Failover routes

Unanswered Question
Apr 2nd, 2009
User Badges:


We have a rather odd issue with some backup static routes on my MPLS routers that I've yet to figure out the cause.

We use BGP for routing on the MPLS, but in the event that a site has its circuits go down, we have static routes with a distance of 250 set that kick in and direct traffic to a Cisco PIX that will create a VPN tunnel to the remote sites to get around the failure.

The problem we have is when the circuits come back up, some of the sites still use the static routes instead of BGP.

Here's an example of our configuration:

router bgp xxxxx

no synchronization

no bgp log-neighbor-changes

network (this is the network of the LAN interface)

neighbor xx.xx.xx.xx remote-as xxx

neighbor xx.xx.xx.xx weight 45555

no auto-summary

ip route 250

Thanks in advance for any help.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
lamav Thu, 04/02/2009 - 06:22
User Badges:
  • Blue, 1500 points or more

Is the site learning a comparable route through BGP?

By comparable, I mean a prefix with the same length subnet mask.

So, does the spoke router learn about through BGP?

[EDIT] Just to be clear, the BGP configuration you show is from which router, the hub or spoke? Which side initiates the IPSec tunnel? [EDIT]

yuhuiyao Thu, 04/02/2009 - 06:52
User Badges:

Has to be the same subnet mask or BGP has a better one. If static route has better subnet mask, traffic will use it from very beginning whatever the AD is. Say hello to Gary Dulin.

Lewis Benton Thu, 04/02/2009 - 07:01
User Badges:

BGP and the static route should have the same subnet mask (/24)

Router#sh ip route

Routing entry for

Known via "bgp xxxxx", distance 20, metric 0

Tag xxxx, type external

Last update from xx.xx.xx.xx 3w1d ago

Routing Descriptor Blocks:

* xx.xx.xx.xx, from xx.xx.xx.xx, 3w1d ago

Route metric is 0, traffic share count is 1

AS Hops 2

Route tag xxxx

lamav Thu, 04/02/2009 - 07:02
User Badges:
  • Blue, 1500 points or more

Oh man! have I heard stuff about YOU! WHOA! LOLOL

yuhuiyao Thu, 04/02/2009 - 07:08
User Badges:

I build the BGP network for ACS, check with Gary :)

lamav Thu, 04/02/2009 - 07:16
User Badges:
  • Blue, 1500 points or more

LOL...OK. Its not about your knowledge base that I would hear about.

Say hello to David Chau. lol

Lewis Benton Thu, 04/02/2009 - 06:55
User Badges:

First off, thanks for the reply.

Yes, is learned via BGP and should be the preferred route. The static route is supposed to only go into effect if that BGP route disappears out of the routing table. That part seems to work fine, it just doesn't go back to the BGP provided route when it comes back into the routing table.

The configuration was for a spoke site. The actual BGP neighbors I can't get configs from because they are controlled by the MPLS provider.

The hub site config looks pretty much the same, the only difference is it doesn't have the BGP neighbor weight and it has a different BGP neighbor. I'm thinking of adding the BGP neighbor weight to all sites.

If my logic is correct, setting the BGP neighbor weight should force it to be preferred over the static routes. That doesn't seem to have worked though for the site config I referenced. It still uses the static route.

The IPSec tunnel is actually established by a Cisco PIX 515, which is off the LAN interface at IP

Hope that makes sense.

yuhuiyao Thu, 04/02/2009 - 06:59
User Badges:

Your BGP weight has nothing to do with route selection in this case. If the route is learned from EBGP, it has AD 20 and will automatically win over static which is AD 250. Can you provide a topology diagram?

Lewis Benton Thu, 04/02/2009 - 08:26
User Badges:

Here's a topology diagram. My Visio skills suck so hopefully it makes sense.

I'll be posting the output of sh ip bgp and sh ip route later. I need to schedule a test to reproduce the issue to get that. Right now they both show BGP as the preferred route.

yuhuiyao Thu, 04/02/2009 - 08:50
User Badges:

Did you redistribute the floating static route anywhere? Did you put any filter to prevent the redistributed floating static route from being populated into the MPLS cloud? If not, when the MPLS network is down, then the floating static route will be injected into MPLS network and therefore change the source where the network should be sourced from MPLS.

lamav Thu, 04/02/2009 - 07:05
User Badges:
  • Blue, 1500 points or more

Yes, Yu is right. Both routes are identical and your spoke is learning it through eBGP and the static. In that case, the route process will determine the more preferable route based on the lower Administrative Distance. eBGP has an AD of 20 and your static has an AD of 220. So, you do not need any BGP attribute prosthetics to make the eBGP route more desirable - it already is.

With the BGP neighbor back up and the VPN tunnel still up, can you execute a "sh ip bgp" and "sh ip ro" and post them?


This Discussion