03-27-2009 12:50 AM - edited 03-04-2019 04:07 AM
Hi everybody,
I have two Cisco 7513s connected to our ISP via BGP.
Router 1's IP is x.x.x.2
Router 2's IP is x.x.x.3
Our ISP's IP is x.x.x.1.
Both routers are connected to the ISP IP.
The weight on Router 1's BGP is set to 120 for while Router 2's is default.
All traffic (incoming/outgoing)would go thru Rtr 1 and would subsequently failover to Rtr 2 during any incident.
After an incident earlier this week, Rtr 2's link to ISP was disconnected and a few minutes later, the same thing happened to Rtr 1. When everything went back to normal, I found that all outbound traffic to ISP is going through Rtr 1 whereas all inbound traffic is coming from Rtr 2.
I tried shutting Rtr 2's ISP connection hoping traffic would go to Rtr 1 but that caused all inbound traffic to drop. I'm really not sure where to look to solve this problem but I'm sure a few heads are better than one to figure this out.
Thanks!
Solved! Go to Solution.
03-27-2009 01:16 AM
Hello Muhammad,
if you want to try to influence the inbound path chosen by ISP router you should use the MED:
R1 has to send out prefixes with a lower MED
R2 has to send out prefixes with an higher MED
use
route-map set_med_r1 permit 10
match ip address filter_private_ip
set metric 50
R1:
no neighbor x.x.x.1 distribute-list
filter_private_ip out
neighbor x.x.x.1 route-map set_med_r1 out
on R2:
route-map set_med_r2 permit 10
match ip address filter_private_ip
set metric 500
no neighbor x.x.x.1 distribute-list
filter_private_ip out
neighbor x.x.x.1 route-map set_med_r2 out
the idea is to change the outbound route filter with a route-map that for permitted routes set the metric (MED) field
lowest is preferred
Hope to help
Giuseppe
03-27-2009 12:55 AM
Here's Rtr 1's (x.x.x.2) configs:
router bgp MY_BGP
no synchronization
bgp log-neighbor-changes
bgp graceful-restart restart-time 120
bgp graceful-restart stalepath-time 360
bgp graceful-restart
network x.x.x.0 mask 255.255.255.248
redistribute static
neighbor x.x.x.1 remote-as ISP
neighbor x.x.x.1 version 4
neighbor x.x.x.1 soft-reconfiguration
inbound
neighbor x.x.x.1 distribute-list
filter_private_ip out
neighbor x.x.x.1 route-map MetroE-inbound in
no auto-summary
This is Rtr 2's (x.x.x.3) configs:
router bgp MY_BGP
no synchronization
bgp log-neighbor-changes
bgp graceful-restart restart-time 120
bgp graceful-restart stalepath-time 360
bgp graceful-restart
network x.x.x.0 mask 255.255.255.248
redistribute static
neighbor x.x.x.1 remote-as ISP
neighbor x.x.x.1
soft-reconfiguration inbound
neighbor x.x.x.1 distribute-list
filter_private_ip out
no auto-summary
03-27-2009 01:16 AM
Hello Muhammad,
if you want to try to influence the inbound path chosen by ISP router you should use the MED:
R1 has to send out prefixes with a lower MED
R2 has to send out prefixes with an higher MED
use
route-map set_med_r1 permit 10
match ip address filter_private_ip
set metric 50
R1:
no neighbor x.x.x.1 distribute-list
filter_private_ip out
neighbor x.x.x.1 route-map set_med_r1 out
on R2:
route-map set_med_r2 permit 10
match ip address filter_private_ip
set metric 500
no neighbor x.x.x.1 distribute-list
filter_private_ip out
neighbor x.x.x.1 route-map set_med_r2 out
the idea is to change the outbound route filter with a route-map that for permitted routes set the metric (MED) field
lowest is preferred
Hope to help
Giuseppe
03-27-2009 04:00 AM
Hi Giuseppe,
Thanks for the suggestion. Is there a reason why MED is preferred over weight in this scenario? Just trying to understand why this is important.
Thanks!
Muhammad
03-27-2009 04:17 AM
Hello Muhammad,
weight is a local parameter never passed in BGP updates and allows to choice the outbound paths only and only on R1.
MED is instead a parameter passed on BGP updates and it is the right tool here.
It it is the ISP router that decides how inbound traffic is sent to your devices not your router.
Up to now no parameters were set and the oldest eBGP route was used.
With MED you provide an explicit mechanism to say what is your preferred ingress point for inbound traffic
Hope to help
Giuseppe
03-27-2009 05:27 AM
Muhammad:
As-salameh a3laykum.
As Giuseppe pointed out, when you set the weight on R1, what you are doing is making the routes learned by R1 more preferable to your inside network.
For example, your ISP advertises a path to network 5.5.0.0/20 to both R1 and R2. By placing a higher weight on the routes learned by R1, you are making the outbound path to 5.5.0.0/20 more desirable through R1. Your BGP speakers on your network will say "R1 has the best path to the ISP. His routes have a higher weight than R2, so R1's routes are more efficient."
The truth is that the ISP advertised the same routes to both R1 and R2 with the same level of desirablility, but by placing the weight on R1, you make it look like it has a better path to the ISP and your routers will send their Internet-bound traffic to R1. So, weight is used to influence the OUTBOUND traffic from your network to the advertised network on the Internet.
But thats not what you want to do. You want to influence INBOUND traffic. You want to tell your service provider to use the link to R1, in other words to see R1 as the better path to your inside network.
So, the ISP router learns of your prefixes through R1 and R2 and then says, "hmmmm, which guy should I send traffic to?" The ISP will send traffic to whomever advertises a more desirable route to your inside networks. The way you do that is by setting the MED, otherwise known as the Metric. The ISP will learn routes from R1 with a better metric -- more desirable. So, R1 will then receive INBOUND traffic.
Makes sense?
I hope I dint kill the issue with too much detail. :-)
Victor
03-29-2009 03:56 AM
Another pretty quick fix is to just add your AS to the AS-Path a few times, making it have a high AS Path hop count, and thus less desirable.
route-map PREPEND permit 10
set as-path prepend
exit
!
router bgp
neighbor x.x.x.1 route-map PREPEND out
end
wr
04-05-2009 06:38 PM
Hi All,
Thanks for all the suggestions. The issue has been resolved. Apparently the problem was on the service provider end.
Again, thank you for all the suggestions!
04-05-2009 08:06 PM
Hi
i would say that MED is not always good option with ISPs as they not prefere it becuase it makes issue withthier routing
i would suggest to use as mentioned by other post
is AS prepend
or call your ISP and check which method they use some times ISPs ask to send a cipicific community strin to let them prefere that link with that community string
thank you
Hope this helps
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: