BGP Load Balancing / PBR

Answered Question
Sep 13th, 2008
User Badges:
  • Blue, 1500 points or more

hi,


we use a Cisco 3825 router for our wan. we use both verizon and at&t as our carriers. verizon is our primary circuit for all networks. at&t is our failover and would like to utilize its unused bandwidth for lotus notes (10.40.1.18 and .19) to traverse. how can i load balanc or apply PBR on the at&t wan link? i tried to use a route-map (added 20 and 30) and set a weight of 300, but doesn't work after clearing both neighbors.



Attachment: 
Correct Answer by Marwan ALshawi about 8 years 10 months ago

ur case is multihomed bgp


u could simply do it as u mentioned through route-map


but the route map needs to be applied to the LAN interface so the traffic coming from 10.40.1.18 and 19 will be send to AT&T as next-hop all other traffic will not be inculded in the route-map

for example

lets say the AT&T next hope ip is 1.1.1.1


access-list 1 permit host 10.40.1.18

access-list 1 permit host 10.40.1.19

access-list 1 deny any


the deny for excluding all other traffic from this map


route-map lotus-map permit 10

match ip address 1

set next-hop 1.1.1.1


route-map lotus-map permit 20


the second map to permit all other traffic and lotus traffic in case of AT&T is down


now lets say ur LAN interface is fa0/1


fa0/1

ip policy route-map lotus-map


good lcuk


if helpful Rate



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Marwan ALshawi Sat, 09/13/2008 - 18:32
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

ur case is multihomed bgp


u could simply do it as u mentioned through route-map


but the route map needs to be applied to the LAN interface so the traffic coming from 10.40.1.18 and 19 will be send to AT&T as next-hop all other traffic will not be inculded in the route-map

for example

lets say the AT&T next hope ip is 1.1.1.1


access-list 1 permit host 10.40.1.18

access-list 1 permit host 10.40.1.19

access-list 1 deny any


the deny for excluding all other traffic from this map


route-map lotus-map permit 10

match ip address 1

set next-hop 1.1.1.1


route-map lotus-map permit 20


the second map to permit all other traffic and lotus traffic in case of AT&T is down


now lets say ur LAN interface is fa0/1


fa0/1

ip policy route-map lotus-map


good lcuk


if helpful Rate



johnlloyd_13 Sun, 09/14/2008 - 09:14
User Badges:
  • Blue, 1500 points or more

thanks! i will be testing it today. will post here the results. is it possible to apply 2 route map policies in the LAN interface? there is one currently used.

johnlloyd_13 Sun, 09/14/2008 - 13:25
User Badges:
  • Blue, 1500 points or more

i tried the solution u mentioned, but unfortunately it didn't work. the best or preferred route is still the VzB link (neighbor 147.225.26.5). am i missing something here?


Router#sh ip bgp 10.40.1.18

BGP routing table entry for 10.40.1.0/24, version 12354

Paths: (2 available, best #2, table Default-IP-Routing-Table)

Flag: 0x820

Not advertised to any peer

13979 13979

10.40.0.6 from 10.40.0.6 (12.123.65.185)

Origin IGP, localpref 100, weight 100, valid, external

65000 65000

147.225.26.5 from 147.225.26.5 (159.24.199.113)

Origin IGP, localpref 100, weight 200, valid, external, best


johnlloyd_13 Sun, 09/14/2008 - 13:31
User Badges:
  • Blue, 1500 points or more

i forgot to include our bgp config:


router bgp 1

no synchronization

bgp log-neighbor-changes

network 10.41.4.0 mask 255.255.252.0

network 10.41.8.0 mask 255.255.254.0

network 10.41.24.0 mask 255.255.254.0

network 10.41.28.0 mask 255.255.255.0

neighbor 10.40.0.6 remote-as 13979

neighbor 10.40.0.6 weight 100

neighbor 10.40.0.6 filter-list 1 out

neighbor 147.225.26.5 remote-as 65000

neighbor 147.225.26.5 weight 200

neighbor 147.225.26.5 filter-list 1 out

no auto-summary

merryllem Sun, 09/14/2008 - 16:06
User Badges:

You will NOT see PBR reflect in bgp. THe best way to make sure this is working is thru tracert and verify htat packets are taking the right path.


