I just gote tired of googling about my issue and had got nothing yet so finally i decided to ask you all,
I have very complicated requirements in BGP which i had explained bellow
I have 12 locations including HO with two ISP running BGP and providing connectivity between sites to sites and sites to HO using MPLS.
Now i had tried to configure a failover sitution using the route map by incrising the prefrence of a particular neighbour AS, which worked fine
route-map LOCAL_PRE, permit, sequence 20
Policy routing matches: 0 packets, 0 bytes
router bgp 65001
network 10.12.0.0 mask 255.255.0.0
neighbor 10.240.156.1 remote-as 65500
neighbor 10.240.156.1 route-map LOCAL_PRE in
neighbor 10.240.156.1 filter-list 10 out
neighbor 126.96.36.199 remote-as 18101
neighbor 188.8.131.52 ebgp-multihop 5
neighbor 184.108.40.206 soft-reconfiguration inbound
neighbor 220.127.116.11 filter-list 10 out
I want to set certain parameters that if my primary links get down then after 10 to 20 RTO's it must failover to the secondry
now the problem hear is that i want to utlize both the link but in different manner for example
i want my SAP and internet traffic to pass from the secondry link
and FTP,VC etc traffic must pass from the primary link, if the primary links fails then all this appl, VC, Int and ftp must work on secondry link
So hear is the problem as i am unable to find any solutions to this problem
you will need to have a route-map that has an access list matching your traffic ( SAP etc) and selctivley tweak the LP and AS_PATH for achieving traffic control in both the inbound and outbound directions.
If your server are in different network then Simply you can play with Route-Map & Local Prep to achive your requriment.
Below is the senario :
Your Application : 192.168.1.0 --- Used for SAP etc
192.168.2.0 --- User For VC etc
Configure Route-Map :
Route Map 1 seq 10
local prep 1000 ========= > Used in link A
Route Map 1 seq 20
Route Map 2 seq 10
local prep 1000 ==========> Used in link B
Route Map 2 seq 20
* The Above are not exact command it is just an example to show how to confiure the route-map
And if your server are in same subnet then its an only suggesion i had not tried the same but can resolve the issue .
You can configure static route with /32 mask and point towards outgoing interface with specific server or application so insted to using BGP route it will use static route becasue of more specific prefix.
So if link fail then static route will remove from routing table & user BGP route to reach destination & Vice versa fo other link.
** If your link is MPLS Metro Ethernet then you need to configure IP SLA track to remove the route form routing table becasue you linterface never goes down.
Message was edited by: Chetan Kumar Ress
Thanks for your reply.
But i can't go for static route as i have 12 locations currently and more 10 are going addup in a year and then its going to inrease again, so i dont think that static route is going to be easy to maintain and moreover both the ISP's are also using BGP so i prefer to use BGP.
My servers are in the same subnet at HO and so your solution can't be work out but i had given me a hint
If i configure route map based on host based acl source as server from HO and destination as server ip from client then it may be possible am i correct ?
but what about the failover conditions that if the primary goes down then all the traffice must go on secondry link ???
you may also try to announce more specific networks on one ISP so that it will be the prefered path, this requires no adjustment of LOCAL_PREF and AS_PATH. only need to put some appropriate filters.
Thanks for your reply. But the failover is not the major issue hear as failover can be achived by using weight or pref butt he issue is little bit more complicated
few apps must work on primary and few on secondry and when primary goes down every each apps must work on secondary and vise-versa
i hope you got my problem so request you to provoide some solutions for this
This is an interesting set of requirments. I am assuming all spoke sites connect to these applications via the two ISP/BGP neigbours provided in your config.
Have you looked at doing some Policy Based Routing where by you are able to match the applications via a ACL and set the next hop address as required?
You could also look at using the set next-hop option in a routemap for BGP using ACL to match the applications. Im not sure how this would work in a failover senario. We also need to consider the return path from the spoke back to the hub/HO. Its all well and good engineering the traffic out over the two links but pointless unless you controll the return path.
Are you able to upload and network diagram?
