single homed, dual router + hsrp config

nweatherdata · ‎09-19-2012

Hi all,

I have 2 circuits within the same ISP. Our ISP said we could do a failover setup using BGP, using their AS number. I would like to setup 2 routers with HSRP on the LAN side, and use the router connected to our 100Mb circuit as a primamry router. This diagram illlustrate the setup.

I can't find many examples of BGP using single homed with dual links setup... so far I think these configs should work.

Top router

Bottom Rourt

interface GigabitEthernet0/1

ip address 1.1.1.1 255.255.255.0

interface FastEthernet5/0

ip address 220.1.1.252 255.255.255.224

standby 1 priority 105

standby authentication FOO

standby 1 preempt delay minimum 60

standby 1 ip 220.1.1.254

standby 1 track GigabitEthernet0/1

router bgp 2386

no synchronization

network 220.1.1.226 255.255.255.224

neighbor 1.1.1.2 remote-as 2386

no auto-summary

ip route 0.0.0.0 0.0.0.0 1.1.1.2

interface Serial1/0

ip address 2.1.1.1 255.255.255.0

interface FastEthernet5/0

ip address 220.1.1.253 255.255.255.224

standby 1 priority 100

standby authentication FOO

standby 1 preempt

standby 1 ip 220.1.1.254

router bgp 2386

no synchronization

network 220.1.1.226 255.255.255.224

neighbor 2.1.1.2 remote-as 2386

neighbor 2.1.1.2 route-map as-prepend-map out

no auto-summary

access-list 35 permit 220.1.1.226 255.255.255.224

route-map as-prepend-map permit 10

match ip address 35

set as-path prepend 2386 2386 2386

ip route 0.0.0.0 0.0.0.0 2.1.1.2

Would these configurations work ?

Thanks !

-Dan

Giuseppe Larosa · ‎09-19-2012

Hello Dan,

the usual setup is somewhat different

the ISP assigns you a private BGP AS in range 64512 -65535

Your routers use the private AS number for example 65000

You receive a default route in eBGP from provider so you don't need the static default route or you are defeating the target of the eBGP sessions.

You can have an iBGP session between your devices.

Using the same AS number as the ISP is possible, but you cannot make also an iBGP session between your routers ( it would be useless).

You should remove the static default routes and you should use a route filtering to accept only the default route from neighbor

access-list 11 permit 0.0.0.0

route-map ONLY-DEF permit 10

match ip address 11

router bgp XX

neighbor y,y,y,y route-map ONLY-DEF in

Done on both routers.

However, if BGP session on top router fails there is no failover to bottom router , This is the drawback of using the same AS number as the ISP.

Hope to help

Giuseppe

nihit-tandon · ‎09-19-2012

I got one query why are you tracking the Gig 0/1 since being Ethernet it will not go down then hw will the traffic gets shifted , I f im not wrong your traffic will start getting dropped the moment it will find the BGP neighborship getting down..

nweatherdata · ‎09-19-2012

In case the Access router router on the 100Mb circuit goes down ( or the link to it ), the virtual router IP address needs to move over the standby router.

I guess that didn;t think about the situation where the 100Mb link is still up, but the BGP neighborship goes down.

1) How likely is that to happen though ?

2) if I have a static default route defined, would that keep the router forwarding traffic to the Access router in the case a default route is no longer being provided via BGP ?

2) Would the workaround be setting up iBGP so that default route on the primary can be routed through the backup router in the event that the primary router still holds the virtual IP address ?

Thanks