hey Jon,

This question might be a little less specific and I'll probably need to provide you with more data.  Let's say I have a router that is connected to two different ISP circuits. 

ISP1 - primary

ISP2 - failover in case primary dies

let's say we get a default route from both ISPs and we also need to advertise a /24  so end users from outside can reach us.   This is currently happening.

When we kill the ISP1 link, we keep having this issue where our outgoing traffic goes out the ISP2 link just fine, but our incoming traffic keeps trying to come back the original ISP1 link.  Have you heard of this issue? 

Are you using BGP to advertise your /24 ? 

And do you prepend your /24 via ISP2 so that when all links are up traffic comes in via ISP1 ? 

If so when the link to ISP1 fails then ISP1 should stop receiving your advertisement and so stop advertising it and traffic should then come in via ISP2. 

Note depending on your connectivity to the ISP you may be dependant on BGP timers to time out before ISP1 realises your router is down so there can be a delay in traffic rerouting via ISP2. 

Jon

Thanks for the reply, Jon.  

That is correct, we are advertising the /24 through BGP. and that is correct we path prepend.

Now let's say that we have a DR site, that's advertising the exact same network through the same ISP carrier as ISP 1 on our main HQ site.  What would we do to avoid the situation of ISP1 going down on the main HQ, but not going down on the DR site.  So now we face the difficulty of having traffic leaving ISP2 at the main HQ, and trying to go into DR site ISP.  How would we avoid this issue?

Sorry but it's not clear what you mean. 

Do you mean the DR site is advertising the same IP subnet but with prepending ? 

Not sure what you are asking. 

Jon

Hey Jon,

Also just noticed how confusing I wrote that out. My apologies :)

So we have 2 sites:

Main site - 2 ISP providers - 1 active and the other for failover.

DR site - just 1 ISP, we don't have a failover over there, but we advertise the same exact /24 to all.  

As you can see "Main site router" has 2 ISPs in case the ISP1 fails, we switch off to ISP2.  And you can also see we use the same ISP provider at DR site (which is "ISP1").  DR site only has 1 default route out through "ISP", only 1 ISP configure there 1 circuit and DR site advertises same /24. 

Now the problem is when "ISP1" dies at Main site router, we have no issues with outbound traffic through ISP2, BUT   now we have the issue that the return traffic goes to our DR site instead of back here through ISP2.    That's what we're trying to figure out.  

So is the DR site only to be used if both ISP connections at your main site fail ? 

It is a bit difficult to fully understand what you are doing as you are using communities and prefix lists which are not shown but would it not be possible to simply prepend ISP2 advertisement and then also prepend DR advertisement but add more instances of the AS path to the DR site. 

Or it may be possible to use the BGP conditional advertisement feature at your DR site but again difficult to say without a full picture of how everything routes etc. 

Jon

So the DR site also has users there too.  The DR site will hopefully one day also be a backup for everything to go to if everything at the main site fails....so to address your questions about it being a backup if ISP at both fail is kinda true yes.

Ok I think you're onto something  here, so you're saying to use the prepend command at the DR site like below, so that when traffic wants to go into the DR site it will see very expensive metrics, so it will go back to the /24 being advertised out of our ISP2 back at Main site router instead?

DR Site Router#

route-map isp_backup_out, permit, sequence 20
Match clauses:
ip address prefix-lists: isp_29_B
Set clauses:
Policy routing matches: 0 packets, 0 bytes

as-path prepend 22222222 22222222 22222222 22222222
community 22222222:999

So if I was to push this config here, I don't need to add the prepend to the ISP2 of Main site because now the metrics will be more attractive to the /24 at ISP2 main site compared to the DR site right?

Ok I understand.  Thank you Jon!  I will give this a shot