Network Next Hop - Page 2

christopher_tan · ‎11-05-2015

Hello all,

I would like to get some solution on below.

1. I have a single router which connect to two different provider internet circuit (circuit A and circuit B)

2. WAN facing running BGP

3. LAN facing running eigrp

4. LAN have two public subnet (100.1.1.0/24 and 200.2.2.0/24)

5. The issue i facing is, all traffics seems to use only one circuit A for incoming/outgoing. Nothing on circuit B

Attach diagram and router configuration.

Please help suggest a way to load balance both circuits for two public subnets.

Thanks.

Regards,

Christopher

christopher_tan · ‎11-09-2015

both 100.1.1.0/24 and 200.2.2.0/24 are public subnet connected in LAN - DMZ.

paul driver · ‎11-09-2015

Hello
The simplest way would be the below configuration,

This will advertise the best preferred path ingress from either ISP for those two subnets and at the same time provide per destination load sharing will be applied egress from your site towards either ISP

Example:

access-list 1 permit 200.2.2.0 0.0.0.255

route-map isp1 permit 10
match ip address 1
set as-path prepend 64520 64520 64520

route-map isp1 permit 99

access-list 2 permit 100.1.1.0 0.0.0.255

route-map isp2 permit 10
match ip address 2
set as-path prepend 64520 64520 64520

route-map isp2 permit 99

router bgp 64520
neighbor 10.1.1.2 route-map isp1 out
neighbor 20.1.1.2 route-map isp1 out
maximum-paths 2

res
Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

christopher_tan · ‎11-10-2015

i assume there is no need for "route-map isp1 permit 99" and "route-map isp2 permit 99" ?

Also, will traffics still passing to the link which UP when one of the interface is down?

Please advice what commands to verify if all above works as per design?

paul driver · ‎11-11-2015

Hello

i assume there is no

need for "route-map isp1 permit 99" and "route-map isp2 permit 99" ?
Yes there is a need-

The RM stanza 99 are a catch all statement ,It will advertise any other routes not defined in stanza 10

So in his case the routes not matched by the acl will be advertised as normal -- no prepending

will traffics still passing to the link which UP when one of the interface is down?

yes that is correct

Sh ip bgp | b N
sh ip bgp neighbours x.x.x.x router
Sh ip route bgp | b N
show ip cef exact-route (scr) (dst)

res
Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

christopher_tan · ‎11-15-2015

Hi Paul,

The traffics seems still on one circuit.

"sh ip cef exact-route <src> 8.8.8.8" looks fine, IP adj out of g0/1 and g0/2 on each same command issued.

Below the configuration again, help advice next.

access-list 80 permit 200.2.2.0 0.0.0.255

route-map isp1 permit 50
match ip address 80
set as-path prepend 64520 64520 64520

route-map isp1 permit 99

access-list 81 permit 100.1.1.0 0.0.0.255

route-map isp2 permit 50
match ip address 81
set as-path prepend 64520 64520 64520

route-map isp2 permit 99

route-map PREPEND permit 10 <-- require this ?
set as-path prepend 64520 64520 64520

router bgp 64520

neighbor 10.1.1.2 activate

neighbor 10.1.1.2 allowas-in 10 <-- require this ?

neighbor 10.1.1.2 allowas-in isp1 out

neighbor 20.1.1.2 activate

neighbor 20.1.1.2 allowas-in 10 <-- require this ?

neighbor 20.1.1.2 route-map isp2 out

maximum-paths 2

Rgds,

Christopher

paul driver · ‎11-16-2015

Hello

Can you post if applicable

Sh ip bgp
sh ip route bgp

res
Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

christopher_tan · ‎11-16-2015

    Network          Next Hop            Metric LocPrf Weight Path
*m 0.0.0.0          10.1.1.2                         0 9498 i
*>                   20.1.1.2                         0 9498 i
*> 20.1.1.0/24
                       0.0.0.0                  0         32768 ?
*> 10.1.1.0/24
                       0.0.0.0                  0         32768 ?
*> 100.1.1.0/24
     Network          Next Hop            Metric LocPrf Weight Path
                       <LAN facing ip>            0         32768 ?
*> 200.2.2.0/24
                       <LAN facing ip>            0         32768 ?

#sh ip route bgp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is 10.1.1.2 to network 0.0.0.0

B* 0.0.0.0/0 [20/0] via 10.1.1.2, 4d11h
[20/0] via 20.1.1.2, 4d11h

christopher_tan · ‎11-16-2015

interface g0/1 only outgoing traffics, while interface g0/2 both incoming/outgoing traffics.

paul driver · ‎11-17-2015

Hello Christopher

Apologies missed your last post -

interface g0/1 only outgoing traffics, while interface g0/2 both incoming/outgoing traffics.

Possibly be down to your ISP and the way they a manipulating their ingress/egress traffic, Even though you are advertising Prepend routes to both ebgp peers.

I see also the the allow -as command applied which doesn’t seem to be doing anything - This is usually beneficial when you have ibgp peering, which you don’t.

Can you please confirm your actual configuration

res

Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

christopher_tan · ‎11-18-2015

Hi Paul,

I removed the "allow-as".

Do i require to have that "PREPEND" ? If yes, is "permit 10" correct?

