09-01-2022 08:58 AM
hello
I have Dual BGP with two different ISP with single router and have two /24 prefixes. Load sharing working fine. Today we face an issue that is ISP-2 down several hops away and the Interface was up but one the prefix 103.158.35.0/24 was not working on ISP-1. When manually shutdown the ISP-2 Interface the prefix start works on ISP-1. I have configured ip sla but not works may be wrong configuration or any other configuration which i don't no in that senario .
So therefore shortly i want when 8.8.8.8 or internet unreachable several hops away it should shift both prefixes to one another or shutdown the interface auto.
My router configuration is attached
Solved! Go to Solution.
09-01-2022 04:32 PM - edited 09-03-2022 01:33 AM
Hello
You need to make sure that the IPSLA can monitor the internet ip but also make sure if when it does fail via the primary ISP that remote ip isn’t reachable via the backup ISP otherwise your tracking and failover will not work correctly.
Also, as you have a definitive primary ISP, there is no need to policy route to that primary link as well, you only need to policy route on the backup ISP as ALL traffic by default will route via the primary static default.
Please review attached file for recommendation configuration for your rtr.
09-01-2022 12:10 PM
Today we face an issue that is ISP-2 down several hops away
how do you know it was far away failed?
if that fails can you still reach 8.8.8.8 using the source of ISP2?
09-01-2022 09:07 PM - last edited on 01-06-2023 02:57 AM by Translator
I can't reach to 8.8.8.8
and in
show ip bgp summary state/pfxRcd is 0
form that ISP
09-02-2022 05:30 AM
If the ip sla track fails then the route should no longer used .
let me re-look your config again.
09-01-2022 03:05 PM
ip sla 1 icmp-echo next-hop-ISP-1 source-interface GigabitEthernet0/0 threshold 500 timeout 500 frequency 2 ip sla schedule 1 life forever start-time now ! route-map 158OUT permit 10 match ip address 100 set ip next-hop verify-availability [next-hop-address-ISP-1 sequence track object]
09-01-2022 09:19 PM
respected
as you make this configuration for me and its working great.kindly share the ip SLA configuration both ISP. As I have already attached the router configuration file.
09-01-2022 04:32 PM - edited 09-03-2022 01:33 AM
Hello
You need to make sure that the IPSLA can monitor the internet ip but also make sure if when it does fail via the primary ISP that remote ip isn’t reachable via the backup ISP otherwise your tracking and failover will not work correctly.
Also, as you have a definitive primary ISP, there is no need to policy route to that primary link as well, you only need to policy route on the backup ISP as ALL traffic by default will route via the primary static default.
Please review attached file for recommendation configuration for your rtr.
09-01-2022 09:16 PM - last edited on 01-06-2023 03:01 AM by Translator
I am make this for load sharing
103.216.135.0/24 customers to ISP-1 and 103.158.35.0/24 to ISP-2
to another customers.
both the links working at same time.But maully shutdown the interface both prefix shifted to ISP-a and voice versa. track not working
09-01-2022 11:59 PM
Hello
load sharing will work even without you specifying both default routes at the same time -
You only need one default active at one time so all traffic not needing to be policy routed will route normally ONLY certain networks requiring to be policy routed will take the alternate ISP2 path as/when ISP 1 fails the primary default WILL be removed from the route table and ALL traffic will route via ISP2 default - the same if ISP2 fails the policy routed traffic will be then route normally via ISP1
At present you have unnecessary policy routes applied to networks that don’t need to be - as they will route normally
The configuration I attached should make the above work with ipsla tracking and conditional default routing
09-02-2022 12:45 AM - last edited on 01-06-2023 03:05 AM by Translator
totally confused
when I Remove
default route
no internet access to both links.
Kindly Edith my configuration file including BGP and filter list to my needs and sent back . will thankful to you. Because have live invoirnment and customer will not accept any down time
09-02-2022 01:06 AM - last edited on 01-06-2023 03:08 AM by Translator
Hello
First of all I would defiantly suggest not make any changes to the rtr in production working hrs, you need to schedule a change window with your customer.
When you say you removed the
default route
did you put it back in associating it with the ipsla/tracking?
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 182.176.221.173
track 1 name primary link
@kazimjhon wrote:
Kindly Edith my configuration file including BGP and filter list to my needs and sent back . will thankful to you. Because have live invoirnment and customer will not accept any down time
Your bgp isnt changing, Only the policy-based-routing is to be changed highlighed in the configuration file i sent you.
01-04-2023 09:30 AM - last edited on 01-06-2023 03:15 AM by Translator
hello
I have dual
isp bgp single router configuration
which working fine.
Now I facing issue to my local private network. I cannot ping or access directly point-to-point devices from my public lan ip.
i have assigned
192.168.169.2 255.255.255.252 to sub interface 0/1.17
which i can ping from my lan side but cannot ping
192.168.169.1 and 10.110.113.1 255.255.255.252 to sub interface 0/1.14
which i can ping from my lan side but cannot ping
10.110.113.2. May policy route-map issue
kindly help me in this issue.
C:\Users\>ping 192.168.169.2
Pinging 192.168.169.2 with 32 bytes of data:
Reply from 192.168.169.2: bytes=32 time=1ms TTL=253
Reply from 192.168.169.2: bytes=32 time=3ms TTL=253
Reply from 192.168.169.2: bytes=32 time=3ms TTL=253
Ping statistics for 192.168.169.2:
Packets: Sent = 3, Received = 3, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 3ms, Average = 2ms
Control-C
^C
C:\Users\>ping 192.168.169.1
Pinging 192.168.169.1 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 192.168.169.1:
Packets: Sent = 3, Received = 0, Lost = 3 (100% loss),
Control-C
^C
C:\Users\>ping 10.110.113.1
Pinging 10.110.113.1 with 32 bytes of data:
Reply from 10.110.113.1: bytes=32 time=6ms TTL=253
Reply from 10.110.113.1: bytes=32 time=1ms TTL=253
Ping statistics for 10.110.113.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 6ms, Average = 3ms
Control-C
^C
C:\Users\>ping 10.110.113.2
Pinging 10.110.113.2 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 10.110.113.2:
Packets: Sent = 3, Received = 0, Lost = 3 (100% loss),
01-04-2023 12:51 PM
PBR: Local Policy Based Routing (Cisco) - Grandmetric
failover is wrong config,
you use PBR for IP SLA but what you need is Local PBR for IP SLA since the traffic is generate from router itself not bypass the router.
check link above
01-04-2023 01:10 PM - last edited on 01-06-2023 03:22 AM by Translator
you already have a post solved why another one?
https://community.cisco.com/t5/routing/dual-isp-bgp-single-router-failover-issue/m-p/4679855#M372021
Now I facing issue to my local private network. I cannot ping or access directly point-to-point devices from my public lan ip.
i have assigned 192.168.169.2 255.255.255.252 to sub interface 0/1.17 which i can ping from my lan side but cannot ping 192.168.169.1 and 10.110.113.1 255.255.255.252 to sub interface 0/1.14 which i can ping from my lan side but cannot ping 10.110.113.2. May policy route-map issue. kindly help me in this issue.
If you using sub interface you need to TAG with VLAN.
also most the config we see here with no in front of of it.
post
show run
full config of the device and post your network lab topology to understand
show run
show IP bgp summary
show IP route
01-04-2023 09:41 PM
hello
I have shortage of public ip and want to use private address to access point-to-point directly connected devices. vlan tag and everything is working fine. also ping is working from router but from my lan side (public ip to my lan assinged interface) not pinging. router running configuration is attached
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide