Solved: Symmetric Routing

Simon Young · ‎11-21-2012

I am interested in achieving symmetric routing

I am running BGP, I have two CE routers connected to the same ISP. I am using MED to influence the traffic inbound, so each router receives 1/2 of the advertised traffic.

I have 2 iBGP speaking core switches behind the routers. Is it possible to forward the traffic outbound (based on source)

I would like - traffic from subnet A to go to router B and subnet B to go to router A

I know BGP is examining the destination, so local pref is only applicable when going to prefix x.x.x.x (not for traffic coming from subnet A or B)

I don't see a way of achieving this with BGP only by using PBR is this correct?

On CPE Router 1

access-list 1 permit x.x.x.x

access-list 2 permit x.x.x.x

!

interface FastEthernet0/0

ip policy route-map test
!

route-map test permit 10

match ip route-source 1

set ip next-hop x.x.x.x (ISP connection 1)

!

route-map test permit 20

match ip route-source 2

set ip next-hop x.x.x.x (other iBGP router, to forward out the other ISP link)

!

I have set this up in GNS3 but its no behaving as I'd expect. Any help greatly appreciated

cadet alain · ‎11-22-2012

Hi,

I would do something more like this:

-make Core1 the active router for standby1 ( subnet1) and Core2 the standby router for standby2(subnet2)

-make Core2 the active router for standby2 (subnet 2) and Core2 the standby router for standby1 (subnet1)

-on Core 1: track the interface going to CE1 and if CE1 can't route to ISP anymore then make CE2 become the active router for subnet 1

-on Core 2: track the interface going to CE2 and if CE2 can't route to ISP anymore then make CE1 become the active router for subnet 1

In this case you don't need to do PBR anymore as subnet A will always go to CE1 and subnet B will always go to CE2 but if any Core switch or CE router or even CE-PE connection goes down then HSRP will take care of it and you will have failover.

Regards.

Alain

Don't forget to rate helpful posts.

View solution in original post

cadet alain · ‎11-21-2012

Hi,

yes you're right if you want to modify routing behavior per source then you have to use PBR but you should match on

an ACL which itself will match on source subnet so replace your match ip route-source by match access-group in your route-map statements and in your ACLs permit each subnet respectively.

Regards.

Alain

Don't forget to rate helpful posts.

bharat.rajwanshi · ‎11-21-2012

Yes, at that time you have to use source based routing but would also suggest you to create TWO HRSP group on Router, where HSRP group-1 will have higher priority on Router A and group-2 on Router B so that these both routers will have two different HRSP defualt gateways, in this case subnet sourcing from from LAN B will go via Router-A DG and subnet A via Router-B DG (per your design), and suppose any router goes down due to any hardware failure or so then source subnet will not lose their destination, they will failover to other active group.

Thanks!

Simon Young · ‎11-22-2012

Thanks for the replies.

I modified the PBR route map as suggested and that works fine.

I am interested in the HSRP suggestion

1. So I configure 2 HSRP groups on the routers (both routers having priority for one group)

say 1.1.1.1 (group A address) - and 2.2.2.2 (group B)

2. Can you elaborate on where I should be applying the route maps and PBR, on the router LAN interfaces or core switch

something like this, with the access-lists 1 and 2

interface x.x.x.x

ip policy route-map symmetry

route-map symmetry permit 10

match ip address 1

set ip next-hop 1.1.1.1

!

route-map symmetry permit 20

match ip address 2

set ip next-hop 2.2.2.2

!

Reversed on the other device

cadet alain · ‎11-22-2012

Hi,

I would do something more like this:

-make Core1 the active router for standby1 ( subnet1) and Core2 the standby router for standby2(subnet2)

-make Core2 the active router for standby2 (subnet 2) and Core2 the standby router for standby1 (subnet1)

-on Core 1: track the interface going to CE1 and if CE1 can't route to ISP anymore then make CE2 become the active router for subnet 1

-on Core 2: track the interface going to CE2 and if CE2 can't route to ISP anymore then make CE1 become the active router for subnet 1

In this case you don't need to do PBR anymore as subnet A will always go to CE1 and subnet B will always go to CE2 but if any Core switch or CE router or even CE-PE connection goes down then HSRP will take care of it and you will have failover.

Regards.

Alain

Don't forget to rate helpful posts.

bharat.rajwanshi · ‎11-22-2012

Hi Simon,

sorry for delay response, I was busy in some other stuffs

I also like idae of Alian where we no need to PBR, still here is scenario for your configs -

I dont have the idea how your core connected to both ISP routers via same subnets or different subnets?, so if you have same subnet then you requiring two HSRP groups with same subnet and if routers has two different interface configured as you mentioned above then COREs must have vlan to be conigured for two different subnets in order to send both ISP HRSP group hello to each other, if you not using vlan on CORE then requiring two dirty switch ( but not recommonded)

here is two scenario for you, please query if you found something wrong configs as i typed on quick configs. Thanks!

Yes, i missed to mention track for ISP in both scenario , here is int text format for you under both scenario -

Scenarion-1, Single Subnet on Router -

ISPA#

interface FastEthernet1/1

ip address 1.1.1.2 255.255.255.0

standby 100 ip 1.1.1.100

standby 100 priority 120

standby 100 preempt

standby 100 track fastEthernet 1/0 (ISP facing WAN interface)

standby 200 ip 1.1.1.200

standby 200 priority 115

standby 200 preempt

ISPB#

interface FastEthernet1/1

ip address 1.1.1.2 255.255.255.0

standby 100 ip 1.1.1.100

standby 100 priority 115

standby 100 preempt

standby 200 ip 1.1.1.200

standby 200 priority 120

standby 200 preempt

standby 100 track fastEthernet 1/0 (ISP facing WAN interface)

Scenario 2 - Dual Subnets on Router - you can also configure HSRP under vlans and make Active/Standby grops and make load balance per Alian suggest i guess.

ISPA#

interface FastEthernet1/1

ip address 1.1.1.2 255.255.255.0

standby 100 ip 1.1.1.100

standby 100 priority 120

standby 100 preempt

standby 100 track fastEthernet 1/0 (ISP facing WAN interface)

interface FastEthernet2/0

standby 200 ip 2.2.2.200

standby 200 priority 115

standby 200 preempt

ISPB#

interface FastEthernet1/0

ip address 1.1.1.3 255.255.255.0

standby 100 ip 1.1.1.100

standby 100 priority 115

standby 100 preempt

interface FastEthernet2/0

standby 200 ip 2.2.2.200

standby 200 priority 120

standby 200 preempt

standby 100 track fastEthernet 1/0 (ISP facing WAN interface)

Simon Young · ‎11-22-2012

Firstly, thanks again, its much appreciated

I have multiple vlans on the core switches, all running HSRP,

Routers plug into vlan 1, each has 2 connections, 1 to each core switch

All routes currently learned via router 1 (as no bgp attributes applied, so lowest IP selected)

My goal is to load balance my traffic to the two routers and I want to force cetain traffic over the links (switch to routers), so not everything goes to router 1.

I think that is why I was thinking of PBR as I couldn't see how to achieve this any other way.

Although my core switches have HSRP, they still route everything to router 1 due to iBGP