BGP...Internet did not failover to the backup ISP

Tshi M · ‎08-17-2009

I am about to take over a network that is running a BGP with two ISPs. There is a single router that is connected to two service providers. Last month the primary ISP had some issues but the Internet did not fail over to the backup service provider. Could someone explain to me why? I am not an expert in BGP...

router bgp 65429

no synchronization

bgp log-neighbor-changes

network 208.x.x.0

timers bgp 15 30

neighbor ISP1 peer-group

neighbor ISP1 remote-as xxxx

neighbor ISP1 soft-reconfiguration inbound

neighbor ISP1 route-map ISP1-Default in

neighbor ISP1 route-map Route-Out-ISP1 out

neighbor ISP1 filter-list 50 in

neighbor ISP2 peer-group

neighbor ISP2 remote-as yyyy

neighbor ISP2 soft-reconfiguration inbound

neighbor ISP2 route-map ISP2-Default in

neighbor ISP2 route-map Route-Out-ISP2 out

neighbor ISP2 filter-list 51 in

neighbor 206.X.Y.113 peer-group ISP2

neighbor 208.V.W.81 peer-group ISP1

neighbor 208.V.W.82 peer-group ISP1

maximum-paths 2

no auto-summary

ip as-path access-list 50 permit xxxx

ip as-path access-list 51 permit yyyy

ip access-list extended ISP2_in

remark Stealth BGP

permit tcp host 206.X.Y.113 host 206.X.X.114 eq bgp

permit ip 206.X.X.X 0.0.0.15 host 206.X.X.114

permit gre any 208.X.X.0 0.0.0.255

permit ip any 208.X.X.0 0.0.0.255

deny ip any any log

ip access-list extended ISP2_out

remark out going traffic to Stealth Internet

permit ip 208.X.X.0 0.0.0.255 any

permit tcp host 206.X.X.114 host 206.X.Y.113 eq bgp

permit ip host 206.X.X.114 206.X.X.X 0.0.0.15 log

deny ip any any log

ip access-list extended ISP1_in

remark Yipes BGP

permit tcp host 208.V.W.81 host 208.X.X.83 eq bgp

permit tcp host 208.V.W.82 host 208.X.X.83 eq bgp

permit ip 208.X.X.X.0 0.0.0.15 host 208.X.X.83

permit gre any 208.X.X.0 0.0.0.255

permit ip any 208.X.X.0 0.0.0.255

deny ip any any log

ip access-list extended ISP1_out

remark out going traffic to Yipes Internet

permit ip 208.X.X.0 0.0.0.255 any

permit tcp host 208.X.X.83 host 208.V.W.81 eq bgp

permit tcp host 208.X.X.83 host 208.V.W.82 eq bgp

permit ip host 208.X.X.83 208.X.X.X. 0.0.0.15 log

deny ip any any log

Giuseppe Larosa · ‎08-17-2009

Hello Etienne,

I think you haven't provided enough information.

I see that you are getting only default routes from both ISPs and that you use maximum paths 2.

Said this, be aware that BGP well known port can be on each side so I think each ACL should have lines with eq bgp both on the destination and on the source side.

What is the output of:

sh ip route 0.0.0.0

sh ip bgp 0.0.0.0

how many default routes do you see in BGP and in the routing table?

Hope to help

Giuseppe

Tshi M · ‎08-17-2009

Hi Giuseppe,

I am inheriting this setup and trying to gather more information as I go along. I am planning to test the failover scenario next week. I have been on teh side line watching till I get control over it. Please see below:

Routing entry for 0.0.0.0/0, supernet

Known via "bgp 65429", distance 20, metric 0, candidate default path

Tag 6517, type external

Last update from 208.x.x.81 2w1d ago

Routing Descriptor Blocks:

* 208.x.x.82, from 208.x.x.82, 2w1d ago

Route metric is 0, traffic share count is 1

AS Hops 2

208.x.x.81, from 208.x.x.81, 2w1d ago

Route metric is 0, traffic share count is 1

AS Hops 2

======================================================================================================

BGP routing table entry for 0.0.0.0/0, version 4278

Paths: (6 available, best #1, table Default-IP-Routing-Table)

Advertised to peer-groups:

Stealth

6517 3356

208.x.x.81 from 208.x.x.81 (172.31.40.1)

Origin IGP, metric 0, localpref 200, valid, external, multipath, best

Community: 427098112

6517 3356, (received-only)

208.x.x.81 from 208.x.x.81 (172.31.40.1)

Origin IGP, metric 0, localpref 100, valid, external

Community: 427098112

6517 3549

208.x.x.82 from 208.x.x.82 (172.31.40.5)

Origin IGP, metric 0, localpref 200, valid, external, multipath

Community: 427098112

6517 3549, (received-only)

208.x.x.82 from 208.x.x.82 (172.31.40.5)

Origin IGP, metric 0, localpref 100, valid, external

Community: 427098112

8002

206.x.x.113 from 206.x.x.113 (207.x.x.12)

Origin IGP, localpref 110, valid, external

8002, (received-only)

206.x.x.113 from 206.x.x.113 (207.x.x.12)

Origin IGP, localpref 100, valid, external

=============================================================================================================

ISP2

BGP table version is 4278, local router ID is 208.x.x.254

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

* 0.0.0.0 206.x.x.113 110 0 8002 i

*> 206.x.y.0/19 206.x.x.113 110 0 8002 ?

*> 207.x.y.0/18 206.x.x.113 110 0 8002 ?

*> 207.x.y.0 206.x.x.113 110 0 8002 i

*> 208.x.y.0/23 206.x.x.113 110 0 8002 40399 i

Total number of prefixes 5

=====================================================================================================

ISP1

BGP table version is 4278, local router ID is 208.x.x.254

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

*> 0.0.0.0 208.x.x.81 0 200 0 6517 3356 i

Total number of prefixes 1

Giuseppe Larosa · ‎08-17-2009

Hello Etienne,

I see both default routes are installed in IP routing table.

I just would add

conf t

bgp community new-format

to have readable community values instead of 32 bits integers

Hope to help

Giuseppe