cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
691
Views
0
Helpful
11
Replies

Failover routes

Lewis Benton
Level 1
Level 1

Hello,

We have a rather odd issue with some backup static routes on my MPLS routers that I've yet to figure out the cause.

We use BGP for routing on the MPLS, but in the event that a site has its circuits go down, we have static routes with a distance of 250 set that kick in and direct traffic to a Cisco PIX that will create a VPN tunnel to the remote sites to get around the failure.

The problem we have is when the circuits come back up, some of the sites still use the static routes instead of BGP.

Here's an example of our configuration:

router bgp xxxxx

no synchronization

no bgp log-neighbor-changes

network 10.1.1.0 (this is the network of the LAN interface)

neighbor xx.xx.xx.xx remote-as xxx

neighbor xx.xx.xx.xx weight 45555

no auto-summary

ip route 10.1.3.0 255.255.255.0 10.1.1.225 250

Thanks in advance for any help.

11 Replies 11

lamav
Level 8
Level 8

Is the site learning a comparable route through BGP?

By comparable, I mean a prefix with the same length subnet mask.

So, does the spoke router learn about 10.1.3.0 255.255.255.0 through BGP?

[EDIT] Just to be clear, the BGP configuration you show is from which router, the hub or spoke? Which side initiates the IPSec tunnel? [EDIT]

Has to be the same subnet mask or BGP has a better one. If static route has better subnet mask, traffic will use it from very beginning whatever the AD is. Say hello to Gary Dulin.

BGP and the static route should have the same subnet mask (/24)

Router#sh ip route 10.1.3.0

Routing entry for 10.1.3.0/24

Known via "bgp xxxxx", distance 20, metric 0

Tag xxxx, type external

Last update from xx.xx.xx.xx 3w1d ago

Routing Descriptor Blocks:

* xx.xx.xx.xx, from xx.xx.xx.xx, 3w1d ago

Route metric is 0, traffic share count is 1

AS Hops 2

Route tag xxxx

Oh man! have I heard stuff about YOU! WHOA! LOLOL

I build the BGP network for ACS, check with Gary :)

LOL...OK. Its not about your knowledge base that I would hear about.

Say hello to David Chau. lol

First off, thanks for the reply.

Yes, 10.1.3.0/24 is learned via BGP and should be the preferred route. The static route is supposed to only go into effect if that BGP route disappears out of the routing table. That part seems to work fine, it just doesn't go back to the BGP provided route when it comes back into the routing table.

The configuration was for a spoke site. The actual BGP neighbors I can't get configs from because they are controlled by the MPLS provider.

The hub site config looks pretty much the same, the only difference is it doesn't have the BGP neighbor weight and it has a different BGP neighbor. I'm thinking of adding the BGP neighbor weight to all sites.

If my logic is correct, setting the BGP neighbor weight should force it to be preferred over the static routes. That doesn't seem to have worked though for the site config I referenced. It still uses the static route.

The IPSec tunnel is actually established by a Cisco PIX 515, which is off the LAN interface at IP 10.1.1.225

Hope that makes sense.

Your BGP weight has nothing to do with route selection in this case. If the route is learned from EBGP, it has AD 20 and will automatically win over static which is AD 250. Can you provide a topology diagram?

Here's a topology diagram. My Visio skills suck so hopefully it makes sense.

I'll be posting the output of sh ip bgp 10.1.3.0 and sh ip route 10.1.3.0 later. I need to schedule a test to reproduce the issue to get that. Right now they both show BGP as the preferred route.

Did you redistribute the floating static route anywhere? Did you put any filter to prevent the redistributed floating static route from being populated into the MPLS cloud? If not, when the MPLS network is down, then the floating static route will be injected into MPLS network and therefore change the source where the network should be sourced from MPLS.

Yes, Yu is right. Both routes are identical and your spoke is learning it through eBGP and the static. In that case, the route process will determine the more preferable route based on the lower Administrative Distance. eBGP has an AD of 20 and your static has an AD of 220. So, you do not need any BGP attribute prosthetics to make the eBGP route more desirable - it already is.

With the BGP neighbor back up and the VPN tunnel still up, can you execute a "sh ip bgp 10.1.3.0" and "sh ip ro 10.1.3.0" and post them?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: