BGP Configuration Help

Unanswered Question
Sep 24th, 2008

Hi,

I have 1 7609 router with 3 ISP's will be terminating with different ASN. I do have own 1 ASN. I need to do routing based upon block size so that segment A can go via ISP1, segment B via ISP2 & segment C via ISP3 & incase any ISP goes down all traffic will be shifted to the next available ISP.

Router is connected with ASA 5550 via 1G ethernet link, The ASA is connected with 6509.

Can someone help me with configuration script of Router??

ROuter & Firewall will be connected by private IP...

Please help.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Marwan ALshawi Wed, 09/24/2008 - 01:43

lets consider this example which is on the edge router only

ur BGP AS is AS 5

ISP1 AS 1 IP 1.1.1.1

ISP2 AS 2 ip 2.2.2.2

ISP3 AS 3 ip 3.3.3.3

segment A 192.168.1.0/24

segment B 172.16.1.0/24

segment C 10.1.1.0/24

first on router 7609

creat ACLs and route maps to change the link wight

access-list 1 permit 192.168.1.0 0.0.0.255

access-list 2 permit 172.16.1.0 0.0.0.255

access-list 3 permit 10.1.1.0 0.0.0.255

route-map ISP1 permit 10

match ip address 1

set weight 100

route-map ISP1 permit 20

match ip address 2

route-map ISP1 permit 30

match ip address 3

route-map ISP2 permit 10

match ip address 2

set weight 100

route-map ISP2 permit 20

match ip address 1

route-map ISP2 permit 30

match ip address 3

route-map ISP3 permit 10

match ip address 3

set weight 100

route-map ISP3 permit 20

match ip address 1

route-map ISP1 permit 30

match ip address 1

router bgp 5

neighbor 1.1.1.1 remote-as 1

neighbor 1.1.1.1 route-map ISP1 in

neighbor 2.2.2.2 remote-as 2

neighbor 2.2.2.2 route-map ISP2 in

neighbor 3.3.3.3 remote-as 1

neighbor 3.3.3.3 route-map ISP3 in

no auto-sumary

no synic

now because ASA dose not support BGP

u can run ospf between ASA and both 7609 and 6509

in this case u nedd to redistribute the ospf into bgp and redistribute bgp in to ospf in the edge route in our example

router bgp 5

redistribute ospf 1

router ospf 1

redistribute bgp 5 subnets

network [the network between the router and ASA]

by the way the above config effect the outbound path selection and dose not effect the retune traffic !! u can dot it in diffrent ways but depends in the ISP what methods they use with BGP like AS-path, MED or communities

and good luck

if helpful Rate

acharyr123 Wed, 09/24/2008 - 04:07

Thanx a lot for your support. Let me do the config & test.

One small help plz: in core switch all external cutomer links will be terminated that will have public ip. So shall i do the natting in fwsm/asa or without nat shall i send??

acharyr123 Wed, 09/24/2008 - 04:28

Hi,

I have found some mismatch in ur config..I am highlighting them..please recheck & suggest.

============================================

ur BGP AS is AS 5

ISP1 AS 1 IP 1.1.1.1

ISP2 AS 2 ip 2.2.2.2

ISP3 AS 3 ip 3.3.3.3

segment A 192.168.1.0/24

segment B 172.16.1.0/24

segment C 10.1.1.0/24

first on router 7609

creat ACLs and route maps to change the link wight

access-list 1 permit 192.168.1.0 0.0.0.255

access-list 2 permit 172.16.1.0 0.0.0.255

access-list 3 permit 10.1.1.0 0.0.0.255

route-map ISP1 permit 10

match ip address 1

set weight 100

route-map ISP1 permit 20

match ip address 2

route-map ISP1 permit 30

match ip address 3

route-map ISP2 permit 10

match ip address 2

set weight 100

route-map ISP2 permit 20

match ip address 1

route-map ISP2 permit 30

match ip address 3

route-map ISP3 permit 10

match ip address 3

set weight 100

route-map ISP3 permit 20

match ip address 1

(route-map ISP1 permit 30

match ip address 1 )-----this is one mismatch

router bgp 5

neighbor 1.1.1.1 remote-as 1

neighbor 1.1.1.1 route-map ISP1 in

neighbor 2.2.2.2 remote-as 2

neighbor 2.2.2.2 route-map ISP2 in

(neighbor 3.3.3.3 remote-as 1

neighbor 3.3.3.3 route-map ISP3 in )--this is another mismatch

no auto-sumary

Marwan ALshawi Wed, 09/24/2008 - 04:33

sorry because i was copieng some of the commands

route-map ISP1 permit 30

match ip address 1 )-----this is one mismatch

route-map ISP3 permit 30

match ip address 2

(neighbor 3.3.3.3 remote-as 1

neighbor 3.3.3.3 route-map ISP3 in )--this is another mismatch

neighbor 3.3.3.3 remote-as 3

neighbor 3.3.3.3 route-map ISP3 in

good luck

if helpful Rate

acharyr123 Wed, 09/24/2008 - 21:24

Hi Marwan,

If i don't want to use ospf as ibgp is there any alternative??

If i use static routes into router to the lan_segments, in ASA route inside_lan_segment & route outside router_ethernet_ip & opening port TCP 179..whether it will work!

Marwan ALshawi Wed, 09/24/2008 - 21:36

works but make sure u have two way route with static routes

and default route point to the edge route with bgp

good luck

acharyr123 Fri, 10/03/2008 - 07:33

Hi,

Whether load sharing is possible for inbound traffic using BGP??

I want to achieve the following:

Say i am accessing cisco.com via ISP1 & the return traffic finds that ISP1 route is conjusted, so return traffic will be returned via ISP2..Can this be achieved by BGP?????

Giuseppe Larosa Fri, 10/03/2008 - 08:43

Hello Partha,

>> the return traffic finds that ISP1 route is conjusted,

return traffic is actually out of your control in the big internet you can try to influence the return path by doing AS path prepending to the ISP2 you would like to be used less but this doesn't provide secure effects.

Besides this traffic is just routed and forwarded and cannot detect network conditions by itself.

There are some proposal to use BGP communities attributes to signal the access link bandwidth but BGP cannot track by itself load conditions.

Again on outbound traffic you can try to use OER (optimized edge routing) to detect the best performance link and move traffic accordingly but you cannot influence someone far from you on the internet on the return path.

Hope to help

Giuseppe

Actions

This Discussion