Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
786
Views
10
Helpful
9
Replies

BGP Multihoming ideas

juan-ruiz
Level 1
Level 1

‎05-06-2009 05:21 AM - edited ‎03-04-2019 04:39 AM

I have two external internet service providers.

I want to introduce internet circuit redundancy on my customer edge internet routers only.

I'm not interested in receiving all routes on my internet edge routers just the default route.

I would like to make one of the Internet circuits as the primary and the other as the secondary.

I host email, web, and some other internet facing applications.

I would like to know what kind of configuration is required to utilize ISP A as the primary and ISP B as the secondary and roll the public IP addresses of ISP A to ISP B so the firewall IP addresses, email, web, and other internet facing applications failover and continue to run on ISP B.

The physical layout is as such

RouterA connected to ISP A

Router B connected to ISP B

Switch A connecting Router A Gigabit Ethernet0/1

Switch A connecting Gigabit Ethernet0/0 for ASA A

Switch B connecting Router B Gigabit Ethernet0/1

Switch B connecting Gigabit Ethernet0/0 for ASA B

The Cisco ASA firewalls configured as HA Primary and Standby

Dual DMZ switches and Dual internal switches that lead into the inside of the network.

I would like some documentation or links that discusses the Dual Internet circuit redundancy. I believe this is called BGP Multihoming but on the document I was reading I did not see the example that the public IP addresses roll over between ISP A and ISP B.

http://www.cisco.com/application/pdf/paws/23675/27.pdf

Thanks a lot

Juan

Labels:
0 Helpful
9 Replies 9

Collin Clark
VIP Alumni
VIP Alumni

‎05-06-2009 05:30 AM

Juan-

Do you have public IP space that is routable between both ISPs? That will have to be your first step. The failover between the two is pretty easy. There are multiple ways to do it. For example with AS-Path prepend.

Using a route amp:

set as-path prepend 65001 65001 65001

0 Helpful

juan-ruiz
Level 1
Level 1
In response to Collin Clark

‎05-06-2009 07:29 AM

Hi yes I do have a routable IP space on both ISP A and ISP B.

I plan to use A since it has 100 Mbps and B only as failover since its 10 Mbps.

Any documents you can share on this type of setup?

The AS-PATH prepend would be the AS on ISP B?

Thanks for the quick reply

Regards,

Juan Ruiz

0 Helpful

Collin Clark
VIP Alumni
VIP Alumni
In response to juan-ruiz

‎05-06-2009 08:07 AM

Correct the AS-PATH prepend would be on ISP_B. Here's a config. Assume that my local AS is 65002 and my address space is 75.50.95.0 /24.

router bgp 65002

no synchronization

bgp log-neighbor-changes

network 75.50.95.0 mask 255.255.255.0

neighbor 1.1.1.93 remote-as 65001

neighbor 1.1.1.93 send-community

neighbor 1.1.1.93 route-map ISP_B out

no auto-summary

ip prefix-list 3 seq 5 permit 75.50.95.0/24

route-map ISP_B permit 10

match ip address prefix-list 3

set as-path prepend 65002 65002 65002 65002 65002 65002 65002 65002 65002 65002

I'll see if I can dig up some docs on it.

dgroscost
Level 4
Level 4
In response to Collin Clark

‎05-06-2009 11:20 AM

You could also utilize BGP communities assuming your ISPs support them - on the backup link you could send them a community (again, if they offer it) so that advertisements over ISP B is less preferred or not announced to certain peers, etc. I don't think you need to prepend the AS that many times either - wouldn't 3 prepends be enough?

You could also run HSRP/GLBP on the edge routers w/ IBGP so that you have 1 default gateway provided to your ASAs.

0 Helpful

juan-ruiz
Level 1
Level 1
In response to dgroscost

‎05-07-2009 02:10 AM

This also sounds very interesting.

Could you provide me some examples or docs?

Thanks

Juan

0 Helpful

juan-ruiz
Level 1
Level 1
In response to Collin Clark

‎05-07-2009 02:08 AM

Collin Thanks a lot for the reply

0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to juan-ruiz

‎05-06-2009 11:23 AM

Hello Juan,

>> I do have a routable IP space on both ISP A and ISP B.

if this means you got two public ip addresss blocks one from ISPA and one from ISPB NAT is involved in your solution.

See the following white paper

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_white_paper09186a0080091c8a.shtml

the BGP part is like Collin as explained and it is enough if you have your own public ip address block

Hope to help

Giuseppe

0 Helpful

visitor68
Level 4
Level 4
In response to Giuseppe Larosa

‎05-07-2009 02:56 AM

Hi, Giuseppe:

Can you explain your point more?

Why will he need to NAT? Wont he actually need to NAT whether he has his own address space or one assigned by the ISP?

Thanks

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card