cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6437
Views
0
Helpful
8
Replies

Need to configure BGP between primary and secondary circuit to single ISP

dguse
Level 1
Level 1

I have a single ISP with existing bonded T1's and have added a new 10 mb/sec ethernet circuit. I want to use the 10 mb/sec ethernet circuit as the primary circuit and have all traffic both inbound and outbound traverse the 10 mb/sec circuit. I want to have the bonded T1's as a secondary / backup circuit in the event that the primary should fail.

I believe I need to add a route-map statement, but I am not sure how it shoud be configured, any help would be greatly appreciated.

Here is the config I have on my side:

interface MFR1.500 point-to-point
ip address 192.168.1.1 255.255.255.252

description bonded 2xT1 backup circuit
no ip redirects
no ip proxy-arp
no cdp enable
no arp frame-relay
frame-relay interface-dlci 500 IETF  
!
interface FastEthernet0/0
no ip address
duplex full
speed 100
!
interface FastEthernet0/0.878
encapsulation dot1Q 878
ip address 172.16.1.1 255.255.255.252

description primary 10 mb/sec ethernet circuit
no snmp trap link-status
no cdp enable
!
interface FastEthernet0/1
ip address 10.10.10.1 255.255.255.240

description connection to ASA to internal network
duplex full
speed 100
!
interface Serial0/0/0:0
mtu 4470
bandwidth 1536
no ip address
no ip redirects
no ip proxy-arp
encapsulation frame-relay MFR1
no arp frame-relay
!
interface Serial0/0/1:0
mtu 4470
bandwidth 1536
no ip address
no ip redirects
no ip proxy-arp
encapsulation frame-relay MFR1
no arp frame-relay

router bgp 1046
no synchronization
bgp log-neighbor-changes
network 10.20.20.1 mask 255.255.255.224
network 10.10.10.1 mask 255.255.255.240
neighbor 192.168.1.2 remote-as 101
neighbor 192.168.1.2 password 7 0723755E49064326191F0F20321E
neighbor 192.168.1.2 weight 10
neighbor 172.16.1.2 remote-as 101
neighbor 172.16.1.2 password 7 013F52165C045C2C2F414A252F31
no auto-summary

ip classless
ip route 10.20.20.1 255.255.255.224 10.10.10.2

1 Accepted Solution

Accepted Solutions

Darren


Thanks for the clarification. Just to be clear - there is one router on your side and it has 2 links to the same ISP, and each link to the ISP terminates on a different ISP router.

If that is the case then I think that the config in your original post needs a couple of change. First - the weight applied will help decide which of the routes learned from the provider will be preferred, and if the preferred routes are withdrawn then the routes from the other peer will be used. The default weight is 0 and the weight that you are applying is 10. The greater weight will be preferred. So the weight parameter should be applied on the 10 Mb neighbor but you have applied it to the bonded T1 neighbor. so change the

neighbor 192.168.1.2 weight 10

to

neighbor 172.16.1.2 weight 10


That will take care of outbound traffic from your network to the ISP. But it does not deal with how traffic from the ISP will get to you. You should make the advertisements to the neighbor on the bonded T1 less attractive than what is advertised to the other neighbor. This is frequently done by prepending your AS number to the outbound advertisement to the less preferred peer. And prepending is done using a route map (which gets back to the comment in your original post about whether a route map should be used). I would suggest using something like:

neighbor 192.168.1.2 route-map outbound_adv out

route-map outbound_adv permit 10 
set as-path prepend 1046 1046 1046

If you test and it is not working quite right then you might want to add some more 1046s to the prepend.


HTH


Rick

HTH

Rick

View solution in original post

8 Replies 8

Dennis Mink
VIP Alumni
VIP Alumni

as you are already using BGP, run iBGP between the 2 routers

I would use local preference

EXAMPLE:


router 1:


router ospf 1
router-id 10.2.1.3
auto-cost reference-bandwidth 100000
area 0 authentication message-digest
passive-interface default
no passive-interface GigabitEthernet0/1
no passive-interface GigabitEthernet0/2
no passive-interface Loopback0
network 10.2.1.3 0.0.0.0 area 0
network 10.2.1.88 0.0.0.3 area 0
network 10.2.1.92 0.0.0.3 area 0
!
router bgp 65022
bgp log-neighbor-changes
network 10.2.0.0 mask 255.255.224.0
network 10.2.1.88 mask 255.255.255.252
network 10.2.1.92 mask 255.255.255.252
network 10.2.32.0 mask 255.255.248.0
network 10.2.100.0 mask 255.255.255.0
network 10.2.101.0 mask 255.255.255.0
network 10.2.102.0 mask 255.255.255.0
neighbor 10.2.1.1 remote-as 65022
neighbor 10.2.1.1 update-source Loopback0
neighbor 10.2.1.1 next-hop-self
neighbor 10.2.1.1 soft-reconfiguration inbound
neighbor 10.20.0.21 remote-as 65530
neighbor 10.20.0.21 soft-reconfiguration inbound
neighbor 10.20.0.21 route-map prepend out
no auto-summary
!
=======================================================

