Hi Milan,

Thanks, After this i  planing for ISP level redundacy, for that  i planned below config :-

----------------------------------------------------------------------------------------------------------------------------------------------

Router 1

autonomous-system 100

!

!

ip route 1.1.1.0  255.255.254.0 Null0 200

!

ip prefix-list MY_IP_OUT seq 10 permit 1.1.1.0/23 le 24

!

ip prefix-list SECOND-ROUTE 1.1.2.0/24

!

route-map  MY_TO_ISP1 permit 10

match ip address prefix  SECOND-ROUTE

set as-path prepend 100 100 100

!

route-map MY_To_ISP1 permit 20

match ip address prefix MY_IP_OUT

!

ip prefix-list DEFAULT&HQ_ROUTE_IN  seq 10 permit 0.0.0.0/0

ip prefix-list DEFAULT&HQ_ROUTE_IN  seq 20 permit 6.6.6.0/24

!

route-map ISP1_TO_ME permit 10

match ip address prefix  DEFAULT&HQ_ROUTE_IN

!

!

router bgp 100

no synchronization

bgp log-neighbor-changes

bgp dampening

network 1.1.1.0  255.255.255.0

network 1.1.2.0  255.255.255.0

aggregate-address 1.1.1.0 255.255.254.0

! define BGP session with ISP-1

neighbor  ISP1 remote-as 200

neighbor  ISP1 description BGP Transit to ISP1

neighbor  ISP1 timers 10 30               

neighbor  ISP1 version 4

neighbor  ISP1 password

neighbor  ISP1 soft-reconfiguration inbound       

neighbor  ISP1 route-map ISP1_TO_ME in

neighbor  ISP1 route-map MY_TO_ISP1 out

neighbor  ISP1 maximum-prefix 10           

neighbor  ISP1 next-hop-self

!

! define iBGP session

neighbor IBGP remote-as 100

neighbor IBGP description iBGP to Router2

neighbor IBGP version 4

neighbor IBGP soft-reconfiguration inbound       

neighbor IBGP update-source Loopback0

!

neighbor 4.4.4.4 peer-group ISP1

!

neighbor 1.1.1.2 peer-group IBGP

!

end

+++++++++++++++++++++++++++++++++++++++++++++++++++++++

Router 2

!

autonomous-system 100

!

!

ip route 1.1.1.0  255.255.254.0 Null0 200

!

ip prefix-list MY_IP_OUT seq 10 permit 1.1.1.0/23 le 24

!

ip prefix-list FIRST-ROUTE 1.1.1.0/24

!

route-map MY_TO_ISP2 permit 10

match ip address prefix FIRST-ROUTE

set as-path prepend 100 100 100

!

route-map MY_TO_ISP2 permit 20

match ip address prefix IP_OUT

!

ip prefix-list DEFAULT_ROUTE_IN  seq 10 permit 0.0.0.0/0

!

route-map ISP2_TO_ME permit 10

match ip address prefix  DEFAULT_ROUTE_IN

!

router bgp 100

no synchronization

bgp log-neighbor-changes

bgp dampening

network 1.1.1.0  255.255.255.0

network 1.1.2.0  255.255.255.0

aggregate-address 1.1.1.0 255.255.254.0

! define BGP session with ISP-2

neighbor ISP2  remote-as 300

neighbor ISP2 description BGP Transit to ISP2

neighbor ISP2 timers 10 30               

neighbor ISP2 version 4

neighbor ISP2 password

neighbor ISP2 soft-reconfiguration inbound       

neighbor ISP2 route-map ISP2_TO_ME in

neighbor ISP2 route-map MY_TO_ISP2 out

neighbor ISP2 maximum-prefix 10               

neighbor ISP2 next-hop-self

!

! define iBGP session

neighbor IBGP remote-as 100

neighbor IBGP description iBGP to Router1

neighbor IBGP version 4

neighbor IBGP soft-reconfiguration inbound           

neighbor IBGP update-source Loopback0

!

neighbor 3.3.3.3 peer-group ISP2

!

neighbor 1.1.1.1 peer-group IBGP

!

end

-------------------------------------------------------------------------------------------------------------------------------------------------------------

Now  I want that my All Internet traffic primarily goes out from  ISP2 and HQ (6.6.6.0/24) goes out from ISP 1, I am using Cisco router so I can use weight attribute, if I use  weight on ISP2' default router will it also effect the HQ's route (6.6.6.0/24) as its more specific. If yes than how can I achieve this?

Thanks

Jagdev

Hi,

I'm not sure if I'm following your configs completely.

So generally:

If you want to influence the way the traffic is outgoing from your site, you might need to manipulate BGP attributes of prefixes received from your neigbhours.

And vice versa:

If you want to influence the way the traffic is sent to your site, yiou might need to manipulate BGP attributes of prefixes sent to your neigbhours.

So if you want the traffic sent to 6.6.6.0/24 to choose Router1 as the outgoing gateway from your site, you need to make the BGP attributes of the 6.6.6.0/24 prefix received on your Router1 better than the attributes of the same prefix received on your Router2.

The easiest way is to increase the Local Preference value (set it to 200, e.g., as the default value is 100).

Using the Weight attribute is not practical in your case, as this attribute has a local meaning only (i.e., is not sent to other BGP neighbours) and Router2 could still prefer the prefix received from IPS2.

I'd also use

neighbor ... next-hop-self

command in the iBGP section, not in the eBGP section.

HTH,

Milan

Hi Milan,

Let me explain more on config so that you can help me. I got new Public IPs eg 1.1.1.0/23, now i want to publish /24 1.1.1.0/24 from ISP1 and 1.1.2.0/24 from ISP2 and 1.1.1.0/23 from the both ISP for redundancy.

I have created a perfix-list and using route map i am prepending ASN to a subnet 1.1.2.0/24

Router 1 :- 

ip route 1.1.1.0  255.255.254.0 Null0 200

!

ip prefix-list SECOND-ROUTE 1.1.2.0/24

!

route-map  MY_TO_ISP1 permit 10

match ip address prefix  SECOND-ROUTE

set as-path prepend 100 100 100

!

route-map MY_To_ISP1 permit 20

match ip address prefix MY_IP_OUT

!

router bgp 100

network 1.1.1.0  255.255.255.0

network 1.1.2.0  255.255.255.0

aggregate-address 1.1.1.0 255.255.254.0

neighbor  ISP1 route-map MY_TO_ISP1 out

--------------------------------------------------------------------------------------

same i am doing for other route 1.1.1.0/24 on router 2

Router 2 : -

ip route 1.1.1.0  255.255.254.0 Null0 200

!

ip prefix-list MY_IP_OUT seq 10 permit 1.1.1.0/23 le 24

!

ip prefix-list FIRST-ROUTE 1.1.1.0/24

!

route-map MY_TO_ISP2 permit 10

match ip address prefix FIRST-ROUTE

set as-path prepend 100 100 100

!

route-map MY_TO_ISP2 permit 20

match ip address prefix IP_OUT

!

router bgp 100

network 1.1.1.0  255.255.255.0

network 1.1.2.0  255.255.255.0

aggregate-address 1.1.1.0 255.255.254.0

neighbor  ISP1 route-map MY_TO_ISP1 out

######################################################################################

For inbound routes i just want to learn just default route, but i want my traffic to HQ goes out from ISP1 and rest of Internet traffic on ISP2.

for that i leaned HQ specific route from ISP1 and feel since it will be more specific route it should be used for outbound traffic for HQ 

Router 1:-

ip prefix-list DEFAULT&HQ_ROUTE_IN  seq 10 permit 0.0.0.0/0

ip prefix-list DEFAULT&HQ_ROUTE_IN  seq 20 permit 6.6.6.0/24

!

route-map ISP1_TO_ME permit 10

match ip address prefix  DEFAULT&HQ_ROUTE_IN

!

router bgp 100

neighbor  ISP1 route-map ISP1_TO_ME in

----------------------------------------------------------------------------------------------------------------------------

And just learning default route from ISP2

Router 2:

ip prefix-list DEFAULT_ROUTE_IN  seq 10 permit 0.0.0.0/0

!

route-map ISP2_TO_ME permit 10

match ip address prefix  DEFAULT_ROUTE_IN

!

router bgp 100

neighbor ISP2 route-map ISP2_TO_ME in

======================================

Please let me know if this make you clear or i try to explain more.

Thanks

Jagdev

Hi Jagdev,

for advertised subnets:

IMHO, you've got a typo in you configs, there should be:

Router 1 :- 

ip route 1.1.1.0  255.255.255.0 Null0

Router 2 : -

ip route 1.1.2.0  255.255.255.0 Null0

shouldn't it?

This way you will get the routes for those subnets to your RIB to be able to advertise them to the IPSs and create the /23 aggregated route.

And you will advertise both

1.1.1.0/24 and 1.1.2.0/24 together with 1.1.1.0/23 from both your routers to the ISPs.

The route received from the other iBGP router will be advertised with 100 100 100 prepended though.

Is that what you want?