Here the current configuration:

access-list 80 permit 200.2.2.0 0.0.0.255

route-map isp1 permit 50
match ip address 80
set as-path prepend 64520 64520 64520

route-map isp1 permit 99

access-list 81 permit 100.1.1.0 0.0.0.255

route-map isp2 permit 50
match ip address 81
set as-path prepend 64520 64520 64520

route-map isp2 permit 99

route-map PREPEND permit 10 <-- require this ?
set as-path prepend 64520 64520 64520

router bgp 64520

neighbor 10.1.1.2 activate

neighbor 10.1.1.2 allowas-in isp1 out

neighbor 20.1.1.2 activate

neighbor 20.1.1.2 route-map isp2 out

maximum-paths 2

If i would like to ask service provider, what should i tell them? or just simply ask them do the same as this router?

Rgds,

Christopher

paul driver · ‎11-18-2015

Hello

Yes please remove it - its nots being used by anything I can see

However, I DONT see the ISP1 route-map being used :

Omitting your old config and just relating to the config I have supplied it should read:

router bgp 64520

neighbor 10.1.1.2 route-map isp1 out

neighbor 20.1.1.2 route-map isp2 out

maximum-paths 2

Try applying that and then perfrom a soft reset

clear ip bgp * soft

res
Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

christopher_tan · ‎11-19-2015

yea, both isp1 and isp2 was there. I type in wrongly in last post.

router bgp 64520
bgp log-neighbor-changes
neighbor 10.1.1.2 remote-as 9498
neighbor 20.1.1.2 remote-as 9498
!
address-family ipv4
redistribute connected
redistribute static
neighbor 10.1.1.2 activate
neighbor 10.1.1.2 route-map isp1 out
neighbor 20.1.1.2 activate
neighbor 20.1.1.2 route-map isp2 out
maximum-paths 2
exit-address-family

access-list 80 permit 200.2.2.0 0.0.0.255

route-map isp1 permit 50
match ip address 80
set as-path prepend 64520 64520 64520

route-map isp1 permit 99

access-list 81 permit 100.1.1.0 0.0.0.255

route-map isp2 permit 50
match ip address 81
set as-path prepend 64520 64520 64520

route-map isp2 permit 99

paul driver · ‎11-16-2015

Hello

Okay you have Multipath enabled now and two paths in the rib for the default

"sh ip cef exact-route <src> 8.8.8.8" looks fine, IP adj out of g0/1 and g0/2 on each same command issued.

What does this give you - it should by default be per destination the same as above

sh ip cef exact-route 100.1.1.x 8.8.8.8
sh ip cef exact-route 200.1.1.x 8.8.8.8

res
paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

christopher_tan · ‎11-16-2015

it is now "ip load-sharing per-packet" on both g0/1 and g0/2 interfaces.

Below the output.

#sh ip cef exact-route 100.1.1.0 8.8.8.8
100.1.1.0 -> 8.8.8.8 => IP adj out of GigabitEthernet0/2, addr 20.1.1.2
#sh ip cef exact-route 100.1.1.0 8.8.8.8
100.1.1.0 -> 8.8.8.8 => IP adj out of GigabitEthernet0/2, addr 20.1.1.2
#sh ip cef exact-route 100.1.1.0 8.8.8.8
100.1.1.0 -> 8.8.8.8 => IP adj out of GigabitEthernet0/2, addr 20.1.1.2
#sh ip cef exact-route 100.1.1.0 8.8.8.8
100.1.1.0 -> 8.8.8.8 => IP adj out of GigabitEthernet0/1, addr 10.1.1.2
#sh ip cef exact-route 100.1.1.0 8.8.8.8
100.1.1.0 -> 8.8.8.8 => IP adj out of GigabitEthernet0/2, addr 20.1.1.2
#sh ip cef exact-route 100.1.1.0 8.8.8.8
100.1.1.0 -> 8.8.8.8 => IP adj out of GigabitEthernet0/2, addr 20.1.1.2
100.1.1.0 -> 8.8.8.8 => IP adj out of GigabitEthernet0/2, addr 20.1.1.2
#sh ip cef exact-route 100.1.1.0 8.8.8.8
100.1.1.0 -> 8.8.8.8 => IP adj out of GigabitEthernet0/1, addr 10.1.1.2
#sh ip cef exact-route 100.1.1.0 8.8.8.8
100.1.1.0 -> 8.8.8.8 => IP adj out of GigabitEthernet0/1, addr 10.1.1.2

#sh ip cef exact-route 200.2.2.0 8.8.8.8
200.2.2.0 -> 8.8.8.8 => IP adj out of GigabitEthernet0/1, addr 10.1.1.2
#sh ip cef exact-route 200.2.2.0 8.8.8.8
200.2.2.0 -> 8.8.8.8 => IP adj out of GigabitEthernet0/2, addr 20.1.1.2
#sh ip cef exact-route 200.2.2.0 8.8.8.8
200.2.2.0 -> 8.8.8.8 => IP adj out of GigabitEthernet0/1, addr 10.1.1.2
#sh ip cef exact-route 200.2.2.0 8.8.8.8
200.2.2.0 -> 8.8.8.8 => IP adj out of GigabitEthernet0/1, addr 10.1.1.2

inteface g0/1 only seen with outgoing traffics, no incoming traffics.

interface g0/2 both incoming and outgoing traffics.

WAN Load Balancing