The title of the original post suggests that the original poster is running BGP with two ISPs. In this case the default is that BGP will pick one of the default routes as the one to use and the other would be used as a fallback. The weight parameter can help determine which of the default routes will be chosen, but it will not help in using both of the default routes.

I would suggest that the way to achieve using both outbound paths would be to let BGP choose one default route as the preferred one and the second as a fall back. And then to configure Policy Based Routing to send certain types of traffic over the second ISP link. Configured properly you will get traffic using both ISP paths and they will perform as backup for each other.

HTH

Rick

Hello

As per Richards suggestion .

Int x/ x
Description - LAN interface
Ip policy route-map PBR

Route-map PBR permit 10
Match IP address 10
Set ip net-hop x.x.x.x ( ISP 1 next hop)

Route-map PBR permit 20
Match IP address 11
Set ip net-hop x.x.x.x ( ISP 2 next hop)

Ip as-path access-list 1 permit ^$

Router bgp xxxx
Neighbour x.x.x.x weight 40000 (isp1)
Neighbour x.x.x.x filter-list 1 out (isp1)
Neighbour y.y.y.y filter-list 1 out (isp2)

Access-list 10 permit x.x.x.x y.y.y.y ( internal lan ip range)
Access-list 11 permit x.x.x.x y.y.y.y ( internal lan ip range)

The above config will policy route the specified ip ranges to the relevant ISP's next hop
Any non specified networks will default to the primary ISP next hop which I have specified has ISP 1 via the weight command (this can be changed or not used)

The filter list defined is to prohibit your router from becoming a transit path for the ISP's

Res
paul








Sent from Cisco Technical Support iPad App

Hello Paul

I appreciate your response the information that you've provided and the information of Richart at this time Im configuring my router.

thanks guys

Hi Paul,

Thanks for your great post. Actually I have the same situation like joana. I have configured according to your instruction. Still the  traffic is going though one ISP. But I can't able to get any traffic from 2nd link. Maybe I missed something in config. If you need my config i can send it here. Please reply.

Thanks in advance

Regards,

A

A

Without knowing what you have configured we are not able to diagnose the problem or to give you very helpful advice. If you post the config that would be a good starting point.

HTH

Rick

Hi Rick,

Below are my all three router config. Hope it will help you to diagnose the problem. Now I can reach on ISP-I & II network through ISP-I. 

HOME ROUTER
=========================================================
interface Loopback0
 ip address 10.10.10.1 255.255.255.0
 ip policy route-map ALLOWALL
!
interface Loopback1
 ip address 20.20.20.1 255.255.255.0
 ip policy route-map ALLOWALL-1
!
interface FastEthernet0/0
 description ABSPL
 ip address 192.168.100.1 255.255.255.252
 speed auto
 duplex auto
!
interface FastEthernet0/1
 ip address 192.168.200.1 255.255.255.252
 speed auto
 duplex auto
!
router bgp 100
 bgp log-neighbor-changes
 network 10.10.10.0 mask 255.255.255.0
 network 20.20.20.0 mask 255.255.255.0
 neighbor 192.168.100.2 remote-as 200
 neighbor 192.168.100.2 description ISP-I
 neighbor 192.168.100.2 weight 40000
 neighbor 192.168.100.2 filter-list 100 out
 neighbor 192.168.200.2 remote-as 300
 neighbor 192.168.200.2 description ISP-II
 neighbor 192.168.200.2 filter-list 100 out
!
ip forward-protocol nd
!
ip as-path access-list 100 permit ^$
!
no ip http server
no ip http secure-server
!
access-list 1 permit 10.10.10.0 0.0.0.255
access-list 2 permit 20.20.20.0 0.0.0.255
!
route-map ALLOWALL-1 permit 10
 match ip address 2
 set ip next-hop 192.168.200.2
!
route-map ALLOWALL permit 10
 match ip address 1
 set ip next-hop 192.168.100.2
!
!
!
control-plane
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
 stopbits 1
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous

R1#show ip bgp
BGP table version is 4, local router ID is 20.20.20.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>  0.0.0.0          192.168.100.2                      40000 200 i
 *                    192.168.200.2                          0 300 i
 *>  10.10.10.0/24    0.0.0.0                  0         32768 i
 *>  20.20.20.0/24    0.0.0.0                  0         32768 i

========================================================================
IPS-I
============================================================================

interface Loopback0
 ip address 30.30.30.1 255.255.255.0
!
interface FastEthernet0/0
 description ISP-I
 ip address 192.168.100.2 255.255.255.252
 speed auto
 duplex auto
!
interface FastEthernet0/1
 ip address 192.168.254.1 255.255.255.252
 speed auto
 duplex auto
!
router bgp 200
 bgp log-neighbor-changes
 network 30.30.30.0 mask 255.255.255.0
 network 192.168.100.0 mask 255.255.255.252
 network 192.168.254.0 mask 255.255.255.252
 neighbor 192.168.100.1 remote-as 100
 neighbor 192.168.100.1 description ABSPL
 neighbor 192.168.100.1 default-originate
 neighbor 192.168.100.1 route-map DENYALL out
 neighbor 192.168.254.2 remote-as 300
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
access-list 1 deny   any
!
route-map DENYALL permit 10
 match ip address 1
!
!
!
control-plane
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
 stopbits 1
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
 stopbits 1
line vty 0 4
 login
!
!
end

R2#show ip bgp
BGP table version is 45, local router ID is 30.30.30.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
     0.0.0.0          0.0.0.0                                0 i
 *   10.10.10.0/24    192.168.254.2                          0 300 100 i
 *>                   192.168.100.1            0             0 100 i
 *   20.20.20.0/24    192.168.254.2                          0 300 100 i
 *>                   192.168.100.1            0             0 100 i
 *>  30.30.30.0/24    0.0.0.0                  0         32768 i
 *>  40.40.40.0/24    192.168.254.2            0             0 300 i
 *>  192.168.100.0/30 0.0.0.0                  0         32768 i
 *>  192.168.254.0/30 0.0.0.0                  0         32768 i

=============================================================================================

ISP-II
=================================================================================================
interface Loopback0
 ip address 40.40.40.1 255.255.255.0
!
interface FastEthernet0/0
 ip address 192.168.254.2 255.255.255.252
 speed auto
 duplex auto
!
interface FastEthernet0/1
 ip address 192.168.200.2 255.255.255.0
 speed auto
 duplex auto
!
router bgp 300
 bgp log-neighbor-changes
 network 40.40.40.0 mask 255.255.255.0
 network 192.168.200.0 mask 255.255.255.252
 neighbor 192.168.200.1 remote-as 100
 neighbor 192.168.200.1 description ABSPL
 neighbor 192.168.200.1 default-originate
 neighbor 192.168.200.1 route-map DENYALL out
 neighbor 192.168.254.1 remote-as 200
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
access-list 1 deny   any
!
route-map DENYALL permit 10
 match ip address 1
!
!
!
control-plane
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
 stopbits 1
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
 stopbits 1
line vty 0 4
 login
!
!
end

R3#show ip bgp
BGP table version is 45, local router ID is 40.40.40.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
     0.0.0.0          0.0.0.0                                0 i
 *   10.10.10.0/24    192.168.254.1                          0 200 100 i
 *>                   192.168.200.1            0             0 100 i
 *   20.20.20.0/24    192.168.254.1                          0 200 100 i
 *>                   192.168.200.1            0             0 100 i
 *>  30.30.30.0/24    192.168.254.1            0             0 200 i
 *>  40.40.40.0/24    0.0.0.0                  0         32768 i
 *>  192.168.100.0/30 192.168.254.1            0             0 200 i
 r>  192.168.254.0/30 192.168.254.1            0             0 200 i

 ========================================================================================================

Regards,

A

you can enable eBGP multipath by putting this line to your config.

maximum-path 2

Hi Evgeniy,

I have tried with maximum-path 2 command but the result was same, even I have tried with "bgp bestpath as-path multipath-relax" command but still the traffic takes ISP-I as their best path. Please suggest me what can I do now.

If you tested is successfully in your lab please send me the configuration & also the diagram so I can try it here.

Thanks in advance

Regards,

A

A

Thanks for posting your configuration. The main issue that I see is in the way that you have applied Policy Based Routing. You have tried to follow the rule that you apply the ip policy <route_map_name> on the interface where traffic is received by placing the policy statement on both of the loopback interfaces. The issue is that there really is no traffic that is received on those interfaces. Any traffic that comes from 10.10.10 or from 20.20.20 is actually generated by the router itself. So what you need to do is to remove the policy statements from both loopback interfaces and to configure ip local policy with a route map that applies the access list and set next hop for 10.10.10 in one instance and applies the access list and set next hop for 20.20.20 in another instance of a single route map.

HTH

Rick

Hi Rick,

Thanks for your reply. Before I configured a single route-map with two instance & applied it to my lan interface i.e. loopback 0 and 1. But that time it was not working so I have configured two different route-map but its also not working. Now I again configured a single route-map with multiple instance but the issue remain same. Again I am sending my router-1 config for further checking. Please go through the config & tell me everything is fine there.

interface Loopback0
 ip address 10.10.10.1 255.255.255.0
 ip policy route-map ALLLOWALL
!
interface Loopback1
 ip address 20.20.20.1 255.255.255.0
 ip policy route-map ALLLOWALL
!
interface FastEthernet0/0
 description ABSPL
 ip address 192.168.100.1 255.255.255.252
 speed auto
 duplex auto
!
interface FastEthernet0/1
 ip address 192.168.200.1 255.255.255.252
 speed auto
 duplex auto
!
router bgp 100
 bgp log-neighbor-changes
 network 10.10.10.0 mask 255.255.255.0
 network 20.20.20.0 mask 255.255.255.0
 neighbor 192.168.100.2 remote-as 200
 neighbor 192.168.100.2 description ISP-I
 neighbor 192.168.100.2 weight 40000
 neighbor 192.168.100.2 filter-list 100 out
 neighbor 192.168.200.2 remote-as 300
 neighbor 192.168.200.2 description ISP-II
 neighbor 192.168.200.2 filter-list 100 out
!
ip forward-protocol nd
!
ip as-path access-list 100 permit ^$
!
no ip http server
no ip http secure-server
!
access-list 1 permit 10.10.10.0 0.0.0.255
access-list 2 permit 20.20.20.0 0.0.0.255
!
route-map ALLOWALL permit 10
 match ip address 1
 set ip next-hop 192.168.100.2
!
route-map ALLOWALL permit 20
 match ip address 2
 set ip next-hop 192.168.200.2
!

===========================================================

R1#traceroute
Protocol [ip]:
Target IP address: 10.10.10.1
Source address: 20.20.20.1
Numeric display [n]:
Timeout in seconds [3]:
Probe count [3]:
Minimum Time to Live [1]:
Maximum Time to Live [30]:
Port Number [33434]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Type escape sequence to abort.
Tracing the route to 10.10.10.1
VRF info: (vrf in name/id, vrf out name/id)
  1 10.10.10.1 12 msec 8 msec 12 msec

R1#traceroute
Protocol [ip]:
Target IP address: 30.30.30.1
Source address: 20.20.20.1
Numeric display [n]:
Timeout in seconds [3]:
Probe count [3]:
Minimum Time to Live [1]:
Maximum Time to Live [30]:
Port Number [33434]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Type escape sequence to abort.
Tracing the route to 30.30.30.1
VRF info: (vrf in name/id, vrf out name/id)
  1 192.168.100.2 [AS 200] 148 msec 120 msec 136 msec

R1#traceroute
Protocol [ip]:
Target IP address: 40.40.40.1
Source address: 20.20.20.1
Numeric display [n]:
Timeout in seconds [3]:
Probe count [3]:
Minimum Time to Live [1]:
Maximum Time to Live [30]:
Port Number [33434]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Type escape sequence to abort.
Tracing the route to 40.40.40.1
VRF info: (vrf in name/id, vrf out name/id)
  1 192.168.100.2 [AS 200] 108 msec 156 msec 100 msec
  2 192.168.100.2 [AS 200] !H  !H  !H
R1#tra
R1#traceroute
Protocol [ip]:
Target IP address: 40.40.40.1
Source address: 10.10.10.1
Numeric display [n]:
Timeout in seconds [3]:
Probe count [3]:
Minimum Time to Live [1]:
Maximum Time to Live [30]:
Port Number [33434]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Type escape sequence to abort.
Tracing the route to 40.40.40.1
VRF info: (vrf in name/id, vrf out name/id)
  1 192.168.100.2 [AS 200] 104 msec 128 msec 152 msec
  2 192.168.100.2 [AS 200] !H  !H  !H

Regards,

A

A

It seems that you did not understand what I was attempting to explain about the difference in doing PBR for transit traffic (traffic originating outside of the router and passing through the router on its way to the destination) where you apply the ip policy statement to the interface where the traffic is received and in doing PBR for traffic originated by the router itself where you need to configure ip local policy.

Until you do a single route map with instances for 10.10.10 and for 20.20.20 applied with ip local policy then your config will not work.

HTH

Rick

Hi Rick,

Thanks for your brief description and sorry for the late reply. Actually I was    confused in between "ip policy" & "ip local policy". After applying "ip local policy" in global configuration mode its working properly. I have tried this config in my live router & the config works fine, means particular subnet takes ISP-II as his transit path but the problem is with the receive path. It takes ISP-I as his receive path. When I traceroute from a particular subnet as a source which is allowed in the ROUTE-MAP it's going through ISP-II to the destination but when I am trying to traceroute from the destination to source it is coming through ISP-I.  I need  both way traffic for the particular subnet with the one ISP.

Please suggest how to achieve my goal.

Regards,

A