09-24-2008 12:58 AM - edited 03-03-2019 11:40 PM
Hi,
I have 1 7609 router with 3 ISP's will be terminating with different ASN. I do have own 1 ASN. I need to do routing based upon block size so that segment A can go via ISP1, segment B via ISP2 & segment C via ISP3 & incase any ISP goes down all traffic will be shifted to the next available ISP.
Router is connected with ASA 5550 via 1G ethernet link, The ASA is connected with 6509.
Can someone help me with configuration script of Router??
ROuter & Firewall will be connected by private IP...
Please help.
09-24-2008 01:43 AM
lets consider this example which is on the edge router only
ur BGP AS is AS 5
ISP1 AS 1 IP 1.1.1.1
ISP2 AS 2 ip 2.2.2.2
ISP3 AS 3 ip 3.3.3.3
segment A 192.168.1.0/24
segment B 172.16.1.0/24
segment C 10.1.1.0/24
first on router 7609
creat ACLs and route maps to change the link wight
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 2 permit 172.16.1.0 0.0.0.255
access-list 3 permit 10.1.1.0 0.0.0.255
route-map ISP1 permit 10
match ip address 1
set weight 100
route-map ISP1 permit 20
match ip address 2
route-map ISP1 permit 30
match ip address 3
route-map ISP2 permit 10
match ip address 2
set weight 100
route-map ISP2 permit 20
match ip address 1
route-map ISP2 permit 30
match ip address 3
route-map ISP3 permit 10
match ip address 3
set weight 100
route-map ISP3 permit 20
match ip address 1
route-map ISP1 permit 30
match ip address 1
router bgp 5
neighbor 1.1.1.1 remote-as 1
neighbor 1.1.1.1 route-map ISP1 in
neighbor 2.2.2.2 remote-as 2
neighbor 2.2.2.2 route-map ISP2 in
neighbor 3.3.3.3 remote-as 1
neighbor 3.3.3.3 route-map ISP3 in
no auto-sumary
no synic
now because ASA dose not support BGP
u can run ospf between ASA and both 7609 and 6509
in this case u nedd to redistribute the ospf into bgp and redistribute bgp in to ospf in the edge route in our example
router bgp 5
redistribute ospf 1
router ospf 1
redistribute bgp 5 subnets
network [the network between the router and ASA]
by the way the above config effect the outbound path selection and dose not effect the retune traffic !! u can dot it in diffrent ways but depends in the ISP what methods they use with BGP like AS-path, MED or communities
and good luck
if helpful Rate
09-24-2008 04:07 AM
Thanx a lot for your support. Let me do the config & test.
One small help plz: in core switch all external cutomer links will be terminated that will have public ip. So shall i do the natting in fwsm/asa or without nat shall i send??
09-24-2008 04:28 AM
Hi,
I have found some mismatch in ur config..I am highlighting them..please recheck & suggest.
============================================
ur BGP AS is AS 5
ISP1 AS 1 IP 1.1.1.1
ISP2 AS 2 ip 2.2.2.2
ISP3 AS 3 ip 3.3.3.3
segment A 192.168.1.0/24
segment B 172.16.1.0/24
segment C 10.1.1.0/24
first on router 7609
creat ACLs and route maps to change the link wight
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 2 permit 172.16.1.0 0.0.0.255
access-list 3 permit 10.1.1.0 0.0.0.255
route-map ISP1 permit 10
match ip address 1
set weight 100
route-map ISP1 permit 20
match ip address 2
route-map ISP1 permit 30
match ip address 3
route-map ISP2 permit 10
match ip address 2
set weight 100
route-map ISP2 permit 20
match ip address 1
route-map ISP2 permit 30
match ip address 3
route-map ISP3 permit 10
match ip address 3
set weight 100
route-map ISP3 permit 20
match ip address 1
(route-map ISP1 permit 30
match ip address 1 )-----this is one mismatch
router bgp 5
neighbor 1.1.1.1 remote-as 1
neighbor 1.1.1.1 route-map ISP1 in
neighbor 2.2.2.2 remote-as 2
neighbor 2.2.2.2 route-map ISP2 in
(neighbor 3.3.3.3 remote-as 1
neighbor 3.3.3.3 route-map ISP3 in )--this is another mismatch
no auto-sumary
09-24-2008 04:33 AM
sorry because i was copieng some of the commands
route-map ISP1 permit 30
match ip address 1 )-----this is one mismatch
route-map ISP3 permit 30
match ip address 2
(neighbor 3.3.3.3 remote-as 1
neighbor 3.3.3.3 route-map ISP3 in )--this is another mismatch
neighbor 3.3.3.3 remote-as 3
neighbor 3.3.3.3 route-map ISP3 in
good luck
if helpful Rate
09-24-2008 09:24 PM
Hi Marwan,
If i don't want to use ospf as ibgp is there any alternative??
If i use static routes into router to the lan_segments, in ASA route inside_lan_segment & route outside router_ethernet_ip & opening port TCP 179..whether it will work!
09-24-2008 09:36 PM
works but make sure u have two way route with static routes
and default route point to the edge route with bgp
good luck
10-03-2008 07:33 AM
Hi,
Whether load sharing is possible for inbound traffic using BGP??
I want to achieve the following:
Say i am accessing cisco.com via ISP1 & the return traffic finds that ISP1 route is conjusted, so return traffic will be returned via ISP2..Can this be achieved by BGP?????
10-03-2008 08:43 AM
Hello Partha,
>> the return traffic finds that ISP1 route is conjusted,
return traffic is actually out of your control in the big internet you can try to influence the return path by doing AS path prepending to the ISP2 you would like to be used less but this doesn't provide secure effects.
Besides this traffic is just routed and forwarded and cannot detect network conditions by itself.
There are some proposal to use BGP communities attributes to signal the access link bandwidth but BGP cannot track by itself load conditions.
Again on outbound traffic you can try to use OER (optimized edge routing) to detect the best performance link and move traffic accordingly but you cannot influence someone far from you on the internet on the return path.
Hope to help
Giuseppe
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: