cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
687
Views
0
Helpful
9
Replies

setup second bgp router to second ISP

Amafsha1
Level 2
Level 2

Hello, we currently have our internet router connected to 1 ISP.  We would like to purchase a second router and have it connect to a different ISP.   The 2 ISPs will not talk iBGP, but our routers will.  The attached diagram shows what the topology will hopefully look like.  We are currently getting only a default route from our ISP and will do so with the 2nd ISP.  We are trying to achieve a primary, secondary function.  The 2nd router will only serve as a backup (no load-sharing or anything) in case the 1st router dies. 

 

From what I understand, Local-pref marks routes we get from the ISP, so it will alter how we send our internal routes out.  We would ideally set Router1 (primary) with higher local prefence for all our internal networks and set a lower local-pref on the 2nd router to be the backup.  this would be advertised within our AS so the 2 routers know what the deal is.  Is this really all we need?  We just make a route-map that captures all the internal traffic like 10.10.10.0 and 11.11.11.0 and sets a local pref on it, right?

 

From what I understand, we might not really need path-prepend here since it's just what we advertise to our ISPs and since we only have a deafult route out and the ISPs don't do iBGP, I guess path-prepend might be redundant in this situation.  Please correct me.  Thank you in advance!!

 

 

Router1:

Router bgp 100

bgp log neighbor changes

neighbor router2 remote-as 100

neighbor ISP1 remote-as 200

!

ip prefix-list default-route seq 10 permit 0.0.0.0/0

 !

route-map let_all_out permit 10

match ip address prefix-list deafult-route

set local prefernce 200

 

 

Router2: 

Router bgp 100

bgp log neighbor changes

neighbor router2 remote-as 100

neighbor ISP2 remote-as 300

!

ip prefix-list default-route seq 10 permit 0.0.0.0/0

 !

route-map let_all_out permit 10

match ip address prefix-list deafult-route

set local prefernce 150

 

 

Is this configuration coming close to achieving what I'm looking for, or am I really off here? :)

 

9 Replies 9

Kevin SAS
Level 1
Level 1

Hello,

 

Do you have MPLS link from your ISP 1 and 2 ? I mean, do you have some network ressources in datacenter?

I will assume not and suppose you have Public IP address on your WAN interface on both router.

 

- you have to configure VRRP or HSRP on client side, with high priority on router 1 side, to have gw on this side

- if you do that, changing local-pref is not needed because all traffic from client will go through router 1 and the shortest path will be through this router to ISP1

- on the other side, it is always a good idea to filter received route from EBGP router, so you can apply prefix-list in input like this :

 router bgp 100
   neighbor IP_ISP_1 remote-as 200
   neighbor IP_ISP_1 prefix-list DEFAULT-ROUTE in
  !
ip prefix-list DEFAULT-ROUTE seq 10 permit 0.0.0.0/0

- If BGP adjacency will shut off on router 1, you will have in your routing table on router 1 another default route through router 2. But this is not efficient, because you have master hsrp on router 1. SO to have both client GW and routing through router you will need the next point

- you need to track the wan interface on router 1 to allow GW failover to router 2, something like this :

track 33 interface gigabitethernet0/1 line-protocol
int vlan 1
description LAN_USER
ip address 10.10.10.253 255.255.255.0
standby 1 ip 10.10.10.254
standby 1 priority 110
standby 1 track 33 decrement 20
standby 1 preempt

Dont forget to put preempt in order to come back on router 1 when link to ISP is up.

 

Hope I don't have made a mistake, i have just a doubt regarding default-route when router_1 is active. Not sure if you should have 2 default-route or one. Will try this tommorow

You will change public ip address when failover on router_2 btw

 

I realized I made a mistake by specifying the wrong neighbor on Router 2 commands I posted.   it is now corrected. 

 

Correct, we are getting public IP addresses from our ISP; no MPLS.     The thing is that we have iBGP neighborship between our 2 routers.  I don't think we need to use HSRP, am I correct?  

 

And just to make matters worse, I uploaded the edited attachment.  I also made a mistake there too.  You will see the fix and I tried to make our internal topology more detailed.  The 2 ISP feeds come into our switch that connects via VLANs into our Routers1/2. 

 

 

Ok, but who is gw for client lan ?

routers or switch ?

You are mixing layer 2 and l3 on your pic, not very easy to understand

it is confusing, but that's how the network is setup.  I adjusted the diagram, sorry for making this confusing.  i realized i made a mistake.  Vlan 400(red line) is currently the main ISP 1 gateway out to Router 1.  Vlan 500(blue line) is used for ISP 2 (backup).  We have everything in place, we just haven't configured the 2nd router yet to be a failover.  There are /30 IP address spaces on the 4 interfaces between Router 1 and 2.  The ISP circuit terminates at Switch 30; it does not terminate at the routers.   We use switch 30 just for bridging.   For our current traffic flow, just follow the red lines to the router 1 and back out to the ISP 1 feed.

 

 

Ok (again), but who is gw for client lan ?
routers or switch ?
You can have ibgp/ebgp somewhere, but you need to have a default route for client, that's what I said.
I had some time to verify something, and you don't need to adjust local-pref because you have EBGP with telco provider. So administrative distance is prefered against IBGP AD.

Sample test config :
Router 1:

interface FastEthernet0/0
description LAN USER
ip address 172.16.1.1 255.255.255.0
standby 1 ip 172.16.1.254
standby 1 priority 110
standby 1 preempt
!
interface FastEthernet0/0.100
description FOR_IBGP
encapsulation dot1Q 100
ip address 192.168.10.1 255.255.255.0
!
interface FastEthernet1/0
description OUTSIDE
ip address 192.168.1.1 255.255.255.0
router bgp 100
bgp log-neighbor-changes
neighbor 192.168.1.2 remote-as 300
neighbor 192.168.10.2 remote-as 100
!
address-family ipv4
neighbor 192.168.1.2 activate
neighbor 192.168.10.2 activate
neighbor 192.168.10.2 next-hop-self
no auto-summary
no synchronization
exit-address-family

Router 2 :

interface FastEthernet0/0
description LAN
ip address 172.16.1.2 255.255.255.0
standby 1 ip 172.16.1.254
!
interface FastEthernet0/0.100
description FOR_IBGP
encapsulation dot1Q 100
ip address 192.168.10.2 255.255.255.0
!
interface FastEthernet1/0
description OUTSIDE
ip address 192.168.2.1 255.255.255.0
router bgp 100
no synchronization
bgp log-neighbor-changes
neighbor 192.168.2.2 remote-as 400
neighbor 192.168.10.1 remote-as 100
neighbor 192.168.10.1 next-hop-self

Some tests, nominal situation:
R1 is primary HSRP

R1#sho standby brief
P indicates configured to preempt.
|
Interface Grp Prio P State Active Standby Virtual IP
Fa0/0 1 110 P Active local 172.16.1.2 172.16.1.254
For route:
B* 0.0.0.0/0 [20/0] via 192.168.1.2, 00:12:56

default route via telco 1 with AD=20 because off EBGP
I receive another default route from R2 via IBGP but with AD=200, that's why it is not in RIB

R1#sho ip bgp nei 192.168.10.2 rout
BGP table version is 8, local router ID is 192.168.10.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
* i0.0.0.0 192.168.10.2 0 100 0 400 ?

In case, EBGP failed, route through R2 is installed in RIB, also notes AD:

B* 0.0.0.0/0 [200/0] via 192.168.10.2, 00:00:03


You need some nat off course
Don't forget to put the next-hop-self command
HSRP is for users, just read online why you need it.
As Paul said you can use another IGP protocol between routers, it's up to you. OSPF will do the job

Also note HSRP has not failover to router 2, track function is not configured in this example.

If your are not confident with this configuration, try it on virtual lab before production. You should understand before to configure.

 

 

 

Hello

What type of ISP's are they, Do they both share the same parent tier provider or is it that one of them is a child to the other, it this is the case then resiliency isnt really true if an outage occurs to the parent of higher the tier isp ( this you can check with the ISP themselves)

The topology you posted is a proposed solution correct?

Is there any specific reason why you would wont both routers peering to both the two independently ISP's if you don't require any load sharing.

 

You say the isps don't provide ibgp but they do off ebgp correct based on the example configuration you have posted?

 

If bgp is to be used then you can utilize both isps connections (one on either router) and receive a default from both of them at the same time.

 

An igp default can then be advertised via ospf into your L3 core with a preferred default (E1 v E2) This  advertisement would be based on each rtr's reliability to it own ISP default, The result being you l3 will always have default pointing to a valid internet path.

 

res

Paul

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

The topology I proposed is actually how it already is.  My predecessor could never figure out how to configure a backup link with the 2nd ISP we already have configured.  Everything in that drawing is how it is right now, but it's just sitting there not doing anything except for ISP 1 and Router 1 which is what we're using right now for our internet.  Router 2 and ISP 2 link are not being used.  I could load-share, I just never thought about it.  that 2nd circuit is much smaller and only to provide backup for more important things in case of a failure.    to answer your first questions, they are 2 completely separate companies I think.  

 

I only said the ISPs don't do iBGP, because i heard they dont.  one of the reasons why this project is challenging is because I don't know much about the ISP side of things.  

Amafsha1
Level 2
Level 2

I figure it's easier if I just post a new discussion and post the configs of the 2 routers.   Doing that now. 

Hello

If you do that then you will just be asked the same questions, until we can obtain a better understanding of your topology.

 

Also you will have then two discussions ongoing relating to the same query.

 

So my next question would be to share the configuration of the the active rtr  if it applicable to do so.

 

sh run config
sh ip protocols
sh ip route

 

res

Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: