cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
803
Views
20
Helpful
10
Replies

BGP config for failover questions

wilson_1234_2
Level 3
Level 3

We are moving to a new Voice design that will have a DS3 routing all of our calls to the Main site and if the main site fails, all calls will route to the DR site.

Pretty much identical configs on the inside network.

I do not know BGP, so forgive me if my questions are naive.

But, Verizon is telling me that it is pretty much a straight BGP config.

I have asked them for additional information, but it seems that is a pretty wide open statement.

I think there could be numerous ways to accomplish this and I will need to know how Verizon is configuring their end.

The goal is to have the calls routed to the HQ edge gateway and if that fails, route them to the DR edge gateway.

Would that be just a straight forward simple config with the AS info that Verizon would give me?

For example:

HQ

router bgp 7000

no synchronization

bgp log-neighbor-changes

network 1.2.3.4 mask 255.255.255.224

neighbor 6.6.1.185 remote-as 100

neighbor 6.6.1.185 version 4

neighbor 6.6.1.185 soft-reconfiguration inbound

neighbor 6.6.1.185 prefix-list 1 out

no auto-summary

DR

router bgp 7000

no synchronization

bgp log-neighbor-changes

network 2.3.4.5 mask 255.255.255.224

neighbor 6.6.1.189 remote-as 100

neighbor 6.6.1.189 version 4

neighbor 6.6.1.189 soft-reconfiguration inbound

neighbor 6.6.1.189 prefix-list 1 out

no auto-summary

10 Replies 10

Richard Burts
Hall of Fame
Hall of Fame

Richard

I am not sure that I have a full understanding of your situation and requirements and therefore am not sure if this config really does what you need. The config that you posed is pretty simple and straightforward. Both routers appear to be in AS 7000. So if there are 2 routers in AS 7000 I would expect them to become IBGP neighbors. But the configs do not have any neighbors in AS 7000.

Both routers configure a neighbor in AS 100 so these would be EBGP neighbors. The addresses of the neighbors are close but not the same. I am not sure that I got that relationship from your description of the environment.

With the limited information provided we can not tell what address your routers will be using to peer with the BGP neighbors. But unless the address is in the 6.6.1.x subnet you would need ebgp multihop configured.

I can not tell from the network statements whether you would be advertising the same network from both sites or different networks from each site. And I am not clear how this supports your disaster recovery plan.

HTH

Rick

HTH

Rick

Rick,

Thanks for the reply.

We have our Internet through Verizon and I lifted those config pieces from the HQ and DR edge routers.

I am thinking it would be basically the same with the exception that the Internet routers are configured for the DR router to advertise the HQ subnet in the event of a circuit failure in HQ. I left those statements out.

The existing Internet routers are in AS 7000 and have only the neighbor statement AS 100 which is the PE router going by my serial interface IP Address and the neighbor statement. So both my HQ and DR edge routers look like they are on different interfaces of the same PE router.

The DR side has NON-EXIST and ADVERTISE statements and I was thinking I didn't need them if there ewill be no advertising of the HQ subnet from DR.

So maybe I am only missing the prefix-list statement of which subnet I will be advertising.

I realize this is pretty general but was just trying to get a basic Idea.

If I wanted to test this with three routers and simulating the PE router what would the PE router config look like?

Richard

I am glad that my observations were helpful. If you have an existing and working BGP configuration that is a big advantage.

If each site is going to advertise (all the time) its own distinct subnet then there is no need to incorporate the NON-EXIST and ADVERTISE statements.

Good luck as you work through what you need to do.

HTH

Rick

HTH

Rick

Wilson,

The configuration you had presented indicates VZ might be setting the BGP policy on their side (PE) to route all traffic through the HQ and use DR as the alternate route. This would only address how the traffic is coming into your network.

As far as traffic leaving your network you need to make sure all traffic from within your AS is forwarded to the HQ router and DR should serve as a backup route only. You should be able to accomplish this by advertising the route(s) via IGP with a favorable metric from HQ router.

I agree with Rick for us to be able to provide a clear solution we need more details of your setup and how do you want the DR setup to work.

HTH

Sundar

Well,

Here is the scenario:

We have these two CE routers. One in HQ and the other in DR.

Both routers are basically edge routers to route the inbound and outbound calls to and from the IP2IP gateway routers that will sit just inside the two CE routers.

Connectivity will be a DS3 on the CE routers.

The failover scenario will be that if HQ Internet is up, then HQ CE router will receive inbound calls and route directly to HQ IP2IP Gateway router, If HQ DS3 fails, then Verizon will route all calls to the DR CE router.

I am thinking that once the calls get to the CE router from Verizon, everything else can be done within the IP2IP gateways with dial peers and priority.

So basically I am concerned about the routing to me unless I am incorrect.

How does the set up between the edge router and IP2IP gateway normally go?

Is there an interface connecting the edge to the IP2IP gateway directly?

Wilson:

Sundar makes a good point.

What mechanism are you using to route your internal call traffic to the DR site if the HQ link fails?

Your BGP configuration is pretty basic and similar at both sites. So does that mean that Verizon is going to worry about setting BGP attributes such that the HQ site is primary and DR site secondary?

Victor

We are using OSPF internally.

On the Internet CE routers, BGP is configured on the serial interfaces and distributed into OSPF on the LAN side.

I am thinking that like the existing Internet config, that Verizon would indeed be prioritizing on their PE routers.

I have not spoken to them yet or seen anything from them as far as config.

Given the information I have provided, is there a basic config I could use for the Verizon PE router to try and simulate what they are doing given my CE router configs?

You may want to verify whether OSPF is setup correctly internally to route outbound traffic from within your AS to use HQ CE as the primary path and DR CE as the backup path. If you are only concerned about traffic coming in then with the CE configuration you had posted, without the non-exist map, PE is probably configured with local-preference or another BGP attribute that would force all traffic from Verizon side to prefer HQ and use DR as backup option. Verizon would probably be able to tell you how it's setup on the PE.

HTH

Sundar

Sorry sundar,

I left out a piece of the existing design.

Only the default route is being distributed into internal network.

DR path to Internet has AD of 200 and HQ uses OSPF default of 110.

When we loose HQ Internet, the default route flips to DR Internet.

Dear Wilson,

I think i have understood your point.

Please correct me if I am wrong.

you have two routers at your end and both these routers are connected to different Verizon routers cateriing teh need of Primary and secondary.

Well please find the configuration below .

For BGP in the secondary router:-

router bgp 64578

no synchronization

no bgp log-neighbor-changes

network <> mask 255.255.255.0

network <> mask 255.255.255.0

network <> mask 255.255.255.0

neighbor x.x.x.x peer-group

neighbor x.x.x.x remote-as 64513

neighbor x.x.x.x version 4

neighbor x.x.x.x timers 30 90

neighbor x.x.x.x soft-reconfiguration inbound

neighbor x.x.x.x prefix-list Accept-VOL-Offshore-Saytam in

neighbor x.x.x.x prefix-list Announce-VOL-Offshore-Saytam out

neighbor x.x.x.x route-map sacramento_nipuna_pathprepend in

neighbor x.x.x.x route-map sacramento-pathprepend out

neighbor <> peer-group x.x.x.x

neighbor <> description x.x.x.x to the secondary router

neighbor <> password 7 1504115E1C3F

no auto-summary

ip prefix-list Accept-VOL-Offshore-Saytam seq 10 permit y.y.y.y

ip prefix-list Accept-VOL-Offshore-Saytam seq 15 permit z.z.z.z

!

ip prefix-list Announce-VOL-Offshore-Saytam seq 10 permit <>

ip prefix-list Announce-VOL-Offshore-Saytam seq 20 permit <>

ip prefix-list Announce-VOL-Offshore-Saytam seq 205 permit <>

access-list 10 permit<> 0.0.0.255

access-list 10 permit <> 0.0.0.255

access-list 10 permit <> 0.0.0.255

access-list 20 permit <> 0.0.0.255

access-list 20 permit <> 0.0.0.255

i

!

route-map sacramento-pathprepend permit 10

match ip address 10

set as-path prepend 64574 64574 64574 64574 64574

!

route-map sacramento-pathprepend permit 20

!

route-map sacramento_nipuna_pathprepend permit 10

match ip address prefix-list Accept-VOL-Offshore-Saytam

set as-path prepend 64513 64513 64513 64513

!

route-map sacramento_nipuna_pathprepend permit 20

For OSPF configuration:-

router ospf 100

log-adjacency-changes

redistribute bgp 64578 metric 100 subnets tag 777

network 192.168.100.0 0.0.0.3 area 0

distribute-list route-map atlanta-filter in

route-map atlanta-filter deny 10

match tag 888

!

route-map atlanta-filter permit 20

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco