Solved: Re: BGP Multihoming & single Router, load sharing and automatic fail over - Page 3

gasparmenendez · ‎11-06-2017

hi folks,

after been waiting for a while finally I'm ready to have BGP with my 2 ISP's...right now I have this configured on my ASR:

router bgp 2625
bgp log-neighbor-changes
network 170.X.X0.0 mask 255.255.252.0
neighbor 208.Y.Y.181 remote-as 35498
neighbor 208.Y.Y.181 password 7 151E66
neighbor 208.Y.Y.181 route-map L3 out
!
ip prefix-list L3 seq 10 permit 170.X.X0.0/22 le 27
ip prefix-list L3 seq 15 deny 0.0.0.0/0
!
route-map L3 permit 10
match ip address prefix-list L3
!

Contencion1001-X#sh ip bgp summary
BGP router identifier 208.Y.Y.182, local AS number 2625
BGP table version is 2508974, main routing table version 2508974
655803 network entries using 162639144 bytes of memory
655803 path entries using 78696360 bytes of memory
103801/103751 BGP path/bestpath attribute entries using 25742648 bytes of memory
89989 BGP AS-PATH entries using 4634324 bytes of memory
4619 BGP community entries using 575242 bytes of memory
48 BGP extended community entries using 1344 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 272289062 total bytes of memory
BGP activity 684995/29188 prefixes, 705406/49603 paths, scan interval 60 secs

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
208.Y.Y.181 4 35498 563553 3349 2508734 0 0 1d01h 655802
Contencion1001-X#

and it's working fine, but as you can see I still don't establish BGP with my second ISP. What I want to achieve is the following (after establish BGP session with my second ISP):

want to split my whole public network (/22) in two /23 to make load-sharing
want to pass 170.X.X0.0/23 inbound and outbound traffic via LVL3
want to pass 170.X.X2.0/23 inbound and outbound traffic via MTC

both routes must be active at the same time
in case of failure of any one of the ISP's, traffic must be automatically routed via the other one

things to be considered:

I have a whole block of public IP addresses 170.80.240.0 /22
ISP LVL3 is sending me the full routing table and ISP MTC only default-route

I found this post: https://supportforums.cisco.com/t5/wan-routing-and-switching/bgp-multihoming-with-2-isp-on-single-router/td-p/2722860which is very similar to what I want to do and tried to adjust to my specific scenario, but since my network is in production I need to be very carefull before make any changes This is what I think I need to set up:

router bgp 2625
bgp log-neighbor-changes
no synchronization
no auto-summary
network 170.X.X0.0 mask 255.255.254.0
network 170.X.X2.0 mask 255.255.254.0
neighbor 208.Y.Y.181 remote-as 35498
neighbor 208.Y.Y.181 desc LVL3
neighbor 208.Y.Y.181 password ********
neighbor 208.Y.Y.181 route-map L3 out
neighbor 208.Y.Y.181 route-map UPSTREAM1 out
neighbor 208.Y.Y.181 prefix-list FULL in
neighbor 187.Z.Z.112 remote-as 1933
neighbor 187.Z.Z.112 desc MTC
neighbor 187.Z.Z.112 password ********
neighbor 187.Z.Z.112 route-map MT out
neighbor 187.Z.Z.112 route-map UPSTREAM2 out
neighbor 187.Z.Z.112 prefix-list DEFAULT-ONLY in
!
!
interface TenGigabitEthernet0/0/0
description *** ISP Level3 ***
ip address 208.Y.Y.182 255.255.255.252
!
interface TenGigabitEthernet0/0/1
description *** ISP Metrocarrier ***
ip address 187.Z.Z.113 255.255.255.254
!
interface TenGigabitEthernet0/1/0
description *** ASA 5580 ***
ip address 170.X.X0.1 255.255.255.240
ip policy route-map OUTBOUND-INTERNET
!
!
ip prefix-list DEFAULT-ONLY seq 10 permit 0.0.0.0/0 =======> should I set another one for the FULL table ????
!
!
ip prefix-list L3 seq 10 permit 170.X.X0.0/22 le 27
ip prefix-list L3 seq 15 deny 0.0.0.0/0
!
route-map L3 permit 10
match ip address prefix-list L3
!
!
ip prefix-list MT seq 10 permit 170.X.X0.0/22 le 27
ip prefix-list MT seq 15 deny 0.0.0.0/0
!
route-map MT permit 10
match ip address prefix-list MT
!
!
ip access-list extended LVL3
permit ip 170.X.X0.0 0.0.1.255 any
ip access-list extended MTC
permit ip 170.X.X2.0 0.0.1.255 any

!
ip sla 1
icmp-echo 208.Y.Y.181 source-interface TenGigabitEthernet0/0/0
frequency 30
ip sla schedule 1 life forever start-time now
ip sla 2
icmp-echo 187.Z.Z.112 source-interface TenGigabitEthernet0/0/1
frequency 30
ip sla schedule 2 life forever start-time now
!
track 1 ip sla 1 reachability
track 2 ip sla 2 reachability
!
route-map OUTBOUND-INTERNET permit 10
description send 170.X.X0.0/23 out Level3
match address LVL3
set ip next-hop verify-availability 208.Y.Y.181 10 track 1
!
route-map OUTBOUND-INTERNET permit 20
description send 170.X.X2.0/23 out Metrocarrier
match address MTC
set ip next-hop verify-availability 187.Z.Z.112 20 track 2
!
ip access-list standard bgp-up1
permit 170.X.X0.0 0.0.1.255
!
ip access-list standard bgp-up2
permit 170.X.X2.0 0.0.1.255
!
route-map UPSTREAM1 permit 20
match address bgp-up1
route-map UPSTREAM1 permit 40
match address bgp-up2
set as-path prepend 47117
!
route-map UPSTREAM2 permit 20
match address bgp-up2
route-map UPSTREAM2 permit 40
match address bgp-up1
set as-path prepend 47117
!

Can anybody help me please and tell me what I need to modify in order to achieve my gold??

Thanks in advance.

gasparmenendez · ‎11-16-2017

sorry folks for been away, had to work out of the office.

Finally it was an ISP problem, so now my BGP is up and running well and failover works fine. Maybe in a couple of weeks I'll start to work in the load-sharing ,but that's for another thread!!!

Thank you all!!!

Georg Pauwen · ‎11-16-2017

What was the problem ? Richard's suggestion that the ISP did not accept your address space ?

gasparmenendez · ‎11-16-2017

according to them, it was something related to the local-preference attribute in their configuration...

thanks!

Richard Burts · ‎11-16-2017

Thanks for posting back to the forum to let us know that your problem has been resolved and that the issue was something with ISP 2. Thank you for marking this discussion as solved. This will help other readers in the forum to identify discussions with helpful information.

HTH

Rick

HTH

Rick