cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
883
Views
8
Helpful
7
Replies

Load sharing in BGP

jigsaw2026
Level 1
Level 1

Hi,

I have a 2 ISP/2 local router set up (one ISP on each router). Currently each router is taking a partial routing table, of AS numbers, and then there's a default route.

The 2 local routers are BGP neighbours in the same AS. We run HSRP between our 2 local routers, with the HSRP address acting as the default gateway (primarily on router 1). So most traffic goes to router 1 > Internet, with some going to router 1 > router 2 > Internet (only routes advertised by ISP). Hope that makes sense.

Unfortunately this is causing router 1 to have 3 times as much traffic as router 2, so we would like to try out taking a full routing table on each, and keeping the same HSRP setup.

Router 1 will see any routes advertised by router 2 as AD 200 - is there a way to change the AD to 20 for routes internal to the AS? Otherwise router 1 will prefer its ISP for all routes, and then it will be very unbalanced!

Also, assuming I can manage for both router 1's ISP's and router 2's routes to be considered for router 1's routing table, what order is preference decided on? I guess I would like it to be decided on path first?

I realise that there's helpful documentation out there, particuarly http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a00800945bf.shtml but I don't think it quite covers my scenario.

Any help much appreciated. Is this the completely wrong way to go about this?

J

7 Replies 7

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Jigsaw,

I would consider the use of GLBP instead of HSRP on the client vlan in order to get outbound load balancing.

About BGP routes:

BGP has its own table and there compares the BGP advertisements using the BGP attributes:

weight, local preference, As path length, origin, MED.

So you can choice that R2 is the exit point for certain destinations and you can use local-preference to give preferences to the path via R2-ISP2 also on R1 itself

example:

net 204.150.12.0/24

access-list 11 permit 204.150.12.0 0.0.0.255

route-map rise_locpref permit 10

match ip address 11

set local-preference 200

route-map rise_locpref permit 20

! all other routes unchanged

on R2:

router bgp xxx

neigh R1:ipaddress remote-as xxx

neigh R1:ipaddress route-map rise_locpref out

Hope to help

Giuseppe

Joseph W. Doherty
Hall of Fame
Hall of Fame

Even with full Internet BGP tables, by default, eBGP routes will be preferred over the iBGP routes. I.e., unless your iBGP peer has a shorter AS path, traffic will go off the external link from the gateway BGP router.

Giuseppe's GLBP solution is probably the easiest. Something to note, virtual MAC changes from HSRP's and I don't believe GLBP does a gratuitous ARP. I.e. clients may lose their connection to the gateway until they re-ARP the gateway IP.

Some other options you might have.

You could "front" your two WAN routers with another L3 device and have it route to each WAN router. This can provide a better load balance than GLBP since flows should be alternated not MACs. (The latter is especially useful for very busy devices that push lots of your traffic, good example would a firewall or proxy.)

If your routers support it, you could also consider OER/PfR. This technology was originally, I believe, designed to optimize outbound flows for the Internet. (It doesn't require full BGP table, or even BGP.)

Giuseppe:

Quick question:

The OP has not posted any network diagram, so I will just create a scenario in my head that is pretty typical, OK?

Imagine we have 2 parallel paths:

FW_1---->Edge Router_1<--------->ISP Router_A

FW_2---->Edge Router_2<--------->ISP Router_B

Assuming the firewalls are in a hot/standby (failover) configuration, one of them will be forwarding user traffic. Lets say it's FW_1.

FW_1 will most likely have a default static route pointing to the Edge Router's VIP. The thing with GLBP is that each user who ARPs for the default gateway will receive a different MAC, one for each of the AVFs. This is how load balancing is achieved. Its based on the idea that many users will ARP and each will be given a different MAC address in a round robin fashion or based on some other criteria.

The FW however, will only ARP once for the default gateway's MAC address, and thats it. Whichever AVF it is told to use will be the one it will always forward traffic to, unless the ARP entry in the FW times out, in which case it will have to ARP again and may or may not receive the same AVF.

So, my question is, given this scenario, how does GLBP provide load balancing?

Thanks

Thanks guys for the detailed and fast responses! I will investigate GLBP, it sounds a good option.

I will let you know how I get on :)

Hello Victor,

GLBP cannot provide any advantage in the scenario you have described as you correctly noted a single client makes a single ARP request for the VIP gets its answer and uses it until ARP cache entry timeouts.

An attempt could be done to see if GBLP can coexist with ip proxy-arp:

at the price of much more ARP activity that involves broadcast traffic the device missing a next-hop for its default route should ARP for each possible destination.

This would require three conditions to be met:

that ip proxy-arp can coexist and interoperate with GLBP

that GLBP has a simple round-robin algorithm to provide its ARP replies from the AVF MAC pool (= it can provide different answers over time to the same requester, not sure of this)

that a security appliance like a firewall arps for every possible destination on the lan segment.

However, even if all these conditions were met the cpu usage of the AVG device could be a problem (this depends also on platform).

So also if it is possible it shouldn't be recommended.

In summary, with a single client GLBP and HSRP provides the same service.

Hope to help

Giuseppe

Thanks, Giuseppe. I appreciate the feedback.

By the way, please dont ever feel as though Im being difficult or challenging you when you give out receommendations. I am here to learn as much as I am here to help when I can.

You are a very knowledgeable and intelligent guy, so I like to take the opportunity to pick your brain when I can, especially with regard to solutions that you recommend for people.

Thanks again, buddy.

Ciao

mikesparker
Level 1
Level 1

If your firewall supports 2 or more default gateways (such as ASA) then I would recommend Multigroup HSRP. http://www.cisco.com/en/US/tech/tk648/tk362/technologies_configuration_example09186a0080094e90.shtml

Review Cisco Networking for a $25 gift card