Solved: Re: Dual ISP BGP single Router failover issue

kazimjhon · ‎09-01-2022

hello

I have Dual BGP with two different ISP with single router and have two /24 prefixes. Load sharing working fine. Today we face an issue that is ISP-2 down several hops away and the Interface was up but one the prefix 103.158.35.0/24 was not working on ISP-1. When manually shutdown the ISP-2 Interface the prefix start works on ISP-1. I have configured ip sla but not works may be wrong configuration or any other configuration which i don't no in that senario .

So therefore shortly i want when 8.8.8.8 or internet unreachable several hops away it should shift both prefixes to one another or shutdown the interface auto.

My router configuration is attached

paul driver · ‎09-01-2022

Hello
You need to make sure that the IPSLA can monitor the internet ip but also make sure if when it does fail via the primary ISP that remote ip isn’t reachable via the backup ISP otherwise your tracking and failover will not work correctly.

Also, as you have a definitive primary ISP, there is no need to policy route to that primary link as well, you only need to policy route on the backup ISP as ALL traffic by default will route via the primary static default.

Please review attached file for recommendation configuration for your rtr.

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

balaji.bandi · ‎09-01-2022

Today we face an issue that is ISP-2 down several hops away

how do you know it was far away failed?

if that fails can you still reach 8.8.8.8 using the source of ISP2?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

kazimjhon · ‎09-01-2022

I can't reach to 8.8.8.8

and in

 show ip bgp summary state/pfxRcd is 0

form that ISP

balaji.bandi · ‎09-02-2022

If the ip sla track fails then the route should no longer used .

let me re-look your config again.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

MHM Cisco World · ‎09-01-2022

ip sla 1
 icmp-echo next-hop-ISP-1 source-interface GigabitEthernet0/0
 threshold 500
 timeout 500
 frequency 2
ip sla schedule 1 life forever start-time now
!
route-map 158OUT permit 10
 match ip address 100
set ip next-hop verify-availability [next-hop-address-ISP-1 sequence track object]

kazimjhon · ‎09-01-2022

respected

as you make this configuration for me and its working great.kindly share the ip SLA configuration both ISP. As I have already attached the router configuration file.

paul driver · ‎09-01-2022

Hello
You need to make sure that the IPSLA can monitor the internet ip but also make sure if when it does fail via the primary ISP that remote ip isn’t reachable via the backup ISP otherwise your tracking and failover will not work correctly.

Also, as you have a definitive primary ISP, there is no need to policy route to that primary link as well, you only need to policy route on the backup ISP as ALL traffic by default will route via the primary static default.

Please review attached file for recommendation configuration for your rtr.

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

kazimjhon · ‎09-01-2022

I am make this for load sharing

103.216.135.0/24 customers  to ISP-1 and 103.158.35.0/24 to ISP-2

to another customers.

both the links working at same time.But maully shutdown the interface both prefix shifted to ISP-a and voice versa. track not working

paul driver · ‎09-01-2022

Hello
load sharing will work even without you specifying both default routes at the same time -

You only need one default active at one time so all traffic not needing to be policy routed will route normally ONLY certain networks requiring to be policy routed will take the alternate ISP2 path as/when ISP 1 fails the primary default WILL be removed from the route table and ALL traffic will route via ISP2 default - the same if ISP2 fails the policy routed traffic will be then route normally via ISP1

At present you have unnecessary policy routes applied to networks that don’t need to be - as they will route normally

The configuration I attached should make the above work with ipsla tracking and conditional default routing

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

kazimjhon · ‎09-02-2022

totally confused

when I Remove

default route

no internet access to both links.

Kindly Edith my configuration file including BGP and filter list to my needs and sent back . will thankful to you. Because have live invoirnment and customer will not accept any down time

paul driver · ‎09-02-2022

Hello
First of all I would defiantly suggest not make any changes to the rtr in production working hrs, you need to schedule a change window with your customer.

When you say you removed the

default route

did you put it back in associating it with the ipsla/tracking?

ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 182.176.221.173

track 1 name primary link

@kazimjhon wrote:

Kindly Edith my configuration file including BGP and filter list to my needs and sent back . will thankful to you. Because have live invoirnment and customer will not accept any down time

Your bgp isnt changing, Only the policy-based-routing is to be changed highlighed in the configuration file i sent you.

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

kazimjhon · ‎01-04-2023

hello

I have dual

isp bgp single router configuration

which working fine.

Now I facing issue to my local private network. I cannot ping or access directly point-to-point devices from my public lan ip.

i have assigned

192.168.169.2 255.255.255.252 to sub interface 0/1.17

which i can ping from my lan side but cannot ping

192.168.169.1 and  10.110.113.1 255.255.255.252 to sub interface 0/1.14

which i can ping from my lan side but cannot ping

10.110.113.2. May policy route-map issue

kindly help me in this issue.

C:\Users\>ping 192.168.169.2

Pinging 192.168.169.2 with 32 bytes of data:
Reply from 192.168.169.2: bytes=32 time=1ms TTL=253
Reply from 192.168.169.2: bytes=32 time=3ms TTL=253
Reply from 192.168.169.2: bytes=32 time=3ms TTL=253

Ping statistics for 192.168.169.2:
Packets: Sent = 3, Received = 3, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 3ms, Average = 2ms
Control-C
^C
C:\Users\>ping 192.168.169.1

Pinging 192.168.169.1 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 192.168.169.1:
Packets: Sent = 3, Received = 0, Lost = 3 (100% loss),
Control-C
^C
C:\Users\>ping 10.110.113.1

Pinging 10.110.113.1 with 32 bytes of data:
Reply from 10.110.113.1: bytes=32 time=6ms TTL=253
Reply from 10.110.113.1: bytes=32 time=1ms TTL=253

Ping statistics for 10.110.113.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 6ms, Average = 3ms
Control-C
^C
C:\Users\>ping 10.110.113.2

Pinging 10.110.113.2 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 10.110.113.2:
Packets: Sent = 3, Received = 0, Lost = 3 (100% loss),

MHM Cisco World · ‎01-04-2023

PBR: Local Policy Based Routing (Cisco) - Grandmetric

failover is wrong config,
you use PBR for IP SLA but what you need is Local PBR for IP SLA since the traffic is generate from router itself not bypass the router.
check link above

balaji.bandi · ‎01-04-2023

you already have a post solved why another one?

https://community.cisco.com/t5/routing/dual-isp-bgp-single-router-failover-issue/m-p/4679855#M372021

Now I facing issue to my local private network. I cannot ping or access directly point-to-point devices from my public lan ip.

i have assigned 192.168.169.2 255.255.255.252 to sub interface 0/1.17 which i can ping from my lan side but cannot ping 192.168.169.1 and  10.110.113.1 255.255.255.252 to sub interface 0/1.14 which i can ping from my lan side but cannot ping 10.110.113.2. May policy route-map issue. kindly help me in this issue.

If you using sub interface you need to TAG with VLAN.

also most the config we see here with no in front of of it.

post

show run

full config of the device and post your network lab topology to understand

show run

show IP bgp summary

show IP route

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

kazimjhon · ‎01-04-2023

hello

I have shortage of public ip and want to use private address to access point-to-point directly connected devices. vlan tag and everything is working fine. also ping is working from router but from my lan side (public ip to my lan assinged interface) not pinging. router running configuration is attached