cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
748
Views
0
Helpful
5
Replies

BGP with 2 ISP

Aliaksei Kasyan
Level 1
Level 1

 

Hello everyone! 
Recently my organization get AS number from RIR. And I have a task to configure BGP with 2 ISP in the follow way: my organization must be accessible from the Internet only in 1 ISP at a time (used one router to connect to both ISP). Also I have to be able to switch providers if required. For example, today my organization must be accessible from the Internet only in ISP-1, but tommorow it must be accessible from the Internet only in ISP-2.

Can someone explain how can i do this?

 

I have idea about shutdown neighbour adjacency with certain ISP with a command: neighbour Neigbour-ID shutdown.

Or I can use AS_PATH prepend (dubious option in my opinion).

May be other ideas?

 

And how long will it take for the organization's network to become available when I switch providers?

5 Replies 5

Hello,

 

are both ISPs terminated on the same router ? Either way, if the intervals you need to access the Internet through one ISP, and then through another, are always the same, you can automate the failover by using an EEM script that runs at certain time intervals.

 

What that script looks like depends on the first question: are both ISPs terminated on one router, or on two different routers ?

BGP.pngYes, both ISPs terminated on the same router. 

 

Sorry, I put it wrong. Switching between ISPs doesn't depend on time intervals. It depend on situation. For example, DDoS attacks on one of ISPs or some problems in one of ISPs network. In the picture ISP-1 was ISP from my organization was accessible. But DDoS attack occur at some moment on ISP-1 . And I want to switch my "main" ISP to ISP-2 so that other ISPs can reach network of my organization.

 

Also appear another question. Can ISP notify other ISPs via BGP, that my network unreachable (due to neighbour Neigbour-ID shutdown command) when DDoS attack occur?

Before we go much further with this discussion we need to clarify a few things:

- what are you using for IP addressing with the ISPs? Do you have your own Provider Independent address block? Or are you using an IP address assigned from one Provider, or 2 address blocks (one from each provider)?

- the direction of traffic is significant. Traffic originated from your network to the Internet can be directed to one provider or the other without great complexity. But traffic originated from the Internet to your network presents challenges. Are there any resources in your network (web servers, mail servers, etc) that need to receive traffic originated from sources in the Internet?

HTH

Rick

Hello
If you have a single bgp rtr peering with dual isps I would say the need to use EEM scripting wouldn’t be required if you want to accomplish failover
Using the bgp path attributes such as weight and as-path prepending could be applicable but at this time you need to elaborate a bit more on the your current bgp topology to make a valid suggestion.

Regards ddos attacks on your network via bgp  you would expect your isp would be prepared for this and act to negate such attack upon a request by the client (you) to black hole the source or destination of that the attack.

This is performed by a bgp security feature call Remote Trigger BlackHole (RTBH) - Please review 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
Review Cisco Networking products for a $25 gift card