router ospf 1
router-id 10.2.1.1
log-adjacency-changes
area 0 authentication message-digest
redistribute static metric-type 1 tag 65022 route-map STATIC-TO-OSPF
redistribute bgp 65022 metric-type 1 subnets
passive-interface default
no passive-interface GigabitEthernet0/1
no passive-interface GigabitEthernet0/2
no passive-interface Loopback0
network 10.2.1.1 0.0.0.0 area 0
network 10.2.1.64 0.0.0.15 area 0
network 10.2.1.80 0.0.0.3 area 0
network 10.2.1.84 0.0.0.3 area 0
network 10.2.10.0 0.0.1.255 area 0
network 10.2.12.0 0.0.0.255 area 0
default-information originate always
!
router bgp 65022
bgp default local-preference 200<-------------higher local preference, thus prefered
bgp log-neighbor-changes
neighbor 10.2.1.3 remote-as 65022
neighbor 10.2.1.3 update-source Loopback0
neighbor 10.200.200.14 remote-as 65530
neighbor 10.200.200.14 provider service
!
address-family ipv4
  no synchronization
  network 10.2.0.0 mask 255.255.224.0
  network 10.2.32.0 mask 255.255.248.0
  network 10.2.100.0 mask 255.255.255.0
  network 10.2.101.0 mask 255.255.255.0
  network 10.2.102.0 mask 255.255.255.0
  network 10.2.164.0 mask 255.255.255.0
  network 10.2.165.0 mask 255.255.255.0
  network 10.2.166.0 mask 255.255.255.0
  network 10.200.200.12 mask 255.255.255.252
  network 10.200.200.252 mask 255.255.255.252
  neighbor 10.2.1.3 activate
  neighbor 10.2.1.3 next-hop-self
  neighbor 10.2.1.3 soft-reconfiguration inbound
  neighbor 10.200.200.14 activate
  neighbor 10.200.200.14 soft-reconfiguration inbound
  no auto-summary
exit-address-family

Alternately, you can used MED and route maps to give it evebn more granularity. But as you describe it, you want ALL traffic to go out the 1 router and have the other link on standby

Please rate if this helps

Please remember to rate useful posts, by clicking on the stars below.

The previous response is based on an understanding that there are 2 routers involved. My reading of the original post makes me believe that the customer side has only a single router and so the previous response does not work for them.

While I believe that it is relatively clear that the customer router will have 2 connections to the ISP it is not clear to me whether both ISP connections terminate on a common router at the ISP or whether there are 2 routers on the ISP side. If there are 2 different routers from the ISP connecting to the customer router then the suggested configuration in the original post seems appropriate, it establishes 2 BGP peers and set weight to prefer the peer ove the faster circuit.

If there is a single router at the ISP then I believe that a different configuration is called for. If it is a single router then a single BGP peer works. I would change the BGP neighbor address so that it was some other address than the physical interface addresses. When the neighbor address is not the physical then you can configure static routes for the neighbor address. Configure a static route which uses the faster interface and configure a floating static to the neighbor address which uses the bonded multilink to get to the neighbor. You may also need to have the ISP change their neighbor statement to point at some address on your router that is not the connected interface physical address. And you probably need to configure the neighbor update-source command on your router.

Note that if you are trying to use a floating static where the primary static is over FastEthernet that you may need something like object tracking to determine whether the link is still working or whether the static route should be withdrawn.

The comment in the original post about perhaps needing a route map would seem to indicate that they thought that the solution may be based on Policy Based Routing (since PBR does use route maps). But I do not believe that PBR is the solution in this case.

HTH

Rick

HTH

Rick

Hi Richard,

There are 2 routers on the ISP side. Thank you for your feedback, I will engage the ISP again in the A.M. as they bailed for the night.

Darren

Darren


Thanks for the clarification. Just to be clear - there is one router on your side and it has 2 links to the same ISP, and each link to the ISP terminates on a different ISP router.

If that is the case then I think that the config in your original post needs a couple of change. First - the weight applied will help decide which of the routes learned from the provider will be preferred, and if the preferred routes are withdrawn then the routes from the other peer will be used. The default weight is 0 and the weight that you are applying is 10. The greater weight will be preferred. So the weight parameter should be applied on the 10 Mb neighbor but you have applied it to the bonded T1 neighbor. so change the

neighbor 192.168.1.2 weight 10

to

neighbor 172.16.1.2 weight 10


That will take care of outbound traffic from your network to the ISP. But it does not deal with how traffic from the ISP will get to you. You should make the advertisements to the neighbor on the bonded T1 less attractive than what is advertised to the other neighbor. This is frequently done by prepending your AS number to the outbound advertisement to the less preferred peer. And prepending is done using a route map (which gets back to the comment in your original post about whether a route map should be used). I would suggest using something like:

neighbor 192.168.1.2 route-map outbound_adv out

route-map outbound_adv permit 10 
set as-path prepend 1046 1046 1046

If you test and it is not working quite right then you might want to add some more 1046s to the prepend.


HTH


Rick

HTH

Rick

Brilliant! It is working perfectly.

Darren

I am glad that it is working and that my suggestions were helpful. Thank you for marking this question as resolved/answered (and thanks for the points). It makes the forum more useful when people can read a question and can know that there were answers which helped to resolve the question. Your marking this will help readers to recognize that a solution was found.

HTH

Rick

HTH

Rick

Thanx for being thorough and specific with your answer instead of posting a link to one of Cisco's vague examples and calling it a day...

Thank you for the comment about my response. I am glad that you found it helpful and specific. I do find that in questions like this it is quite helpful to have some detail and example in the explanation.

HTH

Rick

HTH

Rick
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: