Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

Internet Redundancy using BGP

I have two separate Internet connections through two different providers connected via two separate routers. My Internet mail and Web IP addresses are provided by provider A. I want to ensure that redundant access to my email and Website are provided via provider B in the event that my WAN connection to provider A goes offline. I am using HSRP to provide redundancy for outbound traffic from my LAN. I assume I must apply for a public AS#. Or, can I borrow/lease one from one of my providers? Also, can anyone help me with the bgp configuration on my (C2611/2620) border routers? Do I want default routes only from my service providers? Do I need to set local preferences on my border routers given that I am using HSRP internally? Lots of questions. Any assistance would be greatly appreciated. And any reference materials you could suggest would also be greatly appreciated.

Thanks,

Dan

5 REPLIES
Silver

Re: Internet Redundancy using BGP

A lot of questions... so here a few answers:

Solve the HSRP (inside users finding the gateway to the internet) challenge independent of the BGP (gateway routers finding a path to the ISP) challenge. Also make sure you solve the BGP routing challenge in both directions (from the Internet and to the Internet).

Yes you will need BGP for web services (mail could be handled by multiple MX records in DNS). Note that even with BGP, your site can go down for over a minute any time a link goes down as it can take time for link problems to get detected and new routes propagated.

Defaults routes will do the job. If your ISPs support them, I prefer conditional default routes so I can route around problems inside the ISP. Keep in mind that using redundancy to improve availability can be at odds with using redundancy for higher bandwidth. There is more on this topic (and others) in chapter 8 of my book, High Availability Networking with Cisco. See my web site for more on the book and example listings from the book.

Good luck and have fun!

Vincent C Jones

www.networkingunlimited.com

New Member

Re: Internet Redundancy using BGP

As I said, I am trying to provide redundancy to my network from two separate ISP's on two separate routers. The HSRP config is not really an issue, but I'm a relative novice to bgp. I think I understand the basic bgp configuration tasks, but I'm grappling with some of the more subtle configuration issues.

These are Cisco 2600 routers and I don't want to burden them too much with BGP-related tasks. I want to limit the bgp routing updates to only those necessary to provide the redundancy I need. I want to be able to force the primary path for inbound traffic through ISP-A (who owns my email and web server IP addresses) and reroute through ISP-B if needed. I also want to prevent my network from being used as a transit network for other Internet traffic.

Below is a copy of my bgp configs. I need to confirm my configurations for route filtering. etc. Router A and Router B share a common Ethernet segment (210.140.64.160/27) internally.

Router A

Router bgp 100

no synchronization

network 210.140.64.160

neighbor 210.140.64.189 remote-as 100

neighbor 210.140.64.189 next-hop-self

neighbor 208.174.168.1 remote-as 300

no auto-summary

Router B

router bgp 100

no synchronization

network 210.140.64.160

neighbor 210.140.64.188 remote-as 100

neighbor 210.140.64.188 next-hop-self

neighbor 67.96.254.133 remote-as 400

neighbor 67.96.254.route-map bw out

no auto-summary

!

access-list 1 permit 210.140.64.160

route-map bw permit 10

match ip address 1

set as-path prepend 100

Re: Internet Redundancy using BGP

To prevent transit AS:

router bgp 100

neighbor x.x.x.x route-map notransit out

route-map notransit permit 20

match as-path 20

ip as-path access-list 20 permit ^$

ip as-path access-list 20 deny .*

If you are using 2600's I may be tempted (heavily) to only accept default routes from the providers and set a higher preference on the link you want to use for outbound traffic (or leave preference equal and let HSRP or MHSRP decide).

You can't force another AS to use one link over another, you can only influence them (their policy will override what you try to do, so it pays to cooperate and be friendly). Also, with prepending I would add more than one instance of your AS.

Hope it helps

Steve

New Member

Re: Internet Redundancy using BGP

In addition to Steve :

You should add default static routes with lowest admin weight towards ISP1 and higher on ISP2 as well. or Talk to your ISP to advertise default static routes to you and than apply preference to select the one through ISP1.

HSRP is just fine and have to do nothing with external world . moreover you can tag serial interface to some value in HSRP , when the link will be down decrement the priority by some value for the primary .

I guess you don't need public AS , Talk to your ISPs they will provide you a solution . they can strip private AS while advertising your networks to NAP or other ISPs.

Hope this make sense .

Regards,

New Member

Re: Internet Redundancy using BGP

Thanks to everyone for their generous replies.

119
Views
3
Helpful
5
Replies
CreatePlease to create content