Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Basic BGP question

Hello all,

  I've got 2 edge routers, each with a fiber connection to my ISP (2 separate circuits, same ISP).  I've got my public ASN, and BGP is working properly with my ISP on each of these routers.  What I need to set up is failover...so if one router's neighbor fails than my outbound internet traffic automatically fails over to the other.  I assume I need to set up iBGP peer group for these 2 routers?

Thanks,

Sean

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Gold

Re: Basic BGP question

Sean

Based on what you have described here it is possible that there is some problem with how you advertise your networks to the ISP from the second router or there could be a problem on the ISP side about receiving those routes. I would suggest that we start by looking at how you advertise your networks to the ISP from the second router. Can you post the config (at least the BGP parts) for the second router?

HTH

Rick

14 REPLIES
Hall of Fame Super Blue

Re: Basic BGP question

pondersean wrote:

Hello all,

  I've got 2 edge routers, each with a fiber connection to my ISP (2 separate circuits, same ISP).  I've got my public ASN, and BGP is working properly with my ISP on each of these routers.  What I need to set up is failover...so if one router's neighbor fails than my outbound internet traffic automatically fails over to the other.  I assume I need to set up iBGP peer group for these 2 routers?

Thanks,

Sean

Sean

Depends on how you are routing from the edge routers to your internal network. If you are using HSRP you can simply track the WAN facing interfaces of your edge routers.

If you are propagating the BGP learned routes to the internal devices then if one link goes down the internal device will simply use the one remaining link.

So how exactly how are you routing from your LAN to your edge routers ?

Jon

Community Member

Re: Basic BGP question

I've got HSRP set up on the "inside" of my edge routers...so my firewalls use a virtual IP for next hop and out of my LAN.  I'm not running any internal routing protocols (OSPF, EIGRP, RIP, etc) instead using static routes.

I've got eBGP set up on each router to my ISP (Level3) and is working properly.  Now I just want to ensure that if one of these circuits goes down then my traffic automatically flops over to the backup.

Community Member

Re: Basic BGP question

sounds like you need to just add #standby (group number) track (wan interface) ---- into your HSRP configuration on the active router, also you will want to add the #standby (group number) preempt ----- command on the active router configuration to force a re-election when the interface comes back up.

Hall of Fame Super Blue

Re: Basic BGP question

pondersean wrote:

I've got HSRP set up on the "inside" of my edge routers...so my firewalls use a virtual IP for next hop and out of my LAN.  I'm not running any internal routing protocols (OSPF, EIGRP, RIP, etc) instead using static routes.

I've got eBGP set up on each router to my ISP (Level3) and is working properly.  Now I just want to ensure that if one of these circuits goes down then my traffic automatically flops over to the backup.

Sean

Then as James says you just need to HSRP track the WAN interfaces on your edge routers. Make sure you have preempt enabled on both routers.

Jon

Community Member

Re: Basic BGP question

I agree 100% with jon.marshall.

Hall of Fame Super Gold

Re: Basic BGP question

I would offer a word of caution here. The solution is probably not quite as simple as just adding track the WAN interface in HSRP. In the original post Sean describes the connection to the router as fiber. It would help to know specifics of how the fiber connects to the router. If the connection is an Ethernet interface on the router then there is an issue. With Ethernet it is quite possible that you lose connectivity to the next hop but the interface still shows as up/up. And in this situation a simple track the WAN interface does not catch the loss of connectivity.

I agree that since the firewalls are forwarding to a virtual address that the solution needs to deal with HSRP. But I think that HSRP needs to track availability of the ISP router or track the presence of some route advertised by the ISP.

HTH

Rick

Community Member

Re: Basic BGP question

Each of the routers has a direct link via SMF to my ISP's router.  So this is using the SFP interface in auto-negotiate mode.

I've added neighbor entries to initiate iBGP on the two routers...and eBGP is working properly.  Just isn't failing over when I do a "shut" on my primary router's SFP interface.

HSRP is monitoring the inside interface only...I'll add the WAN interface to this.

-Sean

Hall of Fame Super Blue

Re: Basic BGP question

pondersean wrote:

Each of the routers has a direct link via SMF to my ISP's router.  So this is using the SFP interface in auto-negotiate mode.

I've added neighbor entries to initiate iBGP on the two routers...and eBGP is working properly.  Just isn't failing over when I do a "shut" on my primary router's SFP interface.

HSRP is monitoring the inside interface only...I'll add the WAN interface to this.

-Sean

Sean

I don't think IBGP gives you anything here. You are not a transit AS and you are only really concerned with failing over outbound.  Just simply track the WAN interfaces. Not sure what you mean by tracking the inside interface - do you mean you are tracking it or simply running HSRP ?

Jon

Hall of Fame Super Silver

Re: Basic BGP question

Hello all,

I agree with Rick's concerns

one possible solution to take advantage on an iBGP session is to add a direct link between the two edge routers, in this way even if HSRP state is not the correct one ( it missed an indirect failure for example) BGP routing will do the job.

Otherwise HSRP should track more then simple WAN interface state, an IP SLA towards eBGP peer address could be a good test.

Hope to help

Giuseppe

Community Member

Re: Basic BGP question

I got HSRP working properly...so now my outbound traffic fails over correctly.  Thanks for all the help guys!

The one last piece that isn't working is external connections.  If I "down" one of my routers, traffic destined for my BGP-advertised network never reaches it.  Both routers are advertising the network to my ISP, but only one router is actually receiving traffic for that network.

Hall of Fame Super Gold

Re: Basic BGP question

Sean

Based on what you have described here it is possible that there is some problem with how you advertise your networks to the ISP from the second router or there could be a problem on the ISP side about receiving those routes. I would suggest that we start by looking at how you advertise your networks to the ISP from the second router. Can you post the config (at least the BGP parts) for the second router?

HTH

Rick

Community Member

Re: Basic BGP question

OK we figured it out.  Turns out my ISP had a static route to the primary router that didn't get removed when they turned up the backup circuit to my second router.  They removed the static route and everything is working as intended.

Thanks for all of your help guys!

-Sean

Hall of Fame Super Gold

Re: Basic BGP question

Sean

I am glad that you got the issue resolved. Thank you for posting back to the forum indicating that it was fixed (and thanks for the rating). It makes the forum more useful when people can read about a problem and can know from the markings that the problem was solved. And your is a good example of the point that the problem is not always something on our side of the network.

HTH

Rick

Community Member

Re: Basic BGP question

Yes Sean, I am glad to see the HSRP worked for you.

788
Views
0
Helpful
14
Replies
CreatePlease to create content