BGP with HSRP. BGP is creating problem.

prashantrecon · ‎05-28-2012

Hi,

I have 3 cisco 2800.

R1 is my main router which is working fine with it,s bgp.

Now I have configure bgp with hsrp on R2 and R3 as

Router R2 config :

Router#sh running-config

Building configuration...

Current configuration : 1600 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Router

!

boot-start-marker

boot-end-marker

!

logging message-counter syslog

enable password cisco

!

no aaa new-model

memory-size iomem 5

!

dot11 syslog

ip source-route

!

ip cef

!

no ipv6 cef

!

multilink bundle-name authenticated

!

voice-card 0

no dspfarm

!

archive

log config

hidekeys

!

interface FastEthernet0/0

ip address 203.x.x.223 255.255.255.0

duplex auto

speed auto

standby 1 ip 203.x.x.225

standby 1 priority 120

standby 1 preempt

!

interface FastEthernet0/1

ip address 202.x.x.2 255.255.255.0

duplex auto

speed auto

!

router bgp 45000

bgp log-neighbor-changes

neighbor 202.x.x.1 remote-as 18101

!

address-family ipv4

neighbor 202.x.x.1 activate

neighbor 202.x.x.1 route-map reliance-in in

neighbor 202.x.x.1 route-map reliance-out out

no auto-summary

no synchronization

network 203.x.x.0

exit-address-family

!

ip forward-protocol nd

no ip http server

no ip http secure-server

!

ip prefix-list default seq 5 permit 0.0.0.0/0

!

ip prefix-list r-out seq 5 permit 203.x.x.0/24

!

route-map r-in permit 10

match ip address prefix-list default

set local-preference 500

!

route-map r-out permit 10

match ip address prefix-list r-out

!

control-plane

!

line con 0

logging synchronous

line aux 0

line vty 0 4

password x.x.x.x

login

!

scheduler allocate 20000 1000

end

My main router R1 is working fine with it,s old bgp configure.

My hsrp woth router R2 and R3 is working fine.

At starting I think my bgp with hsrp is working fine on r2 and r3.

But after some times bgp configure on R2 is starting to create problem on my Main router R1.(My VPN on R1 is affecting once R2 start )

Note: I am using my Apnic ip range on both R1 (main) and R2

Note: R1 and R2 are not in same LAN.

Peter Paluch · ‎05-28-2012

Hello Prashant,

Please help us understand your configuration better before we can give advices:

Can you post a picture of your network topology so we can understand how your network is connected, where are the BGP routers and where is the HSRP deployed?
What is the purpose of using HSRP here? Is it there to provide a redundant gateway to end hosts? Please note that the HSRP is not generally intended to be used between routers. Routers have routing protocols to provide for redundancy.
What exactly does it mean that "bgp configure on R2 is starting to create problem on my Main router R1."?

Best regards,

Peter

prashantrecon · ‎05-29-2012

Hi,

1: Please find a diagram.All three router are in same place but R1 is in diffrent LAN network.R 2 and R3 are configure as BGP with hsrp for another LAN network.HSRP is configured for r2 and r3.

2: YES for router redudancy .

3:R1 is already in production ok once r2 and r3 start working after some time my VPN for R1 router is affected also websites is not opening.

Peter Paluch · ‎05-30-2012

Hello Prashant,

Thank you for the diagram and the answers.

I am still not certain about the nature of your problem. If I understand you correctly, the Site A that uses R1 is working fine and its own internet connectivity is not affected. Is this correct?

You are saying that once R2 and R3 start working, after some time, your VPN for R1 router is affected. How affected?

What kind of VPN is used? GRE, IPsec, GRE-over-IPsec, SSL?
What are the VPN tunnel endpoints? Where are the VPN clients located and where/what is the access concentrator, i.e. the opposite side of the VPN connection?
What exactly do you mean by "VPN is affected"? Does that mean that the VPN connections are torn down? Does the VPN connectivity fail entirely?

Can you also perform some basic troubleshooting and data gathering when the connectivity is affected, like performing a ping and/or traceroute and seeing if the traffic goes the proper way, optionally where does it get misrouted or lost?

I apologize for not being able to provide any more help right now. I am still trying to understand which site is having problems, how do the problems manifest themselves (but in more precise terms, not just by concluding "it's not working" - that does not help at all), what is the possible role of BGP in creating this issue, etc.

Oh, by the way, did these problems first appear when you implemented HSRP? Was your network working correctly without HSRP?

Best regards,

Peter

prashantrecon · ‎05-30-2012

question is

there are there router

scenario 1

One router is running bgp 0.0.0.0 n/w is adverisites at out direction

and 203.x.x.x n/w adversited at in direction.

snerio 2

two routers with bgp running and hsrrp

as you can observe 0.0.0.0 n/w is adverisites at out direction

and 203.x.x.x n/w adversited at in direction.

snerio 1 is working fine.

when i bring scenerio 2 in to production for different lan

Than scenario 1 gets affected like ipsec vpn gets affected.

Note - scenario 1 and senario have no link two each other .

Is that while returing back for 203.x.x.x traffic bgp is geeting affected ?

prashantrecon · ‎06-02-2012

Can anyone suggest