Load Sharing in Bgp

kartik.shah1 · ‎02-27-2017

Hi,

We have one Cisco 1941 Router. External bgp is running with one ISP. We have our own AS numbers with /22 pool of IPs.

Currently all traffic is routed from this Cisco router. Below cisco router, we have 2 firewalls running in HA.

we are planning to buy 2nd ISP. we will configure external bgp with 2nd ISP. This ISP will be terminated on another cisco 1941 router.

We want to share traffic load between this routers.

Can anyone help with this scenario?

Thank you,

Philip D'Ath · ‎02-27-2017

How much memory do you have in your 1941's?

kartik.shah1 · ‎02-27-2017

Hi,

Cisco CISCO1941/K9 (revision 1.0) with 491520K/32768K bytes of memory.

Georg Pauwen · ‎02-27-2017

Hello,

have a look at the link below, especially topology 5 and 6. It has sample configs/scenarios for BGP load sharing/load balancing.

http://showipbgp.com/bgp-configurations/cisco.html

kartik.shah1 · ‎02-27-2017

Hi,

I have gone through above link before but this cant help me with my case.

As i have 2 firewalls running in active/passive mode. for firewalls to pass packet, we require only one gateway.

Philip D'Ath · ‎02-27-2017

A couple of easy options for outbound load balancing. In both cases you would use IBPG between the two routers.

If you have 2GB of RAM you could ask each ISP to give you a "full" routing table. Then you can let the routers select the best path to use based on the shortest metric.

If the ISPs don't have "full" routing tables then you wont need 2GB of RAM. Then you could ask both ISPs to give you what they can. The routers will then select the best path based on the information available.

You could use Cisco Pfr (Performance Routing). For this you can just learn a default route from each ISP, a partial routing table, or a full routing table. Pfr will then measure the performance of both links, and inject routes to move traffic from one link to another to get the best performance.

With regard to inbound load balancing; this depends a lot on the two ISPs. If both ISPs are equally well connected the traffic should balance nicely. If one ISP is a lot better connected than the other then a lot more traffic will come in on that ISPs circuit. You can do as path pre-pending to try and balance out the inbound load.

kartik.shah1 · ‎02-27-2017

Hi,

Thank you for assertive support.

Is there any way to dedicate specific traffic to route - both inbound & outbound, with one router and remaining with another router.

Moreover, if anyone fails, it should switch to another router.

Philip D'Ath · ‎02-28-2017

If both routers speak EBGP to their ISPs, and talk IBGP between each other and use something like HSRP to protect the "first hop" for the firewalls, then everything will be fault tolerant.

You only have limited control of inbound traffic, as ultimately it is up to everyone else on the Internet to decide how to forward their traffic towards you.

You have as much control over your outbound traffic as you like. You can use a route-map to force traffic out a particular link. You can even just used a static IP address via your EBGP peer address (so it is a recursive route lookup) and it will only be put into the routing table if the next hop is reachable.

kartik.shah1 · ‎03-01-2017

Hi Philip D'Ath,

I am planning to configure internal BGP between both routers.

so can it work in this way- my traffic packet will reach to HSRP active router from Firewall. Now Active router will pass some traffic to 2nd (standby) router through internal bgp and rest traffic directly to peer via external bgp?

thank you

Philip D'Ath · ‎03-01-2017

Yes. It will use the "best" path to the destination. Ideally you will get a routing feed from both ISPs. Failing that you'll need to use Pfr.

kartik.shah1 · ‎03-01-2017

Hi Philip D'Ath,

Thank you,

what configuration i require for inbound traffic?

and if possible can you guide config steps for above discussed solution.

regards,

Philip D'Ath · ‎03-01-2017

What sort of routing table can the ISPs provide you? Full, partial+default route, or default route only?

I would probably have a config something like:

router bgp xxx
 bgp log-neighbor-changes
 redistribute connected
 redistribute static
 neighbor a.a.a.a remote-as <isp-as>
 neighbor a.a.a.a description ISP
 neighbor a.a.a.a soft-reconfiguration inbound
 neighbor a.a.a.a prefix-list customer out
 neighbor a.a.a.a route-map isp-in in
 neighbor b.b.b.b remote-as xxx
 neighbor b.b.b.b description Internal BGP Session
 neighbor b.b.b.b soft-reconfiguration inbound

ip prefix-list customer seq 5 permit c.c.c.0/22

route-map isp-in permit 10
 set local-preference 110 *** optional - to make one ISP more preferred ***
 set community local-AS

Philip D'Ath · ‎03-01-2017

You may need other redistibution(s) depending on how you route internally, e,g. static routes

kartik.shah1 · ‎03-01-2017

Hi Philip D'Ath,

1st ISP is having full routes and 2nd is having partial+default routes.

Philip D'Ath · ‎03-01-2017

Make sure you buy memory upgrades for your routers to take them to 2GB of RAM. Otherwise you'll have to do inbound prefix filtering to reduce memory use.

Note that ISP1 will be more preferred for outbound routes since it is offering more routes.