BGP Configuration Help

Unanswered Question
Sep 24th, 2008
User Badges:

Hi,


I have 1 7609 router with 3 ISP's will be terminating with different ASN. I do have own 1 ASN. I need to do routing based upon block size so that segment A can go via ISP1, segment B via ISP2 & segment C via ISP3 & incase any ISP goes down all traffic will be shifted to the next available ISP.


Router is connected with ASA 5550 via 1G ethernet link, The ASA is connected with 6509.


Can someone help me with configuration script of Router??


ROuter & Firewall will be connected by private IP...


Please help.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Marwan ALshawi Wed, 09/24/2008 - 01:43
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

lets consider this example which is on the edge router only

ur BGP AS is AS 5

ISP1 AS 1 IP 1.1.1.1

ISP2 AS 2 ip 2.2.2.2

ISP3 AS 3 ip 3.3.3.3


segment A 192.168.1.0/24

segment B 172.16.1.0/24

segment C 10.1.1.0/24


first on router 7609

creat ACLs and route maps to change the link wight

access-list 1 permit 192.168.1.0 0.0.0.255

access-list 2 permit 172.16.1.0 0.0.0.255

access-list 3 permit 10.1.1.0 0.0.0.255


route-map ISP1 permit 10

match ip address 1

set weight 100


route-map ISP1 permit 20

match ip address 2


route-map ISP1 permit 30

match ip address 3




route-map ISP2 permit 10

match ip address 2

set weight 100


route-map ISP2 permit 20

match ip address 1


route-map ISP2 permit 30

match ip address 3



route-map ISP3 permit 10

match ip address 3

set weight 100


route-map ISP3 permit 20

match ip address 1


route-map ISP1 permit 30

match ip address 1


router bgp 5


neighbor 1.1.1.1 remote-as 1

neighbor 1.1.1.1 route-map ISP1 in

neighbor 2.2.2.2 remote-as 2

neighbor 2.2.2.2 route-map ISP2 in

neighbor 3.3.3.3 remote-as 1

neighbor 3.3.3.3 route-map ISP3 in

no auto-sumary

no synic


now because ASA dose not support BGP

u can run ospf between ASA and both 7609 and 6509


in this case u nedd to redistribute the ospf into bgp and redistribute bgp in to ospf in the edge route in our example


router bgp 5

redistribute ospf 1


router ospf 1

redistribute bgp 5 subnets

network [the network between the router and ASA]


by the way the above config effect the outbound path selection and dose not effect the retune traffic !! u can dot it in diffrent ways but depends in the ISP what methods they use with BGP like AS-path, MED or communities


and good luck



if helpful Rate



acharyr123 Wed, 09/24/2008 - 04:07
User Badges:

Thanx a lot for your support. Let me do the config & test.


One small help plz: in core switch all external cutomer links will be terminated that will have public ip. So shall i do the natting in fwsm/asa or without nat shall i send??

acharyr123 Wed, 09/24/2008 - 04:28
User Badges:

Hi,


I have found some mismatch in ur config..I am highlighting them..please recheck & suggest.

============================================

ur BGP AS is AS 5

ISP1 AS 1 IP 1.1.1.1

ISP2 AS 2 ip 2.2.2.2

ISP3 AS 3 ip 3.3.3.3


segment A 192.168.1.0/24

segment B 172.16.1.0/24

segment C 10.1.1.0/24


first on router 7609

creat ACLs and route maps to change the link wight

access-list 1 permit 192.168.1.0 0.0.0.255

access-list 2 permit 172.16.1.0 0.0.0.255

access-list 3 permit 10.1.1.0 0.0.0.255


route-map ISP1 permit 10

match ip address 1

set weight 100


route-map ISP1 permit 20

match ip address 2


route-map ISP1 permit 30

match ip address 3




route-map ISP2 permit 10

match ip address 2

set weight 100


route-map ISP2 permit 20

match ip address 1


route-map ISP2 permit 30

match ip address 3



route-map ISP3 permit 10

match ip address 3

set weight 100


route-map ISP3 permit 20

match ip address 1


(route-map ISP1 permit 30

match ip address 1 )-----this is one mismatch


router bgp 5


neighbor 1.1.1.1 remote-as 1

neighbor 1.1.1.1 route-map ISP1 in

neighbor 2.2.2.2 remote-as 2

neighbor 2.2.2.2 route-map ISP2 in

(neighbor 3.3.3.3 remote-as 1

neighbor 3.3.3.3 route-map ISP3 in )--this is another mismatch

no auto-sumary


Marwan ALshawi Wed, 09/24/2008 - 04:33
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

sorry because i was copieng some of the commands


route-map ISP1 permit 30

match ip address 1 )-----this is one mismatch


route-map ISP3 permit 30

match ip address 2


(neighbor 3.3.3.3 remote-as 1

neighbor 3.3.3.3 route-map ISP3 in )--this is another mismatch


neighbor 3.3.3.3 remote-as 3

neighbor 3.3.3.3 route-map ISP3 in


good luck

if helpful Rate





acharyr123 Wed, 09/24/2008 - 21:24
User Badges:

Hi Marwan,


If i don't want to use ospf as ibgp is there any alternative??


If i use static routes into router to the lan_segments, in ASA route inside_lan_segment & route outside router_ethernet_ip & opening port TCP 179..whether it will work!

Marwan ALshawi Wed, 09/24/2008 - 21:36
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

works but make sure u have two way route with static routes

and default route point to the edge route with bgp


good luck

acharyr123 Fri, 10/03/2008 - 07:33
User Badges:

Hi,


Whether load sharing is possible for inbound traffic using BGP??


I want to achieve the following:


Say i am accessing cisco.com via ISP1 & the return traffic finds that ISP1 route is conjusted, so return traffic will be returned via ISP2..Can this be achieved by BGP?????

Giuseppe Larosa Fri, 10/03/2008 - 08:43
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Partha,


>> the return traffic finds that ISP1 route is conjusted,


return traffic is actually out of your control in the big internet you can try to influence the return path by doing AS path prepending to the ISP2 you would like to be used less but this doesn't provide secure effects.


Besides this traffic is just routed and forwarded and cannot detect network conditions by itself.


There are some proposal to use BGP communities attributes to signal the access link bandwidth but BGP cannot track by itself load conditions.


Again on outbound traffic you can try to use OER (optimized edge routing) to detect the best performance link and move traffic accordingly but you cannot influence someone far from you on the internet on the return path.


Hope to help

Giuseppe




Actions

This Discussion