100.2 soft-reconfiguration inbound
neighbor 192.168.100.2 weight 10000
neighbor 192.168.100.2 route-map PREPAND out
neighbor 192.168.100.2 filter-list 100 out
neighbor 192.168.200.2 remote-as 300
neighbor 192.168.200.2 description ISP-II
neighbor 192.168.200.2 soft-reconfiguration inbound
neighbor 192.168.200.2 filter-list 100 out
!
ip forward-protocol nd
!
ip as-path access-list 100 permit ^$
!
no ip http server
no ip http secure-server
ip route 10.10.10.0 255.255.255.0 Null0
ip route 20.20.20.0 255.255.255.0 Null0
!
ip access-list extended ALLOWSUBNET
permit ip 20.20.20.0 0.0.0.255 any
ip access-list extended FILTER
permit tcp any any
permit udp any any
permit icmp any any
ip access-list extended FILTER-IN
permit tcp any any
permit udp any any
permit icmp any any
!
!

access-list 1 permit 10.10.10.0 0.0.0.255
access-list 2 permit 20.20.20.0 0.0.0.255
!
route-map FILTER-20 permit 10
match ip address ALLOWSUBNET
set ip next-hop 192.168.200.2 192.168.100.2
!
route-map PREPAND permit 10
match ip address ALLOWSUBNET
set as-path prepend 100 100 100 100 100
!
route-map PREPAND permit 20
!
route-map PREPAND-20 permit 10
match ip address 1
set as-path prepend 100 100 100 100 100
!
route-map PREPAND-20 permit 20

As per the 1st scenario traffic for network 10.10.10.0/24 must go through ISP-I. But here its not happening because best path is showing 192.168.200.1 & its the shortest as-path to reach this network. If I prepand network 10.10.10.0/24 for ISP-II then it goes through ISP-I.

So my question is why this difference is happening? If it is happening for any particular reason then what is the reason & what is the solution to overcome this situation, somehow peering may go down between ISP-I & II then how traffic of ISP-I reaches to my network 20.20.20.0/24 & traffic of ISP-II reaches to my network 10.10.10.0/24.

Regards,

A

Richard Burts · ‎09-10-2015

A

In this situation you might want to use the verify-availability in the set statement in your route map.

HTH

Rick

HTH

Rick

bankan19791 · ‎09-16-2015

Hi Rick,

Thanks for your valuable suggestion. I have applied this option in my route-map but it's not working. Maybe I wrote some wrong statement in route-map. That's why its not working properly. If possible, can you please write it for me, so i can apply & test it further.

If you need any additional information please inform me.

Thanks in advance

Regards,

A

bankan19791 · ‎10-01-2015

Hi Rick,

I am waiting for your reply.

Regards,

A

Richard Burts · ‎10-01-2015

A

Here is the statement in the route map

set ip next-hop verify-availability 99.99.210.62 1 track 123

and it uses these to check on availability

ip sla 1
icmp-echo 99.99.210.62
ip sla schedule 1 life forever start-time now
track 123 rtr 1 reachability

The syntax here uses Response Time Reporter with SLA but other versions of IOS may vary. So you may need to refine the syntax a bit. But the basic concept is that you use SLA to determine whether the next hop that you use in the route map is actually reachable. If SLA is not able to get responses then the next hop will not be set in the route map.

HTH

Rick

HTH

Rick

joana_magally · ‎03-23-2013

Hello Richad

I appreciate the information I have provided has been helpful.

Thanks =D

Joana Magally

martin_lx1980 · ‎03-23-2013

Hello Paul:

I think you should add backup next-hop each other in seq 10 and 20

Route-map PBR permit 10

Match IP address 10

Set ip net-hop x.x.x.x ( ISP 1 next hop) y.y.y.y ( ISP 2 next hop)

Route-map PBR permit 20

Match IP address 11

Set ip net-hop y.y.y.y ( ISP 2 next hop) x.x.x.x ( ISP 1 next hop)

If one of ISP is out of work, router will select the other one.

Regards

Martin

joana_magally · ‎03-27-2013

Hello Martín

Thanks for your information.

Regards

Joana