07-25-2017 01:13 AM - edited 03-05-2019 08:53 AM
Hello,
a customer has two ISPs and it's own AS. For each ISP we use a router which is connected with BGP to the ISP.
The LAN has it's default route pointing to the firewall which in turn uses the default routes which comes from the (two) ISPs via BGP.
What will be the best practice recommendation to use loadbalancing between the two ISPs. When we configure for example HSRP between the routers only one router will be the active. So if the firewall is pointing to the VIP of the HSRP we have no loadbalancing because only one route is the active one.
Regards
Udo
07-25-2017 03:33 AM
Hello Udo,
have a look at the link below, in your case scenario 4,5, and 6 in particular:
http://showipbgp.com/bgp-configurations/cisco.html
07-25-2017 11:28 AM
I would suggest you to go with below steps:
1. Break the Lan pool subnet into two halves
2. Define one of the ISP as Primary ISP by making use of Bgp Attribute Local preference.
3. Define the second ISP as secondary ISP by making use of the BGP Attribute AS Path prepend.
4. Advertise the entire lan Pool and half among the entire Lan pool as second subnet in bgp.
5. Define policy based routing and set the next hop of the second half lan pool as the Secondary wan ip on the secondary router as seen in below config:
Example:
Primary link
neighbor 10.24.X.X route-map LOCALPREFERENCE_IN_LP in (Defines the traffic that is going from inside to outside)
neighbor 10.24.X.X route-map LOCALPREFERENCE_OUT out (Defines the reverse traffic that is comming from outside to inside)
=================
Secondary link
neighbor 10.25.X.X route-map ASPATH_IN in (Defines the traffic that is going from inside to outside)
neighbor 10.25.X.X route-map ASPATH_OUT_PREPEND out(Defines the reverse traffic that is comming from outside to inside)
Actual Lan segment : 10.160.55.128 255.255.255.192.
Here the second half of the Lan segment is 10.160.55.160 255.255.255.224.
ip access-list standard SECOND_HALF
permit 10.160.55.160 0.0.0.31
deny any
route-map LOADSHARING
match ip address SECOND_HALF
set ip next-hop verify-availability 10.25.X.X
Apply the above policy based route-map statement in Lan interface.
This should enable the second half of the subnet to pass through Secondary and First half through Primary wan link among the 2 available routers and when traffic passes by through second link you should see the policy based matches on route-map LOADSHARING
James..
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide