Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Due to BGP session, DMZ affected

Dear Friend,

I have problem in BGP network. Currently we have two ISP and both ISP terminated on two other router. Both routers are iBGP peer .Due to some performance issue we did AS-prepending on ISPA and set local preference for ISPB. This scenario works well since a long time. But now we are facing problem. We are facing problem in web dmz. There is connection full issue in web servers but at that time we are not getting any latency on any arm, Firewall shows every thing is going well .We romoved AS-Prepending and LP configuration for troubleshooting and found no solution. We did hit and trial method to troubleshoot after troubleshooting internal network and found that when we shut BGP session of ISPB, all things are going well.Web servers are working well. ISPB service provider told us that they are not getting any issue on their network.

Kindly suggest what’s the issue with BGP configuration.

3 REPLIES
New Member

Due to BGP session, DMZ affected

Hi Rajeev,

We need some more clarity on the design before we can comment on this.

Heavy traffic directed towards web servers cannot be simply attributed to BGP configuration as BGP is just a protocol that delivers the packet to the destination CEs from the ISPs.

But as far as I can see, I believe your servers might be becoming victim to broadcast packets. Please let us know whether your access to the internet for the servers is through the BGP peering, or do clients access the servers through some other way.

More info required. Maybe a rough design??

Cheers

Arun

New Member

Due to BGP session, DMZ affected

Hi Arun,

Actually we have firewall and IPS behind the BGP routers. we are not getting any broadcast traffic . We checked our network throughly and found no issue in our network. As i said using hit and trial method we just shut the BGP session of ISPB  to see what will happen. and surprised that the connections to web server which was full at the time of both ISP running was decreased and working well.

As i said in previous post, we are prefering ISPB. Is there any issue with ISPB? Why traffic from perticular ISP affects our web servers. In fact our web servers are not accessible at that time.

New Member

Due to BGP session, DMZ affected

Rajeev,

I would check the prefixes being sent through ISPB when it is not shut out and see whether ISPB is sending server prefix or any of its shorter matches. If not, maybe you are advertising the server prefixes only through ISPA and that might be making the servers inaccessible.

ALSO,

AS-path is an attribute we use to set path preference for incoming traffic, while Local preference sets path preference for outgoing traffic. Please check whether you are able to see any asymmetric routing going on between the IBGP peers.

Cheers

Arun

268
Views
0
Helpful
3
Replies
CreatePlease to create content