I have two BGP routers configured to peer with two different ISP. All works well.
I am using HSRP on the LAN to track the primary link and if that fails, use the secondary link.
The problem is that I experienced an issue where the physical link did not go down, but BGP peering with the upstream neighbor was down.
HSRP off course continue to chhose the primary link, as the interface was still up. So my customer was down for sometime, until I administratively shut down the primary interface, so that HSRP will choose the secondary BGP router.
How can I avoid this in future, what is a better technology to use.
HSRP is fine, but use object tracking with it.
We have a similar config, but run iBGP between our two routers, and additionally ask the ISPs to send us default routes. If the BGP session goes down, the default route goes away causing the backup provider to be used.
ok, not quite clear about this solution. Say your workstations have the default gateway as the BGP router that has just lost the BGP session with the ISP Upstream router.
so this router default route leaves the routing table. Are you implying that the other BGP router will inject its default route into this router?
Thanks guys for this thread ... I am obviously experiencing the same problem with the BGP/HSRP implementation that p.holley is having.
I have a question to add to the mix in response to osiristrading123 comments ... how can I tell that my provider is actually giving me its default routes?
The routing policy for my AS is as follows:
AS XXXX accepts the local routes from both providers, along with a default for the rest of the Internet routes... and yet When BGP breaks on my primary ISP... no failover occurs (outbound flows still try to go out via the primary provider).
Thanking you all in advance.
sh ip bgp neighbors
Will show what routes are being received from that neighbour. Was the session completely down, or was there only a problem further down the line with one of your ISP's peers?
May be try to configure an IP SLA monitor to track the remote ip address of you WAN link.
With the correct Ios version (I think it's 12.3 something) you can link this Sla monitor to your HSRP session .
If the Sla monitor goes down you will then decrement your Hsrp priority hence you dont rely on your interface physical state anymore but on the layer3 layer of this interface.
More infos can be found here
It sounds likes you need to peer your two routers together with iBGP share the routes between the two routers then you can keep your HSRP tracking and not worry about the IP Accounting (IP SLA) commands. You can do this with a full routing table or default route being received from the eBGP peer, then for real coolness, run multiple HSRP groups and you can then load-balancing the ISP's and have the routers failover each other.
This way routing will go over the cross-link between the peers and continue to route out to the internet.
Thanks mate for your prompt reply... in regards to your question .... BGP went down... but HSRP never saw it coming .... and for some reason that I still don't understand (even though I have ibgp running between my border routers) outbound traffic never found its way out through ISP2 ....
I have trple-checked my config and it is down to the letter ... hence ... if bgp fails my site becomes a blind puppy......
I attach a document which describes a few scenarios to avoid a BGP blackhole. I'm not sure if it matches your scenario exactly but I have followd some of the recommendations in this document in a few customer cases successfully.
As described above you can also use SLA functionality to change the HSRP priority in the same way...
currently I'm working on the pretty same situation, how to decrease priority when the link is not working but the interface is up.
For now I've found several solutions, like the other guys mentioned above.
Solution with pinging external address (ex. ISP router interface) seems to be fine, but for me it isn't. I don't want to rely on something like ping.
There is kind of the solution with looking into the routing table for the specific network. It might be nice, when we are working with BGP, the link to the ISP fails, the route received from BGP is deleted from the table, the tracking will discover it.
Not in my case, I'm having two default routes with different weights, and in case of problem with BGP, I have backup static default route. So, let's say my router will always have default route (maybe not working, but it will be there ;-) ).
Unfortunately, I don't see the possibility to track the ip route reachibility via the given address. (it might solve the problem, I think)