09-13-2008 05:34 PM - edited 03-03-2019 11:32 PM
hi,
we use a Cisco 3825 router for our wan. we use both verizon and at&t as our carriers. verizon is our primary circuit for all networks. at&t is our failover and would like to utilize its unused bandwidth for lotus notes (10.40.1.18 and .19) to traverse. how can i load balanc or apply PBR on the at&t wan link? i tried to use a route-map (added 20 and 30) and set a weight of 300, but doesn't work after clearing both neighbors.
Solved! Go to Solution.
09-13-2008 06:32 PM
ur case is multihomed bgp
u could simply do it as u mentioned through route-map
but the route map needs to be applied to the LAN interface so the traffic coming from 10.40.1.18 and 19 will be send to AT&T as next-hop all other traffic will not be inculded in the route-map
for example
lets say the AT&T next hope ip is 1.1.1.1
access-list 1 permit host 10.40.1.18
access-list 1 permit host 10.40.1.19
access-list 1 deny any
the deny for excluding all other traffic from this map
route-map lotus-map permit 10
match ip address 1
set next-hop 1.1.1.1
route-map lotus-map permit 20
the second map to permit all other traffic and lotus traffic in case of AT&T is down
now lets say ur LAN interface is fa0/1
fa0/1
ip policy route-map lotus-map
good lcuk
if helpful Rate
09-13-2008 06:32 PM
ur case is multihomed bgp
u could simply do it as u mentioned through route-map
but the route map needs to be applied to the LAN interface so the traffic coming from 10.40.1.18 and 19 will be send to AT&T as next-hop all other traffic will not be inculded in the route-map
for example
lets say the AT&T next hope ip is 1.1.1.1
access-list 1 permit host 10.40.1.18
access-list 1 permit host 10.40.1.19
access-list 1 deny any
the deny for excluding all other traffic from this map
route-map lotus-map permit 10
match ip address 1
set next-hop 1.1.1.1
route-map lotus-map permit 20
the second map to permit all other traffic and lotus traffic in case of AT&T is down
now lets say ur LAN interface is fa0/1
fa0/1
ip policy route-map lotus-map
good lcuk
if helpful Rate
09-14-2008 09:14 AM
thanks! i will be testing it today. will post here the results. is it possible to apply 2 route map policies in the LAN interface? there is one currently used.
09-14-2008 01:25 PM
i tried the solution u mentioned, but unfortunately it didn't work. the best or preferred route is still the VzB link (neighbor 147.225.26.5). am i missing something here?
Router#sh ip bgp 10.40.1.18
BGP routing table entry for 10.40.1.0/24, version 12354
Paths: (2 available, best #2, table Default-IP-Routing-Table)
Flag: 0x820
Not advertised to any peer
13979 13979
10.40.0.6 from 10.40.0.6 (12.123.65.185)
Origin IGP, localpref 100, weight 100, valid, external
65000 65000
147.225.26.5 from 147.225.26.5 (159.24.199.113)
Origin IGP, localpref 100, weight 200, valid, external, best
09-14-2008 01:31 PM
i forgot to include our bgp config:
router bgp 1
no synchronization
bgp log-neighbor-changes
network 10.41.4.0 mask 255.255.252.0
network 10.41.8.0 mask 255.255.254.0
network 10.41.24.0 mask 255.255.254.0
network 10.41.28.0 mask 255.255.255.0
neighbor 10.40.0.6 remote-as 13979
neighbor 10.40.0.6 weight 100
neighbor 10.40.0.6 filter-list 1 out
neighbor 147.225.26.5 remote-as 65000
neighbor 147.225.26.5 weight 200
neighbor 147.225.26.5 filter-list 1 out
no auto-summary
09-14-2008 04:06 PM
You will NOT see PBR reflect in bgp. THe best way to make sure this is working is thru tracert and verify htat packets are taking the right path.
"Show ip policy" to verify route-map is working.
Another concern is traffic coming back this might not be taking the SP that you would like
09-14-2008 05:42 PM
it was working all along. i should be troubleshooting or making trace routes behind the router. i was troubleshooting within the router. this one came from the LAN switch :D
vimix1#traceroute 10.40.1.19
Type escape sequence to abort.
Tracing the route to 10.40.1.19
1 10.41.4.1 0 msec 0 msec 4 msec
2 10.40.0.6 8 msec 12 msec 8 msec
3 10.40.0.1 28 msec 28 msec 24 msec
4 10.40.1.19 24 msec 24 msec 24 msec
vimix1#traceroute 10.40.1.18
Type escape sequence to abort.
Tracing the route to mail.hhshoppers.net (10.40.1.18)
1 10.41.4.1 0 msec 0 msec 0 msec
2 10.40.0.6 12 msec 12 msec 8 msec
3 10.40.0.1 24 msec 24 msec 32 msec
4 mail.hhshoppers.net (10.40.1.18) 24 msec 20 msec 20 msec
vimix1#traceroute 209.191.93.52
Type escape sequence to abort.
Tracing the route to f1.www.vip.mud.yahoo.com (209.191.93.52)
1 10.41.4.1 4 msec 12 msec 4 msec
2 147.225.26.5 8 msec 16 msec 16 msec
3 68.138.30.77 12 msec 12 msec 20 msec
4 68.138.30.78 20 msec 20 msec 28 msec
5 10.40.1.1 20 msec 20 msec 16 msec
6 146.12.3.30 24 msec 20 msec 20 msec
7 Serial2-8.GW9.LAX4.ALTER.NET (208.222.14.149) 32 msec 24 msec 24 msec
8 138.at-1-0-0.XL1.LAX4.ALTER.NET (152.63.115.74) 20 msec 24 msec 36 msec
9 0.so-5-0-0.XL1.LAX15.ALTER.NET (152.63.115.197) 28 msec 24 msec 24 msec
10 0.so-6-0-0.BR1.LAX15.ALTER.NET (152.63.116.21) 28 msec 20 msec 24 msec
11 192.205.34.29 24 msec 24 msec 24 msec
12 tbr2.la2ca.ip.att.net (12.127.3.214) 60 msec 64 msec 60 msec
13 cr2.la2ca.ip.att.net (12.122.19.221) 64 msec 60 msec 60 msec
14 cr2.dlstx.ip.att.net (12.122.28.177) 60 msec 60 msec 60 msec
15 tbr2.dlstx.ip.att.net (12.122.18.222) 64 msec 60 msec 60 msec
16 gar8.dlstx.ip.att.net (12.122.100.77) 56 msec 60 msec 64 msec
17 12.86.20.18 64 msec 56 msec 64 msec
18 ae2-p110.msr2.mud.yahoo.com (216.115.104.109) 60 msec 64 msec 60 msec
19 te-8-1.bas-c2.mud.yahoo.com (68.142.193.7) 68 msec
te-8-1.bas-c1.mud.yahoo.com (68.142.193.5) 64 msec
te-9-1.bas-c1.mud.yahoo.com (68.142.193.9) 64 msec
20 * * *
09-14-2008 05:54 PM
u need to traceroute from an IP included in the ACL in the route map
09-14-2008 06:50 PM
you need to traceroute from 10.40.1.18 and 10.40.1.19
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide