BGP Failover scenario

Unanswered Question
Jun 3rd, 2009

All,

I have the attached diagram that I need to create a DR scenario for. I've tested this in a lab, but I wanted to get your opinions.

The 10.10.10.0/24 network is our corporate subnet. If the link between AS1 and AS4 (AT&T) goes down, I want the system behind AS3 to be able to get rerouted for the 10.10.10.0/24 subnet to AS2. I thought that I would be able to have the same network over there, but not advertising it.

Second problem that I just thought of is that if it was configured that way, then the users behind AS2 would always try to hit the "local" 10.10.10.0/24 subnet which isn't what I want.

I need help with the DR scenario because we're starting a huge project with another site that we have, and I'd like to see if I can get this to work.

So far what I've done is create a floating route on AS3 for when the 10.10.10.0 drops from the table. While this works, it takes a while for it to drop out of the table. That can be a good or bad thing because I don't necessarily wanting traffic redirected to another site because of a small blip.

Thanks,

John

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
cisco_lad2004 Wed, 06/03/2009 - 09:16

John,

from AS3 you will have equal number of AS to AS1 or AS2. so why not make path to AS2 less desirable but still there if needed by using pre-pending. This can be done both inbound and outbound.

I hope I understood your issue correctly.

HTH

Sam

Giuseppe Larosa Wed, 06/03/2009 - 09:22

Hello John,

BGP conditional advertising can fit your needs

see

http://www.cisco.com/en/US/docs/ios/12_0/np1/configuration/guide/1cbgp.html#wp9085

you can have net 10.10.10/24 advertised to AS2 only if the other eBGP session is down (you need to monitor some prefixes learned from AS1)

So this is handy for DR designs.

Be aware that there can be application requirements to be taken in account that may require a manual configuration:

some applications / servers/ DBs may need to be synched before doing switchover so in these cases a manual configuration may be preferred to avoid switchover to happen too fast.

I saw this in the DR design for a bank for example.

You need to get the whole picture to find the best solution.

Hope to help

Giuseppe

John Blakley Wed, 06/03/2009 - 09:46

Giuseppe,

I'm not sure I understand this concept in the way that they're example shows:

In the following example, the router advertises 172.16.0.0/16 to its neighbor only if 192.168.7.0/24 is not present in the IP routing table.

I want to advertise the same network if a network goes down, but a different hop (site). I'm not sure why I would want to advertise a different subnet in case another subnet goes down.

John

John Blakley Wed, 06/03/2009 - 10:03

Thanks Giuseppe! I'm going to configure it on my desk now and see what happens. =)

John

John Blakley Wed, 06/03/2009 - 11:05

Giuseppe,

I couldn't get this to work. The router that's being used for the backup path has the network as a connected network (because I created a loopback). So, when the route goes down from the other router, the router that I want to use as a backup for that internal route never comes up because it's connected and showing a rib failure in the BGP table.

Am I doing this wrong?

What I've got is the following:

Network I want for failover: 172.15.15.0

RouterA:

int lo17

ip address 172.15.15.1 255.255.255.0

access-list 7 permit 172.15.15.0 0.0.0.255

route-map NO7 permit 10

match ip address 7

route-map NONEXIST permit 10

match ip address 7

router bgp 1

network 172.15.15.0 mask 255.255.255.0

network 192.168.2.0 mask 255.255.255.0

neighbor 192.168.2.3 remote-as 3

neighbor 192.168.2.3 advertise-map NO7 non-exist-map NONEXIST

RouterD:

int lo7

ip address 172.15.15.1 255.255.255.0

router bgp 4

network 192.168.2.0 mask 255.255.255.0

network 172.15.15.0 mask 255.255.255.0

neighbor 192.168.2.3 remote-as 3

RouterC:

ip address 192.168.2.3

router bgp 3

network 192.168.2.0 mask 255.255.255.0

neighbor 192.168.2.1 remote-as 1

neighbor 192.168.2.4 remote-as 4

RouterC is acting like the PE router (which I don't have access to), and I'm trying to control these routing updates from one of my spoke routers. RouterD is my "corporate" side and RouterA would be my DR side.

Thanks,

John

Giuseppe Larosa Thu, 06/04/2009 - 01:02

Hello John,

I think you need to check for possible eBGP routes on the primary eBGP session if these are missing then you start to send the update to second ISP/router.

The usage of a connected network (loopback) can be affecting the results too.

I also had troubles first time I've tried this feature.

Hope to help

Giuseppe

Actions

This Discussion