BGP for two ISPs for failover

Unanswered Question
Nov 25th, 2008

Hello,

I am tasked with implementing BGP for incoming internet from two ISPs. I am using a 3854. The ISPs deliver internet via ethernet. The preferred provider is a 50mb link and the secondary is a 10mb link. I would like to use the preferred provider for all incoming and outgoing traffic and the secondary provider only for failover. Below is a quick dummy config I created. Any advice or suggestions would be appreciated as I think I need more in the config:

router bgp 333

network xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx

neighbor 1.1.1.1 remote-as 111 --- Vendor A

neighbor 1.1.1.1 weight 200 --- Vendor A

neighbor 2.1.1.1 remote-as 222 --- Vendor B

neighbor 2.1.1.1 weight 100 --- Vendor B

interface GigabitEthernet0/0

description "Internal to Firewall"

ip address 192.168.0.2 255.255.255.0

duplex auto

speed auto

media-type rj45

interface FastEthernet1/0

description "Vendor A Primary link AS 111"

ip address 1.1.1.2 255.255.255.0

duplex auto

speed auto

!

interface FastEthernet1/1

description "Vendor B Secondary link AS 222"

ip address 2.1.1.2 255.255.255.0

duplex auto

speed auto

bgp fast-external-fallover

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Giuseppe Larosa Tue, 11/25/2008 - 07:52

Hello Dave,

you need additional features to influence inbound traffic:

at a minimum use AS path prepending to the backup provider

define a route-map that will be applied outbound with

set as-path prepend yourAS yourAS yourAS

if this is not enough for you needs you could consider to use BGP conditional advertisement towards the backup ISP so that you will advertise your prefixes to it only when some BGP routes are missing (a sign that the primary BGP session has failed)

see

http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a0080094309.shtml#ex3

Hope to help

Giuseppe

Edison Ortiz Tue, 11/25/2008 - 07:54

The WEIGHT attribute will force Vendor A to be the preferred exit point in your network, however, you also need to influence the return traffic to come back via Vendor A and the WEIGHT attribute alone won't do it.

If your ISPs allow it, you can use AS_PATH_PREPEND out Vendor B in order to make Vendor A the preferred ISP for the return traffic.

HTH,

__

Edison.

guruprasadr Tue, 11/25/2008 - 08:03

HI Dave, [Pls RATE if HELPS]

The configuration is simple. If you wish to apply the control LIST use the Route-Map with Match (Match an ACL or Prefix List) / Set (the Weight) Statements.

Refer the useful document below for the dual-homing with BGP using different ISP's

http://cisco.com/en/US/tech/tk365/technologies_configuration_example09186a00800945bf.shtml

Hope I am informative. Pls RATE if HELPS

Best Regards,

Guru Prasad R

ullasupendran Tue, 11/25/2008 - 08:17

Hey dave

One small tip from me. In your scenario i asume you will be using the public ip address from primary ISP in the outside interface of you firewall(or a outside nat pool) for natting your inside networks. In that case make sure that your secondary ISP dont have any restrictions in routing the ip address range from the primary ISP with a longer as-path attribute.

Ullas

Actions

This Discussion