I can upload an example of the same with 5 sites which you can see each are connected two ISP's running BGP and wee are also running BGP in our router to learn the routes
The diagram will give you a rough idea as is is not very precisedly build
This is our BGP config at HO
router bgp 65001
network 10.2.0.0 mask 255.255.0.0
neighbor 10.245.10.1 remote-as 65500
neighbor 10.245.10.1 soft-reconfiguration inbound
neighbor 10.245.10.1 route-map LOCAL_PRE in
neighbor 10.245.10.1 filter-list 50 out
neighbor 18.104.22.168 remote-as 18101
neighbor 22.214.171.124 ebgp-multihop 4
neighbor 126.96.36.199 soft-reconfiguration inbound
neighbor 188.8.131.52 filter-list 50 out
I will wait for your advice regarding my requirement.
My Concern was to use Static Route over BGP , You have to RUN BGP as you are configured , No changes in existing setup.
The BGP route that you will get from ISP will have AD of 20 & When you add Specific static route with that server IP to use Backup ISP interface then the traffice will use static route because longest prefix match.
So my concern was to add only static route in remote locaiton as you want which server should use which link ( Same way in all remote locaiton ).
But in this case i think the traffic will travel Bi-directional . Becase return traffic ( From HQ ) will use only one link becasue of primary & Secondary configuration. So here you may use PBR next hop with matching Destination( Remote IP ) So for that destination IP you may use Second ISP. So in HO you may need to configure that ACL for all Video Devices located in remote locaiton.
And for SAP & FTP i thik it will use Bi-Directional becasue you can't configure ACL in HQ for all user & that is no possible becasue it affect all traffic but here you may use extended ACL( Think will work with PBR ).
So to divert the traffic you need to configure only 2 or 3 route in each locaiton & that you can make common as a best pratice.
Thanks for your reply. I gote your point regarding the use of static route that you want me to add a static route at client location facing the HO to work from the secondary link and apply a policy to stop the same traffic to travel from primary link and when the the primary goes down all traffic will go through secondary due to static route. But hear i have one problem that what when my client location want to acces any other client location in that case which route will work and how bcs static route is only for HO. At HO also i have to give static route for all the client locations ??
can i use EIGRP hear insted of static route ?
----- > But hear i have one problem that what when my client location want to acces any other client location in that case which route will work and how bcs static route is only for HO. At HO also i have to give static route for all the client locations ??
In you client router you have route learned from BGP Primary & Secondary also & Using Static route in this senario is to ignore the BGP route for that network or that Particular IP address.
When you configure static route that shoud be Specific IP i.e. Serverc IP Addres for Example : ip route 192.168.1.50 255.255.255.255 x.x.x.x
Here 192.168.1.50 is your server that is located in HO , But in client router you have two route to reach that server i.e.192.168.1.0/24 & 192.168.1.50/32
So here it will use specific route instead of /24 network recevied from BGP & except 192.168.1.50 IP address all other traffic will use BGP route to reach the other location or clients becasue they don't have static route to reach.
And here you no need to configure static route in HO becasue from HO to location it will reach via BGP becasue you have already BGP configured in HO. But you have to configure PBR in HO to set next hop to all traffic that have specific source & destination ( source means Server & destination means you location subnet )
So from that server when ever reverse traffic will generate it will use backup link or specified link in HO.
Other wise it will travel bi-directional means from locaiton it will use backup link becase of static route & from HO it will user primary link becasue of BGP in HO.
Let use deal with the return path first. I would create two new /32 host prefixes within BGP at the HO for the two application servers. They using AS-path prepend add an extra AS or two to each /32 route. So that host A is prepended over ISP B and Host B is prepended over ISP A. This would engineer the return path for each host over the required ISP while still allowing for failover of either ISP. You can scale this solution for any additional host/applications you may add in the future.
I choose AS-path prepend as I am assuming that the ISP AS numbers will appear in the BGP path and that this is not all iBGP. You could use local preference at the spoke sites but this increases the amount of config required at each site. AS-path prepend allows you to do all the config at HO and the spoke require no extra config.
This deals with the return path. The outbound is a little more tricky and IMO you'll need to do some sort of PBR but I am no PBR expert so will let someone else come in on that part - I think the failover requirement will be the tricky bit.