ISP failover using bgp attributes as path and local preference

kirank10 · ‎08-09-2024

ISP failover using bgp attributes as path and local preference only on core router i have two isp connection coming to core router, All routers are C3725 .. I am performing this in my lab but i am not getting bgp neighborship ,

Below is my configuration :

router bgp 65000
bgp router-id 10.0.0.1
neighbor 192.168.1.1 remote-as 65001
neighbor 192.168.2.1 remote-as 65002
network 10.0.0.0 mask 255.255.255.0

neighbor 192.168.1.1 route-map PREFER-ISP1 in
neighbor 192.168.2.1 route-map PREPEND-ISP2 out
exit

route-map PREFER-ISP1 permit 10
set local-preference 200
exit

route-map PREPEND-ISP2 permit 10
set as-path prepend 65000 65000 65000
exit

ISP 1

router bgp 65001
bgp router-id 192.168.1.1
neighbor 192.168.1.2 remote-as 65000
network 200.1.1.0 mask 255.255.255.0
exit

ISP2
router bgp 65002
bgp router-id 192.168.2.1
neighbor 192.168.2.2 remote-as 65000
network 210.2.2.0 mask 255.255.255.0
exit

interface Fa0/0
ip address 192.168.1.2 255.255.255.0
no shutdown
!
interface Fa0/1
ip address 192.168.2.2 255.255.255.0
no shutdown

ISP1
router bgp 65001
timers bgp 60 180

ISP2
router bgp 65002
timers bgp 60 180

Core router
router bgp 65000
timers bgp 60 180

Both my bgp neighbor are in active state and i am able to ping ping 192.168.2.2 and ping 192.168.1.2

What can be issue . When i am debugging it i am getting error ( BGP: Import timer expired. Walking from 1 to 1 )

M02@rt37 · ‎08-10-2024

Hello @kirank10

The issue of BGP neighborship being stuck in the "Active" state, despite having IP connectivity, often points to misconfigurations or underlying network issues that prevent the TCP connection for BGP (tcp_179) from being successfully established.

In your case, the BGP configuration seems correct regarding AS numbers and neighbor IPs, but a few areas still need close attention.

Possibility is that the custom BGP timers you've set (60 seconds for keepalive and 180 seconds for hold-time) might be causing the session to time out if there is any slight delay in the network. Additionally, ensure that the interfaces are fully operational (no shutdown is set) and that there are no ACLs or firewalls blocking TCP port 179, which could prevent the BGP session from forming.

Follow this configuration example:

router bgp 45000
 router-id 172.17.1.99
 bgp log-neighbor-changes
 neighbor 192.168.1.2 remote-as 50
 address-family ipv4 unicast
  neighbor 192.168.1.2 activate
  network 172.17.1.0 mask 255.255.255.0
  exit-address-family

Another critical aspect is to check for any errors or specific messages in the logs that could give more insights into why the session is failing. Using debugging commands like debug ip bgp and debug ip bgp events can help you pinpoint whether the BGP packets are being sent and received correctly.

If everything seems correct but the BGP session is still not forming, resetting the BGP session with clear ip bgp * after making any adjustments can sometimes resolve the issue by reinitiating the neighbor relationship under the corrected settings.

Neighbor is more than one hop away ? ->> you need to configure the ebgp-multihop option on your BGP neighbors. This allows BGP to form a session over multiple hops by specifying the maximum number of hops that BGP packets should traverse to reach the neighbor.

Commands to use:
show ip bgp summary
debug ip bgp
debug ip bgp events
show ip interface brief
clear ip bgp *

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_bgp/configuration/xe-16/irg-xe-16-book/configuring-a-basic-bgp-network.html

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

paul driver · ‎08-10-2024

Hello

@kirank10 wrote:

I am performing this in my lab but i am not getting bgp neighborship ,
Both my bgp neighbor are in active state and i am able to ping ping 192.168.2.2 and ping 192.168.1.2

Can you elaborate on the routing you have running so to establish connectivity to those ebgp peers?
Are they directly connected or are you using a default route to reach them, if the latter then bgp will not except a default route to establish an peering adjacency,

The ebgp peers need to be able have a definitive route towards each other so to initiate and establish a bgp session so having default routes just won't work, its a security rule to negate any possible route flaps / routing loops etc..

Also if you have a single rtr peering with dual ISPs, I would suggest to use the weight attribute instead of local preference for egress traffic engineering

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Harold Ritter · ‎08-10-2024

Hi @kirank10 ,

Can you please provide the "show bgp ipv4 uni neighbor 192.168.1.1" and "show bgp ipv4 uni neighbor 192.168.2.1" output from the Core router?

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

kirank10 · ‎08-10-2024

HI @Harold Ritter
i guess TCP connection is not open and i am failing to open port 179 in my lab

HI @Harold Ritter

show bgp ipv4 uni neighbor 192.168.1.1
BGP neighbor is 192.168.1.1, remote AS 65001, external link
BGP version 4, remote router ID 0.0.0.0
BGP state = Active
Last read 00:29:57, last write 00:29:57, hold time is 180, keepalive interval is 60 seconds
Message statistics:
InQ depth is 0
OutQ depth is 0
Sent Rcvd
Opens: 0 0
Notifications: 0 0
Updates: 0 0
Keepalives: 0 0
Route Refresh: 0 0
Total: 0 0
Default minimum time between advertisement runs is 30 seconds

For address family: IPv4 Unicast
BGP table version 1, neighbor version 0/0
Output queue size: 0
Index 2, Offset 0, Mask 0x4
2 update-group member
Inbound path policy configured
Route map for incoming advertisements is PREFER-ISP1
Sent Rcvd
Prefix activity: ---- ----
Prefixes Current: 0 0
Prefixes Total: 0 0
Implicit Withdraw: 0 0
Explicit Withdraw: 0 0
Used as bestpath: n/a 0
Used as multipath: n/a 0

Outbound Inbound
Local Policy Denied Prefixes: -------- -------
Total: 0 0
Number of NLRIs in the update sent: max 0, min 0

Connections established 0; dropped 0
Last reset never
No active TCP connection

show bgp ipv4 uni neighbor 192.168.2.1
BGP neighbor is 192.168.2.1, remote AS 65002, external link
BGP version 4, remote router ID 0.0.0.0
BGP state = Active
Last read 00:30:23, last write 00:30:23, hold time is 180, keepalive interval is 60 seconds
Message statistics:
InQ depth is 0
OutQ depth is 0
Sent Rcvd
Opens: 0 0
Notifications: 0 0
Updates: 0 0
Keepalives: 0 0
Route Refresh: 0 0
Total: 0 0
Default minimum time between advertisement runs is 30 seconds

For address family: IPv4 Unicast
BGP table version 1, neighbor version 0/0
Output queue size: 0
Index 1, Offset 0, Mask 0x2
1 update-group member
Outbound path policy configured
Route map for outgoing advertisements is PREPEND-ISP2
Sent Rcvd
Prefix activity: ---- ----
Prefixes Current: 0 0
Prefixes Total: 0 0
Implicit Withdraw: 0 0
Explicit Withdraw: 0 0
Used as bestpath: n/a 0
Used as multipath: n/a 0

Outbound Inbound
Local Policy Denied Prefixes: -------- -------
Total: 0 0
Number of NLRIs in the update sent: max 0, min 0

Connections established 0; dropped 0
Last reset never
No active TCP connection

Giuseppe Larosa · ‎08-12-2024

Hello @kirank10 ,

I apologize for the dumb question :

have you configured the neighbor commands under routers ISP1 and ISP2 ?

because from the output of commands asked to you by @Harold Ritter we see that no TCP connection was built with neighbors from core router.

Edit:

yes in your OP at the top I see the neighbor commands in ISP1 and ISP2 and everything looks like configured correctly.

Make the tests suggested by @MHM Cisco World try to do

telnet 192.168.1.1 179

and

telnet 192.168.2.1 179

from core router and the opposite from ISP1 and ISP2 routers.

Hope to help

Giuseppe

kirank10 · ‎08-10-2024

HI
I tried this configuration too but its not working

interface fa1/1
ip access-group 101 in
ip access-group 101 out

access-list 101 permit tcp any any eq 179
access-list 101 permit tcp any eq 179 any

M02@rt37 · ‎08-11-2024

Hello @kirank10

please provide us debug ip bgp events

Thanks again.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

kirank10 · ‎08-11-2024

Hi

below is output

Mar 1 00:03:49.059: BGP: Import timer expired. Walking from 1 to 1
*Mar 1 00:04:04.059: BGP: Performing BGP general scanning
*Mar 1 00:04:04.059: BGP(0): scanning IPv4 Unicast routing tables
*Mar 1 00:04:04.059: BGP(1): scanning IPv6 Unicast routing tables
*Mar 1 00:04:04.059: BGP(IPv6 Unicast): Performing BGP Nexthop scanning for general scan
*Mar 1 00:04:04.059: BGP(1): Future scanner version: 5, current scanner version: 4
*Mar 1 00:04:04.059: BGP(2): scanning VPNv4 Unicast routing tables
*Mar 1 00:04:04.059: BGP(VPNv4 Unicast): Performing BGP Nexthop scanning for general scan
*Mar 1 00:04:04.059: BGP(2): Future scanner version: 5, current scanner version: 4
*Mar 1 00:04:04.059: BGP(4): scanning IPv4 Multicast routing tables
*Mar 1 00:04:04.059: BGP(IPv4 Multicast): Performing BGP Nexthop scanning for general scan
*Mar 1 00:04:04.059: BGP(4): Future scanner version: 5, current scanner version: 4
*Mar 1 00:04:04.059: BGP(5): scanning IPv6 Multicast routing tables
*Mar 1 00:04:04.059: BGP(IPv6 Multicast): Performing BGP Nexthop scanning for general scan
*Mar 1 00:04:04.059: BGP(5): Future scanner version: 5, current scanner version: 4
*Mar 1 00:04:04.059: BGP(6): scanning NSAP Unicast routing tables
*Mar 1 00:04:04.059: BGP(NSAP Unicast): Performing BGP Nexthop scanning for general scan
*Mar 1 00:04:04.059: BGP(6): Future scanner version: 5, current scanner version: 4
*Mar 1 00:04:19.063: BGP: Import timer expired. Walking from 1 to 1
*Mar 1 00:04:34.063: BGP: Import timer expired. Walking from 1 to 1
*Mar 1 00:04:49.063: BGP: Import timer expired. Walking from 1 to 1
*Mar 1 00:05:04.063: BGP: Performing BGP general scanning
*Mar 1 00:05:04.063: BGP(0): scanning IPv4 Unicast routing tables
*Mar 1 00:05:04.063: BGP(1): scanning IPv6 Unicast routing tables
*Mar 1 00:05:04.063: BGP(IPv6 Unicast): Performing BGP Nexthop scanning for general scan
*Mar 1 00:05:04.063: BGP(1): Future scanner version: 6, current scanner version: 5
*Mar 1 00:05:04.063: BGP(2): scanning VPNv4 Unicast routing tables
*Mar 1 00:05:04.063: BGP(VPNv4 Unicast): Performing BGP Nexthop scanning for general scan
*Mar 1 00:05:04.063: BGP(2): Future scanner version: 6, current scanner version: 5
*Mar 1 00:05:04.063: BGP(4): scanning IPv4 Multicast routing tables
*Mar 1 00:05:04.063: BGP(IPv4 Multicast): Performing BGP Nexthop scanning for general scan
*Mar 1 00:05:04.063: BGP(4): Future scanner version: 6, current scanner version: 5
*Mar 1 00:05:04.063: BGP(5): scanning IPv6 Multicast routing tables
*Mar 1 00:05:04.063: BGP(IPv6 Multicast): Performing BGP Nexthop scanning for general scan
*Mar 1 00:05:04.063: BGP(5): Future scanner version: 6, current scanner version: 5
*Mar 1 00:05:04.063: BGP(6): scanning NSAP Unicast routing tables
*Mar 1 00:05:04.063: BGP(NSAP Unicast): Performing BGP Nexthop scanning for general scan
*Mar 1 00:05:04.063: BGP(6): Future scanner version: 6, current scanner version: 5
*Mar 1 00:05:05.043: BGP(IPv4 Unicast): waited 300s for the first peer to establish
*Mar 1 00:05:05.043: BGP(IPv4 Unicast): computed bestpaths, table version went from 1 to 1
*Mar 1 00:05:05.043: BGP: notified IGPs about convergence
*Mar 1 00:05:05.043: BGPNSF: Listeners notified about convergence
*Mar 1 00:05:19.067: BGP: Import timer expired. Walking from 1 to 1
*Mar 1 00:05:34.067: BGP: Import timer expired. Walking from 1 to 1
*Mar 1 00:05:49.067: BGP: Import timer expired. Walking from 1 to 1

M02@rt37 · ‎08-11-2024

Thanks @kirank10

Do you have this command under bgp process ?

no bgp default ipv4-unicast

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

MHM Cisco World · ‎08-11-2024

Sorry it is lab or real network?

MHM

kirank10 · ‎08-11-2024

LAB

MHM Cisco World · ‎08-11-2024

Did you use router or SW?

Show tcp brief <<- share this

Also share

Telnet x.x.x.x port 179 <<- both sides

MHM

MHM Cisco World · ‎08-21-2024

Anyupdate ?
MHM