Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

BGP/HSRP Ethernet failover

I am currently running BGP between 2 ISP's over HSRP between (2) 2621 routers. I have HSRP setup between the 2 routers as well as tracking of the Serial interfaces for failover. This seems to work great in the case of a T1 failure or a router hardware failure however, in the case of a Ethernet port failure it does not seem to work. I even added a Track F0/0 which handles the HSRP failover however the BGP routes are still active on the active T1 interface. How can I keep this redudancy alive even during a F0/0 failure.

3 REPLIES

Re: BGP/HSRP Ethernet failover

Hope I understand your requirements.

HSRP is working for your LAN side, you can even remove the track f0/0 as the missed keepalives between the f0/0 interfaces will force the failover on the LAN side. Once this failover has occurred, your failed BGP router should stop advertising it's routes (otherwise it blackholes about half of the people accessing your site). How are your routers learning the routes that they are advertising? If it's via a routing protocol, those routes will drop from the router once the f0/0 fails, and the routes will drop from the BGP table (won't get advertised). Once the f0/0 is up, your IGP will learn the routes again and BGP will start advertising again. If the route advertising is directly connected (ie f0/0's network), when f0/0 fails the route will withdraw from BGP.

Hope it helps.

Steve

New Member

Re: BGP/HSRP Ethernet failover

Can you explain from my config below?

Router A

!

!

interface FastEthernet0/0

ip address 1.2.3.3 255.255.255.0

no ip mroute-cache

duplex auto

speed auto

standby 1 ip 1.2.3.2

standby 1 priority 105

standby 1 preempt

standby 1 authentication foobar

!

interface Serial0/0

bandwidth 1536

ip address 4.3.2.130 255.255.255.252

ip access-group 101 in

ip access-group 101 out

no ip mroute-cache

no fair-queue

!

interface FastEthernet0/1

no ip address

no ip mroute-cache

shutdown

duplex auto

speed auto

no cdp enable

!

router bgp 12345

no synchronization

bgp log-neighbor-changes

network 1.2.3.0 mask 255.255.255.0

neighbor 1.2.3.4 remote-as 12345

neighbor 1.2.3.4 next-hop-self

neighbor 4.3.2.129 remote-as 1111

neighbor 4.3.2.129 soft-reconfiguration inbound

no auto-summary

!

ip classless

ip route 0.0.0.0 0.0.0.0 4.3.2.129

end

ROUTER B

!

!

!

interface FastEthernet0/0

ip address 1.2.3.4 255.255.255.0

no ip redirects

no ip proxy-arp

no ip mroute-cache

duplex auto

speed auto

standby 1 ip 1.2.3.2

standby 1 priority 110

standby 1 preempt

standby 1 authentication foobar

standby 1 track Se0/0

!

interface Serial0/0

bandwidth 1536

ip address 2.1.1.246 255.255.255.252

no ip redirects

no ip proxy-arp

encapsulation ppp

no ip mroute-cache

no fair-queue

service-module t1 clock source internal

service-module t1 timeslots 1-24

!

interface FastEthernet0/1

no ip address

no ip mroute-cache

shutdown

duplex auto

speed auto

!

router bgp 12345

no synchronization

bgp log-neighbor-changes

network 1.2.3.0 mask 255.255.255.0

neighbor 1.2.3.3 remote-as 12345

neighbor 1.2.3.3 next-hop-self

neighbor 2.1.1.245 remote-as 2222

neighbor 2.1.1.245 soft-reconfiguration inbound

neighbor 2.1.1.245 route-map foo out

no auto-summary

!

ip classless

ip route 0.0.0.0 0.0.0.0 2.1.1.245

no ip http server

!

access-list 2 permit 1.2.3.0 0.0.0.255

route-map foo permit 10

match ip address 2

set as-path prepend 12345 12345

Re: BGP/HSRP Ethernet failover

If routerB's s0/0 fails, HSRP will fail over. If routerB's f0/0 fails, HSRP will failover as the keepalives (hello's) between routerB and routerA fails. RouterA stops receiving the hellos and becomes HSRP active. LAN side has failed over. Now for the WAN side, you shouldn't have to do much. Remove no synch (so it needs to synch with the IP table). RouterB's BGP is learning the route that it is advertising via the network command, but that route must still be in the IP table for it to advertise. If the f0/0 fails, that network is removed from the IP table, hence routerB won't advertise the BGP route any more. Only routerA is now. If you add more routes other than 1.2.3.0/24 and learn them via a protocol (eg OSPF or EIGRP), when the f0/0 fails, the route will be removed from the IP table and BGP will stop advertising them.

You may want to add a route-map to filter other AS' as well (so you don't become a transit AS).

eg

ip as-path access-list 20 permit ^$

ip as-path access-list 20 deny .*

!

route-map test permit 20

match as-path 20

Hope it is clear.

Steve

533
Views
0
Helpful
3
Replies