Currently, we have a traffic with one upstreamer of 600 Mbps and we are planning to migrate to have another upstreamer to migrate parcial traffic ( 150 Mbps) only to the new upstreamer.
How we can acheive this if we will receive the defulat route from both upstreamers?
1- If I migrate some /24 network to one upsteamer and prepend the on the old upstreamer. then in this case the incoming traffic will be coming through new upstreamer while the outgoing will go thgouh the old upstreamer which will cuase Ansymatrric traffic flow.
2- If I create a BPR to route the out going taffic also then in case the new upstramer faild then the traffic will not be autmatically route to the old upstreamer.
There are some things in your drawing that I do not understand. And this prevents me from giving you good answers. Your drawing show Internet connected to upstreamer1 and to upstreamer2 which are connected to ISP. So where is your network in this drawing? Also the drawing shows 7 networks that are /24 and have public addresses. Are these your networks or are they something else? If you provide clarification then perhaps we can give better answers.
if you are concerned just about link fault, why don’t you use PBR with tracking ? This way you can verify reachability of the next hop and use the link just if it is up. Otherwise you can use some EEM feature (I don’t know so much about this technology so this is just an idea).
Another way to balance traffic could be receive a default router from both neighbor (and prefer the one form the old link using some PA, for example local preference) and some specific networks just form the neighbor on the new link. This way traffic to that networks will use the new link, if available. The problem is to predict the path used by remote AS without knowing how upstream1 and upstream2 are connected to Internet. What are this AS ? How are they connect to Internet ? Moreover: can you ask to upstream1/2 to do some manipulation of your bgp announce ? In this case it is possible to use communities to avoid or change the way your neighbor will propagates your networks and modify how traffic will flow from Internet to your network
I don’t think it is a good idea, this solution require a lot of CPU and memory on your router and good skills in managing BGP. It is quite simpler to have some specific network form one neighbor and using its link to send traffic to that network. If you carefully choose that network, traffic will be symmetric because of BGP metric and path selection algorithm. For example, if you decide to receive only network originated in that AS, traffic will flow back on the new link because of shortest AS-PATH. Another way could be to receive NLRI for international destination from the new link (if your international traffic is less than the national). Of course you have to sure that the amount of traffic to/from that network is less thatn 150Mbps.
If you prefer to receiving the full routing table form both of your BGP neighbor be sure your router have enough cpu and memory to manage it (nowadays at least 1GB of RAM is requirement). If it is the case you can balance outgoing traffic modifying some BGP attribute (typically the local preference) for a subset of networks, for example using an as-path access-list. Incoming traffic can be balanced using prepend. In any case asymmetric routing may happen in BGP, and avoid it is not easy. Why it is a problem for you ? (NAT, VPN,…).
Tip: conditional advertisng could be a solution in your environment ?
Yes our router can handle the Fulll BGP traffic as we have 8GB RAM. In case I got the full BGP traffic then I need a traffic visibility e.g netflow to show how my traffic flow to the internet destination Isnt it?
and based on this then I have to blance my traffic.
Is asymmetric is a normal case in BGP? We have many customer using a VPN, do you mean this will be affect by Assymetric traffic?
Do you mean by conditional advertising that some /24 will be advertise to upstream-1 and some to upstreamer-2?
I think netflow could be useful to know "where" is your traffic directed and the amount of traffic more than the way it flows. The way it flows depends on your routing and bgp tables and you can examine them with a couple of show commands. In any case that's the idea: once you know where is your traffic directed you can choose how to balance it between the links (I mean: which link will be used for certain networks, and which for all the others).
Asymmetric routing could be a problem in case of VPN but, as far as I know, not in case the VPN concentrator is behind your router. I think it's enough that packets arrives and leaves your VPN concentrator through the same interface to/from the same remote IP address.
Conditional advertising is a feature that permits to advertise a network to a neighbor if a network exist or not exist in the BGP table. For example, you can advertise a couple of network on the new link and receive just the default network. In case of failure, BGP session will expire, default network will no longer be present in BGP table (at least the default coming from the new link) and this condition can trigger advertising of that networks on the old link.
I made a little Lab to show how this feature works (see architecture.jpg and config.txt):
Look at the first picture: as you can see R3 has some network from R1 but miss 10.1.1.0/24 and 10.1.2.0/24
Then (Picture 2), I shut down R2 neighborship with R1, and suddenly R3 delete networks form R2. After 30 seconds, R1 send advertisement for net 10.1.1.0/24 and 10.1.2.0/24 and R3 add these net to BGP and routing table
Finally (picture 3 and 4), neighborship between R1 and R2 is restored, R3 receives R2 networks and a little bit later receives withdrawn for net 10.1.1.0/24 and 10.1.2.0/24 and removes them form BGP and routing table
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...