cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1818
Views
0
Helpful
14
Replies

Basic BGP question

pondersean
Level 1
Level 1

Hello all,

  I've got 2 edge routers, each with a fiber connection to my ISP (2 separate circuits, same ISP).  I've got my public ASN, and BGP is working properly with my ISP on each of these routers.  What I need to set up is failover...so if one router's neighbor fails than my outbound internet traffic automatically fails over to the other.  I assume I need to set up iBGP peer group for these 2 routers?

Thanks,

Sean

1 Accepted Solution

Accepted Solutions

Sean

Based on what you have described here it is possible that there is some problem with how you advertise your networks to the ISP from the second router or there could be a problem on the ISP side about receiving those routes. I would suggest that we start by looking at how you advertise your networks to the ISP from the second router. Can you post the config (at least the BGP parts) for the second router?

HTH

Rick

HTH

Rick

View solution in original post

14 Replies 14

Jon Marshall
Hall of Fame
Hall of Fame

pondersean wrote:

Hello all,

  I've got 2 edge routers, each with a fiber connection to my ISP (2 separate circuits, same ISP).  I've got my public ASN, and BGP is working properly with my ISP on each of these routers.  What I need to set up is failover...so if one router's neighbor fails than my outbound internet traffic automatically fails over to the other.  I assume I need to set up iBGP peer group for these 2 routers?

Thanks,

Sean

Sean

Depends on how you are routing from the edge routers to your internal network. If you are using HSRP you can simply track the WAN facing interfaces of your edge routers.

If you are propagating the BGP learned routes to the internal devices then if one link goes down the internal device will simply use the one remaining link.

So how exactly how are you routing from your LAN to your edge routers ?

Jon

I've got HSRP set up on the "inside" of my edge routers...so my firewalls use a virtual IP for next hop and out of my LAN.  I'm not running any internal routing protocols (OSPF, EIGRP, RIP, etc) instead using static routes.

I've got eBGP set up on each router to my ISP (Level3) and is working properly.  Now I just want to ensure that if one of these circuits goes down then my traffic automatically flops over to the backup.

sounds like you need to just add #standby (group number) track (wan interface) ---- into your HSRP configuration on the active router, also you will want to add the #standby (group number) preempt ----- command on the active router configuration to force a re-election when the interface comes back up.

pondersean wrote:

I've got HSRP set up on the "inside" of my edge routers...so my firewalls use a virtual IP for next hop and out of my LAN.  I'm not running any internal routing protocols (OSPF, EIGRP, RIP, etc) instead using static routes.

I've got eBGP set up on each router to my ISP (Level3) and is working properly.  Now I just want to ensure that if one of these circuits goes down then my traffic automatically flops over to the backup.

Sean

Then as James says you just need to HSRP track the WAN interfaces on your edge routers. Make sure you have preempt enabled on both routers.

Jon

I agree 100% with jon.marshall.

I would offer a word of caution here. The solution is probably not quite as simple as just adding track the WAN interface in HSRP. In the original post Sean describes the connection to the router as fiber. It would help to know specifics of how the fiber connects to the router. If the connection is an Ethernet interface on the router then there is an issue. With Ethernet it is quite possible that you lose connectivity to the next hop but the interface still shows as up/up. And in this situation a simple track the WAN interface does not catch the loss of connectivity.

I agree that since the firewalls are forwarding to a virtual address that the solution needs to deal with HSRP. But I think that HSRP needs to track availability of the ISP router or track the presence of some route advertised by the ISP.

HTH

Rick

HTH

Rick

Each of the routers has a direct link via SMF to my ISP's router.  So this is using the SFP interface in auto-negotiate mode.

I've added neighbor entries to initiate iBGP on the two routers...and eBGP is working properly.  Just isn't failing over when I do a "shut" on my primary router's SFP interface.

HSRP is monitoring the inside interface only...I'll add the WAN interface to this.

-Sean

pondersean wrote:

Each of the routers has a direct link via SMF to my ISP's router.  So this is using the SFP interface in auto-negotiate mode.

I've added neighbor entries to initiate iBGP on the two routers...and eBGP is working properly.  Just isn't failing over when I do a "shut" on my primary router's SFP interface.

HSRP is monitoring the inside interface only...I'll add the WAN interface to this.

-Sean

Sean

I don't think IBGP gives you anything here. You are not a transit AS and you are only really concerned with failing over outbound.  Just simply track the WAN interfaces. Not sure what you mean by tracking the inside interface - do you mean you are tracking it or simply running HSRP ?

Jon

Hello all,

I agree with Rick's concerns

one possible solution to take advantage on an iBGP session is to add a direct link between the two edge routers, in this way even if HSRP state is not the correct one ( it missed an indirect failure for example) BGP routing will do the job.

Otherwise HSRP should track more then simple WAN interface state, an IP SLA towards eBGP peer address could be a good test.

Hope to help

Giuseppe

I got HSRP working properly...so now my outbound traffic fails over correctly.  Thanks for all the help guys!

The one last piece that isn't working is external connections.  If I "down" one of my routers, traffic destined for my BGP-advertised network never reaches it.  Both routers are advertising the network to my ISP, but only one router is actually receiving traffic for that network.

Sean

Based on what you have described here it is possible that there is some problem with how you advertise your networks to the ISP from the second router or there could be a problem on the ISP side about receiving those routes. I would suggest that we start by looking at how you advertise your networks to the ISP from the second router. Can you post the config (at least the BGP parts) for the second router?

HTH

Rick

HTH

Rick

OK we figured it out.  Turns out my ISP had a static route to the primary router that didn't get removed when they turned up the backup circuit to my second router.  They removed the static route and everything is working as intended.

Thanks for all of your help guys!

-Sean

Sean

I am glad that you got the issue resolved. Thank you for posting back to the forum indicating that it was fixed (and thanks for the rating). It makes the forum more useful when people can read about a problem and can know from the markings that the problem was solved. And your is a good example of the point that the problem is not always something on our side of the network.

HTH

Rick

HTH

Rick

Yes Sean, I am glad to see the HSRP worked for you.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: