cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2328
Views
0
Helpful
15
Replies

Single multihomed BGP failover (Active/Passive)

hmc2500
Beginner
Beginner

Hi, how can I make a single multihomed BGP internet connection to 2 ISP's fail over active/passive? I'm thinking about using weight (want to manage this on my router) to have traffic go out one prefferred ISP but that's not really Active/Passive. Some routes may still go out through the backup ISP. Any ideas how to accomplish this and should I be worried about asymetric traffic in this scenario. Thanks.

15 Replies 15

Reza Sharifi
Hall of Fame Expert Hall of Fame Expert
Hall of Fame Expert

Hi,

You only have a single route facing both providers?

If you are doing this with BGP, you can prepend  your AS number to the backup provider (config in this link) so return traffic is always preferred using your preferred ISP.  With active/passive you usually don't have to worry about asymmetric routing but with active/active the potential is there as some applications don't function correctly.

Here is a good link with several examples:

http://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/13762-40.html

HTH

paul driver
VIP Expert VIP Expert
VIP Expert

Helloi

Some routes may still go out through the backup ISP.

Not if you specify an higher default weight value on the preferred peer then bgp will use that path for all out going to traffic unless you wish for specific prefixes to utilise a certain path then using Route-maps with weight path attribute would be another way

As for return traffic then AS-Path prepending would be appropriate as suggested

res

paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

I've tested it in GNS3 and configured the neighbor ISP A with a higher weight than ISP B but the routes for the ISP B local networks go straight to the ISP B router and not through ISP A. 

Hello

The one rtr with dual isp links then the local networks of the one rtr will and should be advertised to both isps with pre-pending on the least preferred link

As for "local " networks regards weight PA - do you mean the directly connected network of each peering if so that would be correct 

please post your config of the local rtr so to clarify 

res

paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Yes I meant the directly connected networks of the neighbor. Is there no other way of setting up a real active/passive multihomed bgp connection?

Hello

That is required otherwise you won't get the peering established and is also as per Bgp path selection ctriteria 

Using weight and as-path path attributes would give you the resilency you desire .

I suppose you can implement a solution in which the less preferred isp peering is in a shutdown state and is only brought up when there a failure on the primary isp network!

This can be achieved using IP SLA and EEM  - please review EEM csc  doc

https://supportforums.cisco.com/document/117596/cisco-eem-basic-overview-and-sample-configurations

res

Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Sorry was busy and could not respond earlier with the config but here it is. I've tried it in GNS3 but it seems that when I configure the as prepend and I stop the neighboring router of ISP A (AS 385555 and has weight 100) it stops advertising the local and redistributed static routes and they are no longer reachable from the outside.

The local and redistributed static routes respectively are 112.103.104.0/255.255.255.0 and 192.168.35.0/255.255.255.0

Is that expected. Below is the config.


#sh run
Building configuration...

Current configuration : 1859 bytes
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
!
hostname XXXXX
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
!
!
no ip domain lookup
no ipv6 cef
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 112.103.104.2 255.255.255.0
duplex full
!
interface Serial1/0
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
interface Ethernet2/0
ip address 114.11.109.222 255.255.255.252
duplex full
!
interface Ethernet2/1
ip address 19.15.113.170 255.255.255.248
duplex full
!
interface Ethernet2/2
no ip address
shutdown
duplex full
!
interface Ethernet2/3
no ip address
shutdown
duplex full
!
router bgp 309021
bgp log-neighbor-changes
network 12.15.113.168 mask 255.255.255.248
network 112.103.104.0 mask 255.255.255.0
network 114.11.109.220 mask 255.255.255.252
redistribute static
neighbor 19.15.113.169 remote-as 385555
neighbor 19.15.113.169 weight 100
neighbor 114.11.109.221 remote-as 375600
neighbor 114.11.109.221 route-map prepend out
!
ip forward-protocol nd
!
ip as-path access-list 10 permit ^$
!
no ip http server
no ip http secure-server
ip route 192.168.35.0 255.255.255.0 112.103.104.1
!

!
route-map prepend permit 10
set as-path prepend 375600
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
!
!
end

#

Hello

I can see some anomalies in you config but it still should work


it stops advertising the local and redistributed static routes and they are no longer reachable from the outside

Are you waiting for bgp to converge - default hold timers are 180 sec (3mims)
and are you advertising defaults from each ISP peer?

Add this and test again

ISP1 rtr
timers bgp 3 10
neighbor 19.15.113.170 default-originate

ISP2 rtr
timers bgp 3 10
neighbor 114.11.109.222 default-originate

your rtr
timers bgp 3 10
neighbor 19.15.113.169 filter-list 10 out
neighbor 114.11.109.221 filter-list 10 out

res
Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

This did not work. The only way to get the router to advertise local and redistributed routes to ISP2 is to remove this > neighbor 114.11.109.221 route-map prepend out.

And this only happens with the neighbor 114.11.109.221. ISP1 works fine.

Hello

maybe you mis understood the as path filter was for only to negate ISP transit path routing

You will still need to use your route maps

res

paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

No I understand that you added path filtering to help so that my AS does not become a transit AS to both ISP's. However regardless if that's added or not the AS prepend did not work (and I did configure the route maps). Attached is my GNS3 config (it includes the config files of all the routers, I used IOS image C7200-ADVIPSERVICESK9-M).  

Hello

Apologies I cannot open those files -

Can you post - sh ip bgp neighbors x.x.x.x routes

res
PAul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

This is what I see when I have ISP1-A shutdown. (See attached Topology.jpg)


ISP2-A# sh ip bgp neighbors 192.168.35.0 routes
% No such neighbor or address family

ISP2-A#sh ip bgp neighbors 112.103.104.0 routes
% No such neighbor or address family

Here is the "sh ip route" 

ISP2-A#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override

Gateway of last resort is not set

10.0.0.0/24 is subnetted, 1 subnets
B 10.10.10.0 [20/0] via 181.122.30.2, 00:03:37
114.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 114.11.109.220/30 is directly connected, Ethernet2/0
L 114.11.109.221/32 is directly connected, Ethernet2/0
172.16.0.0/24 is subnetted, 1 subnets
B 172.16.1.0 [20/0] via 181.122.30.2, 00:03:06
181.122.0.0/16 is variably subnetted, 2 subnets, 2 masks
C 181.122.30.0/30 is directly connected, Ethernet2/1
L 181.122.30.1/32 is directly connected, Ethernet2/1
B 208.10.10.0

This is on RTR1:

RTR1#sh ip bgp
BGP table version is 19, local router ID is 114.11.109.222
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path
*> 0.0.0.0 114.11.109.221 0 375600 i
*> 10.10.10.0/24 114.11.109.221 0 375600 365602 i
*> 19.15.113.168/29 0.0.0.0 0 32768 i
*> 112.103.104.0/24 0.0.0.0 0 32768 i
* 114.11.109.220/30
114.11.109.221 0 0 375600 i
*> 0.0.0.0 0 32768 i
*> 172.16.1.0/24 114.11.109.221 0 375600 365602 375603 i
*> 181.122.30.0/30 114.11.109.221 0 0 375600 i
*> 192.168.35.0 112.103.104.1 0 32768 ?
*> 208.10.10.0 114.11.109.221 0 375600 365602 375603 385604 i

RTR1#sh ip bgp summ
BGP router identifier 114.11.109.222, local AS number 309021
BGP table version is 19, main routing table version 19
9 network entries using 1296 bytes of memory
10 path entries using 800 bytes of memory
7/7 BGP path/bestpath attribute entries using 952 bytes of memory
4 BGP AS-PATH entries using 112 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 3160 total bytes of memory
BGP activity 9/0 prefixes, 14/4 paths, scan interval 60 secs

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
19.15.113.169 4 385555 0 0 1 0 0 00:12:45 Idle
114.11.109.221 4 375600 322 313 19 0 0 00:15:51 6
RTR1#

I've read another post of someone with similar problems and it looks like using the neighbor send community command may have fixed it for him. Not sure how it works yet. 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: