cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1218
Views
0
Helpful
8
Replies

BGP Load Balancing / PBR

johnlloyd_13
Level 9
Level 9

hi,

we use a Cisco 3825 router for our wan. we use both verizon and at&t as our carriers. verizon is our primary circuit for all networks. at&t is our failover and would like to utilize its unused bandwidth for lotus notes (10.40.1.18 and .19) to traverse. how can i load balanc or apply PBR on the at&t wan link? i tried to use a route-map (added 20 and 30) and set a weight of 300, but doesn't work after clearing both neighbors.

1 Accepted Solution

Accepted Solutions

Marwan ALshawi
VIP Alumni
VIP Alumni

ur case is multihomed bgp

u could simply do it as u mentioned through route-map

but the route map needs to be applied to the LAN interface so the traffic coming from 10.40.1.18 and 19 will be send to AT&T as next-hop all other traffic will not be inculded in the route-map

for example

lets say the AT&T next hope ip is 1.1.1.1

access-list 1 permit host 10.40.1.18

access-list 1 permit host 10.40.1.19

access-list 1 deny any

the deny for excluding all other traffic from this map

route-map lotus-map permit 10

match ip address 1

set next-hop 1.1.1.1

route-map lotus-map permit 20

the second map to permit all other traffic and lotus traffic in case of AT&T is down

now lets say ur LAN interface is fa0/1

fa0/1

ip policy route-map lotus-map

good lcuk

if helpful Rate

View solution in original post

8 Replies 8

Marwan ALshawi
VIP Alumni
VIP Alumni

ur case is multihomed bgp

u could simply do it as u mentioned through route-map

but the route map needs to be applied to the LAN interface so the traffic coming from 10.40.1.18 and 19 will be send to AT&T as next-hop all other traffic will not be inculded in the route-map

for example

lets say the AT&T next hope ip is 1.1.1.1

access-list 1 permit host 10.40.1.18

access-list 1 permit host 10.40.1.19

access-list 1 deny any

the deny for excluding all other traffic from this map

route-map lotus-map permit 10

match ip address 1

set next-hop 1.1.1.1

route-map lotus-map permit 20

the second map to permit all other traffic and lotus traffic in case of AT&T is down

now lets say ur LAN interface is fa0/1

fa0/1

ip policy route-map lotus-map

good lcuk

if helpful Rate

thanks! i will be testing it today. will post here the results. is it possible to apply 2 route map policies in the LAN interface? there is one currently used.

i tried the solution u mentioned, but unfortunately it didn't work. the best or preferred route is still the VzB link (neighbor 147.225.26.5). am i missing something here?

Router#sh ip bgp 10.40.1.18

BGP routing table entry for 10.40.1.0/24, version 12354

Paths: (2 available, best #2, table Default-IP-Routing-Table)

Flag: 0x820

Not advertised to any peer

13979 13979

10.40.0.6 from 10.40.0.6 (12.123.65.185)

Origin IGP, localpref 100, weight 100, valid, external

65000 65000

147.225.26.5 from 147.225.26.5 (159.24.199.113)

Origin IGP, localpref 100, weight 200, valid, external, best

i forgot to include our bgp config:

router bgp 1

no synchronization

bgp log-neighbor-changes

network 10.41.4.0 mask 255.255.252.0

network 10.41.8.0 mask 255.255.254.0

network 10.41.24.0 mask 255.255.254.0

network 10.41.28.0 mask 255.255.255.0

neighbor 10.40.0.6 remote-as 13979

neighbor 10.40.0.6 weight 100

neighbor 10.40.0.6 filter-list 1 out

neighbor 147.225.26.5 remote-as 65000

neighbor 147.225.26.5 weight 200

neighbor 147.225.26.5 filter-list 1 out

no auto-summary

You will NOT see PBR reflect in bgp. THe best way to make sure this is working is thru tracert and verify htat packets are taking the right path.

"Show ip policy" to verify route-map is working.

Another concern is traffic coming back this might not be taking the SP that you would like

it was working all along. i should be troubleshooting or making trace routes behind the router. i was troubleshooting within the router. this one came from the LAN switch :D

vimix1#traceroute 10.40.1.19

Type escape sequence to abort.

Tracing the route to 10.40.1.19

1 10.41.4.1 0 msec 0 msec 4 msec

2 10.40.0.6 8 msec 12 msec 8 msec

3 10.40.0.1 28 msec 28 msec 24 msec

4 10.40.1.19 24 msec 24 msec 24 msec

vimix1#traceroute 10.40.1.18

Type escape sequence to abort.

Tracing the route to mail.hhshoppers.net (10.40.1.18)

1 10.41.4.1 0 msec 0 msec 0 msec

2 10.40.0.6 12 msec 12 msec 8 msec

3 10.40.0.1 24 msec 24 msec 32 msec

4 mail.hhshoppers.net (10.40.1.18) 24 msec 20 msec 20 msec

vimix1#traceroute 209.191.93.52

Type escape sequence to abort.

Tracing the route to f1.www.vip.mud.yahoo.com (209.191.93.52)

1 10.41.4.1 4 msec 12 msec 4 msec

2 147.225.26.5 8 msec 16 msec 16 msec

3 68.138.30.77 12 msec 12 msec 20 msec

4 68.138.30.78 20 msec 20 msec 28 msec

5 10.40.1.1 20 msec 20 msec 16 msec

6 146.12.3.30 24 msec 20 msec 20 msec

7 Serial2-8.GW9.LAX4.ALTER.NET (208.222.14.149) 32 msec 24 msec 24 msec

8 138.at-1-0-0.XL1.LAX4.ALTER.NET (152.63.115.74) 20 msec 24 msec 36 msec

9 0.so-5-0-0.XL1.LAX15.ALTER.NET (152.63.115.197) 28 msec 24 msec 24 msec

10 0.so-6-0-0.BR1.LAX15.ALTER.NET (152.63.116.21) 28 msec 20 msec 24 msec

11 192.205.34.29 24 msec 24 msec 24 msec

12 tbr2.la2ca.ip.att.net (12.127.3.214) 60 msec 64 msec 60 msec

13 cr2.la2ca.ip.att.net (12.122.19.221) 64 msec 60 msec 60 msec

14 cr2.dlstx.ip.att.net (12.122.28.177) 60 msec 60 msec 60 msec

15 tbr2.dlstx.ip.att.net (12.122.18.222) 64 msec 60 msec 60 msec

16 gar8.dlstx.ip.att.net (12.122.100.77) 56 msec 60 msec 64 msec

17 12.86.20.18 64 msec 56 msec 64 msec

18 ae2-p110.msr2.mud.yahoo.com (216.115.104.109) 60 msec 64 msec 60 msec

19 te-8-1.bas-c2.mud.yahoo.com (68.142.193.7) 68 msec

te-8-1.bas-c1.mud.yahoo.com (68.142.193.5) 64 msec

te-9-1.bas-c1.mud.yahoo.com (68.142.193.9) 64 msec

20 * * *

u need to traceroute from an IP included in the ACL in the route map

you need to traceroute from 10.40.1.18 and 10.40.1.19

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: