cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1032
Views
0
Helpful
6
Replies

BGP with couple ISPs setup

tinhnho123
Level 2
Level 2

Hi Everyone,

 

I have 2 x ISPs which connected to my edge router R3 with BGP. My public subnet 209.24.12.0/24 is advertised to both ISPs. I'm currently receiving  default route from both ISPs and partial internet routes. I have BGP neighbor setup and configured and I'm able to go to the internet from inside of my LAN.

I can only control my R3 and don't have access to ISPs' routers (attachment).

Here are my questions:

        1.  From inside network, for every outbound traffic  to 72.12.0.0/16,  I'd like it to go thru ISP #2 and return the same path. How do I set that up?

        2. Right now, most of my internet traffic is going thru ISP #2, very little go thru ISP #1, how do I setup my internet traffic to go thru ISP #1 except 72.12.0.0/16? 

        3. If when one of my 2 ISPs  was down, I'd like to have all my outbound traffic (72.12.0.0/16 and other internet traffic) to go to the active ISP. How do I make sure that would happen automatically?

 

Thanks.

6 Replies 6

Abzal
Level 7
Level 7

Hi,

You'll need to setup route-maps according to your policy. Here is an example:

 

ip prefix-list PREF-1 permit 72.12.0.0/16
!
route-map ISP2 permit 10
 match ip address prefix-list PREF-1
 set weight 500
route-map ISP2 permit 20 ! router bgp <your AS> neighbor <ISP2_IP> route-map ISP2 in

So first we match interesting prefix in your case 72.12.0.0/16 then we create a route-map to give ISP1 a better weight than ISP2. All other prefixes coming from ISP1 will get default weight 0. This way all outbound traffic toward 72.12.0.0 will go through ISP2. You can't really influence incoming traffic from your ISP.

 

For the second question:

ip prefix-list All-other permit 0.0.0.0/0 le 32
!
route-map ISP1 permit 10
match ip add prefix-list All-other
set weight 400
route-map ISP1 permit 20
!
router bgp <AS>
neighbor <ISP1> route-map ISP1 in
!

All prefixes learnt from ISP1 will get weight 400 which will be preferable than default 0 from ISP2 except 72.12.0.0/16.

 

Note. Wieght attribute is Cisco proprietary so applies only to Cisco routers.

 

 

 

Best regards,
Abzal

Abzal
Level 7
Level 7

How is your internal LAN go outside?The additional information would be helpful.

The reason I'm asking because you can influence inbound path for your subnet 209.24.12.0/24.

Best regards,
Abzal

Sorry, It took me few days to setup the lab and configure the weight. It works great with your suggestions. My internal LAN is now going out to internet thru ISP #1. 

 

I just realized that I forgot to mention earlier. If we have a second edge router and iBGP is configured between these edge router R3 and R4. The R4 is also connected to ISP #2 and  ISP #1. With this case, I can't really use weight?!! Please see attachment.  

 

Questions:

From inside network, for every outbound traffic  to 72.12.0.0/16 that hits R3,  I still want it to go thru ISP #2 and return the same path. The rest of outbound internet traffic that hits R3, I'd like it to go to ISP #1. How do we accomplish this? Local pref, MED  and as-path prepend?

 

Since we have R4 now, I'd like to set it as a backup of R3.  When those 2 x eBGP links of R3 failed, the traffic would flow to R4 and the R4 would act the same that every outbound traffic to 72.12.0.0/16 would go to ISP #2. And the rest of out bound internet traffic that will go to ISP #1.  How do I do it? Thanks.

 

 

 

   

 

 

 

 

 

   

 

 

Hello,

 

something like the config below should work (IP addressing is arbitrary):

 

R3

 

interface Loopback3
ip address 3.3.3.3 255.255.255.255
!
interface GigabitEthernet0/0
description iBGP Link to R4
ip address 192.168.34.3 255.255.255.0
!
interface GigabitEthernet0/1
description Link to ISP_1
ip address 100.100.100.1 255.255.255.252
!
interface GigabitEthernet0/2
description Link to ISP_2
ip address 200.200.200.1 255.255.255.252
!
router bgp 1
bgp router-id 3.3.3.3
bgp log-neighbor-changes
network 3.3.3.3 mask 255.255.255.255
neighbor 100.100.100.2 remote-as 2
neighbor 100.100.100.2 route-map RM_ISP_2 in
neighbor 192.168.34.4 remote-as 1
neighbor 192.168.34.4 next-hop-self
neighbor 200.200.200.2 remote-as 3
neighbor 200.200.200.2 route-map RM_ISP_2 in
!
ip prefix-list PX_LIST_TO_ISP2 seq 5 permit 72.12.0.0/16
!
route-map RM_ISP_2 permit 10
match ip address prefix-list PX_LIST_TO_ISP2
set ip next-hop 200.200.200.2
!
route-map RM_ISP_2 permit 20
set ip next-hop 100.100.100.2

 