"Show ip policy" to verify route-map is working.


Another concern is traffic coming back this might not be taking the SP that you would like

johnlloyd_13 Sun, 09/14/2008 - 17:42
User Badges:
  • Blue, 1500 points or more

it was working all along. i should be troubleshooting or making trace routes behind the router. i was troubleshooting within the router. this one came from the LAN switch :D


vimix1#traceroute 10.40.1.19


Type escape sequence to abort.

Tracing the route to 10.40.1.19


1 10.41.4.1 0 msec 0 msec 4 msec

2 10.40.0.6 8 msec 12 msec 8 msec

3 10.40.0.1 28 msec 28 msec 24 msec

4 10.40.1.19 24 msec 24 msec 24 msec

vimix1#traceroute 10.40.1.18


Type escape sequence to abort.

Tracing the route to mail.hhshoppers.net (10.40.1.18)


1 10.41.4.1 0 msec 0 msec 0 msec

2 10.40.0.6 12 msec 12 msec 8 msec

3 10.40.0.1 24 msec 24 msec 32 msec

4 mail.hhshoppers.net (10.40.1.18) 24 msec 20 msec 20 msec


vimix1#traceroute 209.191.93.52


Type escape sequence to abort.

Tracing the route to f1.www.vip.mud.yahoo.com (209.191.93.52)


1 10.41.4.1 4 msec 12 msec 4 msec

2 147.225.26.5 8 msec 16 msec 16 msec

3 68.138.30.77 12 msec 12 msec 20 msec

4 68.138.30.78 20 msec 20 msec 28 msec

5 10.40.1.1 20 msec 20 msec 16 msec

6 146.12.3.30 24 msec 20 msec 20 msec

7 Serial2-8.GW9.LAX4.ALTER.NET (208.222.14.149) 32 msec 24 msec 24 msec

8 138.at-1-0-0.XL1.LAX4.ALTER.NET (152.63.115.74) 20 msec 24 msec 36 msec

9 0.so-5-0-0.XL1.LAX15.ALTER.NET (152.63.115.197) 28 msec 24 msec 24 msec

10 0.so-6-0-0.BR1.LAX15.ALTER.NET (152.63.116.21) 28 msec 20 msec 24 msec

11 192.205.34.29 24 msec 24 msec 24 msec

12 tbr2.la2ca.ip.att.net (12.127.3.214) 60 msec 64 msec 60 msec

13 cr2.la2ca.ip.att.net (12.122.19.221) 64 msec 60 msec 60 msec

14 cr2.dlstx.ip.att.net (12.122.28.177) 60 msec 60 msec 60 msec

15 tbr2.dlstx.ip.att.net (12.122.18.222) 64 msec 60 msec 60 msec

16 gar8.dlstx.ip.att.net (12.122.100.77) 56 msec 60 msec 64 msec

17 12.86.20.18 64 msec 56 msec 64 msec

18 ae2-p110.msr2.mud.yahoo.com (216.115.104.109) 60 msec 64 msec 60 msec

19 te-8-1.bas-c2.mud.yahoo.com (68.142.193.7) 68 msec

te-8-1.bas-c1.mud.yahoo.com (68.142.193.5) 64 msec

te-9-1.bas-c1.mud.yahoo.com (68.142.193.9) 64 msec

20 * * *

Marwan ALshawi Sun, 09/14/2008 - 17:54
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

u need to traceroute from an IP included in the ACL in the route map

Danilo Dy Sun, 09/14/2008 - 18:50
User Badges:
  • Blue, 1500 points or more

you need to traceroute from 10.40.1.18 and 10.40.1.19

Actions

This Discussion