Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1462
Views
0
Helpful
3
Replies

How to configur BGP on HSRP interface

S Kumar
Level 1
Level 1

‎07-19-2019 04:17 PM

We have 2 layer-2 Cisco 2960G switches, one is primary and other is in Standby.
Primary ISP,MPLS,ASA,ROUTER are connected to the primary Ethernet switch.
Standby ISP,MPLS,ASA,ROUTER are connected to the standby Ethernet switch.
All of server are using NIC bonding and primary NIC port is connected to the primary Ethernet switch and secondary NIC port is connected to the STBY Ethernet switch.
Our MPLS provider has given two hand-offs, primary hand-off is connected to the primary Ethernet switch. Standby MPLS hand-off is connected to the standby Ethernet switch.

All primary devices are connected to power source-A.
All STBY devices are connected to the power source-B
We have 2 Cisco 1921 routers, the primary router is connected to the primary Ethernet switch. The standby router is connected to the standby Ethernet switch.
We have HSRP running between the routers.The purpose of HSRP is to achieve the hardware redundancy. The primary role of the router is to do the routing between MPLS vs ISP traffic. The traffic going to branch office will go via the MPLS. If MPLS is down then router will route the traffic to ASA and ASA will send the traffic via VPN tunnel.

So far MPLS provider had given us one hand-off and it was directly terminated on the Router-ACTV and things were happy with the possibility that If the router goes down the MPLS goes down.
Now MPLS provider has given us a redundant link, only one link will be active at a time.

How can I configure BGP for the MPLS link while still using HSRP between the routers? MPLS provider has provided us /30 for the WAN link.

 

 

 

 

Labels:
Preview file
98 KB
0 Helpful
3 Replies 3

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎07-20-2019 09:31 AM

Hello S Kumar,

the provider has given you a /30 IP subnet for the primary MPLS link.

Have they given you a second different /30 IP subnet for the secondary MPLS link ?

 

if so, all you need to do is to setup on the 1921 Standby a second eBGP session using the IP addresses of the second /30 IPv4 subnet.

And you add an iBGP session between your two routers so that if primary fails the secondary will be ready to provide an alternate path to the remote branch office.

 

However, you say that:

 

>> Now MPLS provider has given us a redundant link, only one link will be active at a time

 

So, I am afraid that the provider has given you a single IPv4 subnet to be used on both links.

 

If this is the case you can:

configure the same IP subnet and same IP address on C1921-Standby and you configure an eBGP session to the same remote IP address and remote-as as you are doing in C1921-Active.

However, this eBGP session will be idle until the primary link fails.

The iBGP session between the two C1921 on an internal LAN subnet is still needed.

However, there will be a transition time:

a) the primary link is up and C1921 Active sends traffic to remote branch office using primary MPLS path

b) the primary link fails

c) the secondary link is activated an C1921 Standby starts to setup the new eBGP session on the secondary link.

During this phase traffic to the remote branch office will go the ASA primary and will be routed inside the LAN to LAN VPN.

d) When the session eBGP on C1921 - Standby is established and C1921 learns the routes for the remote branch office it will propagate them after 60 seconds to the C1921 Primary on the iBGP session on the LAN.

e) Traffic to the remote branch will use the C1921-Standby if the the C1921-Primary prefers the iBGP learned route over the floating static route via ASA

Be aware that eBGP routes have AD 20 and iBGP routes have AD 200, so to make the iBGP route preferred over a floating static route you would need to use an admin distance of 210 on the backup static route or you would use the default static route to ASA primary.

In this case the most specific route is preferred and iBGP routes are preferred over the default route regardless of its AD settings.

 

Please note that when the primary MPLS link is restored the above listed events happen in opposite order and also in this case you will have a temporary usage of the LAN to LAN VPN before the eBGP session is restored on C1921-Active.

 

Hope to help

Giuseppe

 

0 Helpful

Georg Pauwen
VIP
VIP

‎07-20-2019 09:33 AM

I assume that when the active HSRP router switches to the standby router, you want all traffic to flow through the devices on the right side (and if everything is 'normal' to flow through the devices on the left) ?

I guess we would need to see the configs of all devices, especially those of the ASAs, in order to determine how the failover is triggered.

Can you post all configs ?

0 Helpful

skb007
Level 1
Level 1
In response to Georg Pauwen

‎07-24-2019 01:19 PM

Here is the config for both the routers.

 

ROUTE-ACTIVE
!
interface GigabitEthernet0/0
description DONOT CONFIGURE SUB INT IN USE
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/0.4
description MPLS NETWORK
encapsulation dot1Q 4
ip address 10.0.1.5 255.255.255.248
standby 44 ip 10.0.1.1
standby 44 priority 110
standby 44 preempt delay minimum 60
!
interface GigabitEthernet0/1
description LOCAL NETWORK
ip address 192.168.18.4 255.255.255.0
standby 11 ip 192.168.18.1
standby 11 priority 110
standby 11 preempt delay minimum 60
duplex auto
speed auto
no mop enabled
!
router bgp 12345
bgp router-id 192.168.18.1
bgp log-neighbor-changes
network 192.168.180.0
neighbor 10.0.1.2 remote-as 64570
neighbor 10.0.1.2 description MPLS
neighbor 10.0.1.2 soft-reconfiguration inbound

!
ip route 0.0.0.0 0.0.0.0 192.168.18.2


### ROUTER-STBY #########
!
interface GigabitEthernet0/0
description DONOT CONFIGURE SUB INT IN USE
no ip address
load-interval 30
duplex auto
speed auto
!
interface GigabitEthernet0/0.4
description MPLS
encapsulation dot1Q 4
ip address 10.0.1.6 255.255.255.248
standby 44 ip 10.0.1.1
standby 44 priority 105
standby 44 preempt delay minimum 60
!
interface GigabitEthernet0/1
description LOCAL NETWORK
ip address 192.168.18.5 255.255.255.0
standby 11 ip 192.168.18.1
standby 11 priority 105
standby 11 preempt delay minimum 60
load-interval 30
duplex auto
speed auto
no mop enabled
!
router bgp 12345
bgp router-id 192.168.18.1
bgp log-neighbor-changes
network 192.168.18.0
neighbor 10.0.1.2 remote-as 64570
neighbor 10.0.1.2 description MPLS
neighbor 10.0.1.2 soft-reconfiguration inbound
!
ip route 0.0.0.0 0.0.0.0 192.168.18.2

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card