######################################################################################

For inbound routes:

If you permit the 6.6.6.0/24 prefix to be received only on Router 1, it will work.

But you also need to be sure the default route recieved on Router 2 would be preferred if you want the rest of the traffic to leave your site through Router 2. So increasing the Local Preference for the default route received from ISP2 would be a solution.

And again

neighbor ... next-hop-self

command should be used in the iBGP section, not in the eBGP section.

BR,

Milan

Thanks Once again Milan,

I will add "next-hop-self" in IBGP session.

Router 1 :- 

ip route 1.1.1.0  255.255.255.0 Null0

Router 2 : -

ip route 1.1.2.0  255.255.255.0 Null0

Router 1:-

ip prefix-list MY_IP_OUT seq 10 permit 1.1.1.0/23 le 24

!

ip prefix-list SECOND-ROUTE 1.1.2.0/24

!

route-map  MY_TO_ISP1 permit 10

match ip address prefix  SECOND-ROUTE

set as-path prepend 100 100 100

!

route-map MY_To_ISP1 permit 20

match ip address prefix MY_IP_OUT

!

ip prefix-list HQ_ROUTE_IN  seq 10 permit 6.6.6.0/24

!

ip prefix-list DEFAULT_IN seq 10 permit 0.0.0.0/0

!

route-map ISP1_TO_ME permit 10

match ip address prefix HQ_ROUTE_IN

set local-preference 200

!

route-map ISP1_TO_ME permit 20

match ip address prefix DEFAULT_IN

Router 2:-

ip prefix-list MY_IP_OUT seq 10 permit 1.1.1.0/23 le 24

!

ip prefix-list FIRST-ROUTE 1.1.1.0/24

!

route-map MY_TO_ISP2 permit 10

match ip address prefix FIRST-ROUTE

set as-path prepend 100 100 100

!

route-map MY_TO_ISP2 permit 20

match ip address prefix IP_OUT

!

ip prefix-list DEFAULT_ROUTE_IN  seq 10 permit 0.0.0.0/0

!

route-map ISP2_TO_ME permit 10

match ip address prefix  DEFAULT_ROUTE_IN

set local-preference 200

!

Thanks

Jagdev

Hi,

yes, this should work I hope.

BR,

Milan

Thansk for your support Milan

Regards

Jagdev

Hello Jagdev,

just a note:

from a previous thread I had understood that your border routers learn the component routes 1.1.1.0/24 and 1.1.2.0/24 via IGP ( OSPF or other) or they are directly connected to them, if it is so, you don't need the static route to null0,  but  just the BGP network command would work well.

everything else is fine in the proposed configuration

Hope to help

Giuseppe

Hi Giuseppe,

I understood those subnets were not used yet?

Doesn't really matter how to get them to the RIB in that case.

Another possibility would be creating Loopback interfaces with addresses assigned to those subnets, e.g.

BR,

Milan

Thanks Giuseppe

Currently they not learning from IGP or they learn from from directly connected interface. I will use  HSRP at LAN interface and before them there would ASA fws.  now I want config some tracking for HSRP  for BGP session instead of WAN interface.

HQ's trffice goes to ISP1 router's LAN interface and rest of  traffic goes to ISP2 router's LAN interface. They will  work in failover Please go thorough below config and suggest

Router ISP1:-

interface FastEthernet0/1

description Connect to ASA1

ip address 1.1.1.2 255.255.254.0

duplex auto

speed 100

standby 1 ip 1.1.1.1

standby 1 priority 90

standby 1 preempt

Router ISP2:-

interface FastEthernet0/1

description Connect to ASA2

ip address 1.1.1.3 255.255.254.0

duplex auto

speed 100

standby 1 ip 1.1.1.1

standby 1 priority 110

standby 1 preempt

ASA are in Active failover mode.

I can use route Outside 0.0.0.0 0.0.0.0 1.1.1.1 for Internet traffic But for HQ trffic should i use

another standbay groupe or is there any other waay to achive this

interface FastEthernet0/1

description Connect to ASA1

ip address 1.1.1.2 255.255.254.0

duplex auto

speed 100

standby 1 ip 1.1.1.1

standby 1 priority 90

standby 1 preempt

standby 2 ip 1.1.1.4

standby 2 priority 90

standby 2 preempt

interface FastEthernet0/1

description Connect to ASA2

ip address 1.1.1.3 255.255.254.0

duplex auto

speed 100

standby 2 ip 1.1.1.4

standby 2 priority 110

standby 2 preempt

and for HQ route Outside 6.6.6.0 255.255.255.0 1.1.1.4

Thanks

Jagdev