R4

 

interface Loopback4
ip address 4.4.4.4 255.255.255.255
!
interface GigabitEthernet0/0
description iBGP Link to R3
ip address 192.168.34.4 255.255.255.0
!
interface GigabitEthernet0/1
description Link to ISP_1
ip address 200.200.200.5 255.255.255.252
!
interface GigabitEthernet0/2
description Link to ISP_2
ip address 100.100.100.5 255.255.255.252
!
router bgp 1
bgp router-id 4.4.4.4
bgp log-neighbor-changes
network 4.4.4.4 mask 255.255.255.255
neighbor 100.100.100.6 remote-as 2
neighbor 100.100.100.6 route-map RM_ISP_2 in
neighbor 192.168.34.3 remote-as 1
neighbor 192.168.34.3 next-hop-self
neighbor 200.200.200.6 remote-as 3
neighbor 200.200.200.6 route-map RM_ISP_2 in
!
ip prefix-list PX_LIST_TO_ISP2 seq 5 permit 72.12.0.0/16
!
route-map RM_ISP_2 permit 10
match ip address prefix-list PX_LIST_TO_ISP2
set ip next-hop 200.200.200.6
!
route-map RM_ISP2_2 permit 20
set ip next-hop 100.100.100.6

 

Hi,

No problem. Since you have IBGP routers local-preference more suitable for scenarios like yours.

 

R4:

ip as-path access-list 1 permit ^$
route-map Backup-Out permit 10
 set as-path prepend 10 10 10
!
neighbor 11.1.1.1 remote-as 1001 neighbor 11.1.1.1 route-map Backup-Out out neighbor 11.1.1.1 filter-list 1 out
neighbor 22.2.2.2 remote-as 2002 neighbor 22.2.2.2 route-map Backup-Out out neighbor 22.2.2.2 filter-list 1 out
neighbor 10.0.0.1 remote-as 4004 neighbor 10.0.0.1 next-hop-self

For R3 configuration should be changed as well

ip prefix-list ISP1 seq 5 deny 72.12.0.0/16
ip prefix-list ISP1 seq 10 permit 0.0.0.0/0 le 32
ip prefix-list PREF-1 seq 5 permit 72.12.0.0/16
route-map SetLP-ISP1 permit 10 match ip address prefix-list ISP1 set local-preference 150 route-map SetLP-ISP2 permit 10 match ip address prefix-list PREF-1 set local-preference 200 route-map SetLP-ISP2 permit 20 !
ip as-path access-list 1 permit ^$
! router bgp 4004 neighbor 22.2.2.10 remote-as 2002 neighbor 11.1.1.10 remote-as 1001 neighbor 10.0.0.2 remote-as 4004 neighbor 22.2.2.10 route-map SetLP-ISP2 in neighbor 22.2.2.10 filter-list 1 out neighbor 11.1.1.10 route-map SetLP-ISP1 in neighbor 11.1.1.10 filter-list 1 out neighbor 10.0.0.2 next-hop-self
Best regards,
Abzal

Hello
I think you would want to make sure that when you have a failure from R3 towards ISP1 that the path towards prefix 72.12.0.0/16 doesn’t go via ISP2 straight away as you would wont to use the additional peering from R4 towards ISP1 beforehand.

As for the return path then you could pre-pend on your local ASN towards each ISP however this may only influence the neighbor ISPs and not any of its upstream peering’s and to obtain symmetric routing it may hard to achieve unless that is you have specific local routes that you could apply pre-pending to.

Lastly you need to make sure you don’t become a transit path for either ISP so you ONLY should advertise local originated prefixes to each ISP>

Below is a possible example for what you are wanting to achieve regards utilizing local preference attribute.

 

R4
ip as-path access-list 10 permit ^$ 
ip prefix-list ISP_1001_Allow_Route permit 72.12.0.0/16
ip prefix-list ISP_1001 No_Route deny 72.12.0.0/16
ip prefix-list ISP_1001 No_Route permit 0.0.0.0/0 le 32

route-map LP_2002
match ip address prefix-list ISP_1001 No_Route
set local-preference 50000

 

route-map LP_2002 permit 99
set local-preference 40000


route-map LP_1001 permit 10
match ip address prefix-list ISP_1001_Allow_Route
set local-preference 45000

route-map LP_1001 permit 99
set local-preference 25000

Router bgp 4004
neighbor <ibgp peer> remote-as 4004
neighbor <ibgp peer> next-hop-self
neighbor <isp2002> remote-as 2002
neighbor <isp2002> filter-list 10 out
neighbor <isp1001> remote-as 1001
neighbor <isp1001> route-map LP_1001 in
neighbor <isp1001> filter-list 10 out


R3
ip as-path access-list 10 permit ^$
ip prefix-list ISP_1001-Allow_Route permit 72.12.0.0/16
ip prefix-list ISP_1001 No_Route deny 72.12.0.0/16
ip prefix-list ISP_1001 No_Route permit 0.0.0.0/0 le 32


route-map LP_1001
match ip address prefix-list ISP_1001_Allow_Route
set local-preference 50000


route-map LP_1001 permit 99
set local-preference 30000


route-map LP_2002
match ip address prefix-list  ISP_1001 No_Route
set local-preference 45000


route-map LP_2002
set local-preference 30000

 

router bgp 4004
neighbor <ibgp peer> remote-as 4004
neighbor <ibgp peer> next-hop-self
neighbor <isp1001>remote-as 1001
neighbor <isp1001>route-map LP_1001 in
neighbor <isp1001>filter-list 10 out
neighbor <isp2002> remote-as 2002
neighbor <isp2002> route-map LP_2002 int
neighbor <isp2002> filter-list 10 out


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
Review Cisco Networking for a $25 gift card