Using PBR for BGP Redundancy

Unanswered Question
Jan 30th, 2012
User Badges:

Hi All,

I am working on a multihomed network. There's a BGP session with ISP1 and I'm on the point of setting up a BGP session with another ISP2. I'll like ISP2 to be a Backup link and must only be used when ISP 1 is down.

In fact , i'll like to use ISP 2 when the ping on some internet address goes down. Cos at times the prob is not with ISP 1 but further upstream.

I intend to use PBR and IP SLA. Below is my configuration

interface FastEthernet0/0

description Connected to ISP 2

ip address

duplex auto

speed auto


interface FastEthernet1/0

description Connected to ISP 1

ip address

duplex auto

speed auto


interface FastEthernet2/0

ip address

ip policy route-map BACKUP

duplex auto

speed auto

router bgp 37034

no synchronization

bgp log-neighbor-changes



neighbor remote-as 15964

neighbor description ISP 1

neighbor ebgp-multihop 255

neighbor weight 100

neighbor route-map Permit_default_route in

neighbor remote-as 8513

neighbor description ISP 2

neighbor ebgp-multihop 255

neighbor route-map Permit_default_route in

no auto-summary

route-map BACKUP permit 10

match ip address 101

set ip next-hop verify-availability 1 track 30

ip sla monitor 3

type echo protocol ipIcmpEcho

ip sla monitor schedule 3 life forever start-time now

track 30 rtr 3 reachability

access-list 101 permit ip any any

route-map Permit_default_route permit 10

match ip address 12

My real problem now is causing the router to remove the default route through ISP 1 from the routing table when the ping on goes down so as to use the route throught ISP 2.

Thanks for your help in advance.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Calin Chiorean Mon, 01/30/2012 - 11:47
User Badges:
  • Silver, 250 points or more


You said:

i'll like to use ISP 2 when the ping on some internet address goes down

and then I see that you monitor

This is not an Internet address as it's a private IP address and if you don't have in the routing table (meaning unreachable) the your solution is working correct.

Do you have some kind of VPN remote site from where you should get

Or the IP addresses are not the real used ones? Can we see an output of the routing table?



Bethuelle Mon, 01/30/2012 - 23:11
User Badges:

Hye ,

This is what the Routing Table looks like:

IBR-YDE#show ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route

Gateway of last resort is to network

C is directly connected, FastEthernet2/0

C is directly connected, FastEthernet1/0

C is directly connected, FastEthernet0/0

B* [20/0] via, 00:00:35

Calin Chiorean Mon, 01/30/2012 - 23:25
User Badges:
  • Silver, 250 points or more

OK, now that we clarify this, I may have a solution for you:

I did this a while ago and I believe it's exactly what you need in term of IP SLA. The idea is that you have to use an IP SLA and only when the result of the IP SLA is down (meaning a deny there ! NOT, from the programming language).

Let me know if my solutions helps you!




This Discussion

Related Content