cisco bgp failover issue

kumarpmt83 · ‎02-17-2012

Hi,

Headoffice:

In my headoffice there are two cisco routers.one router is connected with bsnl mpls link and another router is connected with Tata mpls link.

In bsnl 3845 router Gig0/0 is configured as local Lan 10.10.30.100/22 and Gig0/1 as MPLS link(8Mbps).

Our bsnl router act as core router because all servers are connected with a gateway as 10.10.30.100.

In Tata router fa0/0 is 10.10.30.161/22 and fa0/1 as MPLS link(4Mbps).Two routers are connected with a switch.

Our two routers are running with bgp protocol.

Client end:

In my client end we have cisco 2900 router connected with two different ISP(bsnl and tata). Both are Mpls and running with bgp.

Local lan:10.10.50.0/23

Tata Link : 10.70.22.35/30

bsnl link:192.168.24.33/30

Our primary link connection is bsnl and secondary is Tata.

My problem:

If primary link is goes down means and my secondary route tata it takes.

In my client end Forward route they take Tata route and but my reverse route i will not take the tata route in my headoffice.

In my client end the destination traffic 10.10.30.0/22 it reaches the headoffice and it will not comeback to the client end.

what i am to do for the reverse traffic in my headoffice router.

I have attached the network diagram.

milan.kulik · ‎02-18-2012

Hi,

if I understand correctly, you need to establish a BGP peering between the bsnl and tata routers in your head office.

The bsnl router should accept the prefixes from tata router, but prefer the prefixes coming from bsnl WAN, of course.

So in a case of the bsnl line failure on the client site the client prefix disappears from the bsnl WAN but the bsnl router in the head office would still receive the prefix from tata and use it!

You might even advertise the tata prefix to the bsnl cloud to enable other client sites to reach the client site with the bsnl line failed.

But carefully (prepending the HQ AS number several times, e.g.) to make the original bsnl prefix winning when the client site line gets restored again!

If no BGP peering is available between the providers in your HQ, you might also use a default route (or some summary route for you client sites) configured on the bsnl router using the tata router HQ LAN IP address as the next-hop.

This is not so flexible but might also work for the HQ routing at least.

HTH,

Milan

kumarpmt83 · ‎02-19-2012

In my client end bsnl link down means second route tata takes and it is working.

My problem is in headoffice bsnl router.

After taking the tata route in the client end it reaches the Head office.and the reverse traffic reach first Headoffice bsnlrouter.The headoffice bsnl router tell that the route to reach the Headoffice Tata router and after it reaches the client end.

what configuration am i do in headoffice bsnlrouter.if any static route is needed in headoffice bsnl router.

how to establish bgp peering b/w bsnl and tata router in headoffice.

Kindly help me.i am very confusing.

milan.kulik · ‎02-20-2012

Hi,

I suppose you are not configuring the bsnl and tata routers but the providers do?

So you would need them to agree on BGP peering in your HQ.

If they don't agree, you might ask BSNL to configure a static route on thier router in your HQ pointing to the TATA router (10.10.30.161).

The static route could be for 10.10.50.0/23 to fix the particular client site.

It could be for 10.10.0.0/16 to cover more client sites possibly (I don't know your IP addressing plan).

It could even be a default route (again, depending on your IP addressing plan).

In any case, it's recommended to use a high administrative distance for this static route (254, e.g.).

HTH,

Milan

kumarpmt83 · ‎02-20-2012

Thank u

And also i try the static route in my headoffice bsnl router.

ip route 10.10.50.0 255.255.254.0 10.10.30.161.

After i put the static route in headoffice bsnl router,in the client end the incoming packets are taken from normal route through bsnl and reaches the Headoffice and but reverse traffic takes through Tata due to the static route.

Can i put the statis route like this.

ip route 10.10.50.0 255.255.254.0 192.168.89.65(our mpls link in my headoffice)

ip route 10.10.50.0 255.255.254.0 10.10.30.161 2.

If first route fails means it will take the second route or not.

the above static route is correct or not.

can i implement the above the static route in my headoffice router.

it will work or not.

milan.kulik · ‎02-20-2012

Hi,

I suppose you are receiving the route for 10.10.50.0/23 from the bsnl MPLS cloud via some dynamic routing protocol (like BGP, e.g.) under normal conditions?

So all you need is to configure

ip route 10.10.50.0 255.255.254.0 10.10.30.161 250

in your HQ bnsl router configuration.

Under normal condition, the bnsl router will receive the 10.10.50.0/23 prefix via the dynamic protocol and this dynamic prefix will be used for routing (due to better administrative distance).

When the bsnl line fails on the client site, the router in HQ will stop receiving the prefix from the dynamic routing protocol.

So the static route (administrative distance 250) will start to be used.

When the line is fixed on the client site, the dynamic route will start to be used again.

You just need to be careful and not advertise that static route to the dynamic routing protocol (or to make the metric extremally high).

It would be easier to use BGP peering between BSNL and TATA routers in your HQ if you know how to configure BGP.

There are much more flexible possiblities then.

HTH,

Milan

kumarpmt83 · ‎02-20-2012

I don't know how to configure bgp peering.

can u tell me how to configure.

kindly help me

milan.kulik · ‎02-21-2012

Hi,

here is a link you should read first:

http://www.cisco.com/image/gif/paws/23675/27.pdf

In your case, you might establish a bgp peering between bsnl router and tata router and filter what is advertised/received.

I suppose BGP is running already on your routers using AS number xxx on bsnl and yyy on tata.

For instance, you could configure on the bsnl router:

router bgp xxx

neighbor 10.10.30.161 remote-as yyy

neighbor 10.10.30.161 route-map to_tata out

neighbor 10.10.30.161 route-map from_tata in

!

ip prefix-list client_subnets seq 5 permit 10.10.50.0/23

!

route-map from_tata permit 10

match ip address prefix-list client_subnets

set local-preference 50

!

route-map to_tata deny 10

!

And similar (inverse) configuration on the tata router.

This way you would accept only the 10.10.50.0/23 form tata router and assign a low local preference attribute to that.

So as long as the same prefix would be received on the bsnl router from the bsnl backbone (default local preference 100), it would be preferred. When the prefix would disapper from the bsnl backbone in a case of the client line failure, the prefix received from tata would be used.

You could add some more prefixes to the prefix-list client_subnets and provide a backup connection for more client sites.

But always be sure you control what's advertised and received form the BGP neighbor.

HTH,

Milan

kumarpmt83 · ‎02-22-2012

i have little confusion with the route map.

U given a route map out and in.

what does mean in the route map.

why u give the local preference 50??

what i am to configure in the tata router.

milan.kulik · ‎02-22-2012

Hi,

as I don't know what's configured on the routers currently and how your netwok looks like in details, I just gave you an example what you could add to your router configurations.

So

neighbor 10.10.30.161 route-map from_tata in

applies a route-map named from_tata on prefixes coming from the tata neighbor router 10.10.30.161.

If you look what the route-map from_tata does in details:

route-map from_tata permit 10

match ip address prefix-list client_subnets

set local-preference 50

So it permits only prefixes matching the prefix-list client_subnets, .i.e., only a single prefix 10.10.50.0/23 = the client site prefix. All other prefixes received from the tata router will be rejected by the implicit deny in the end of the route-map.

set local-preference 50 command is decreasing the local preference attribute of that received prefix.

The defult value is 100.

So as long as the same prefix exists in the BGP table received from bsnl WAN, it will be used as having better BGP attributes.

Only in a case the prefix is not received from bsnl WAN anymore, the prefix received from tata will be used.

The other route map is applied to prefixes sent to the tata router:

neighbor 10.10.30.161 route-map to_tata out

As the route-map to_tata contains only a single line

route-map to_tata deny 10

it does not permit anything and no prefix will be advertised to the tata neighbor.

I your real config you would probably need to modify the route-maps.

You might need to permit more prefixes received from tata.

You might also need to advertise some prefixes to tata.

You might also need to filter which prefixes would be advertised to the WAN.

But that's what YOU have to know - nobody knows your network better then you.

You would need to configure tata router similar (but inverse) way.

So you might need to filter which prefixes you would be advertising to the bsnl neighbor and which prefixes you are permitting to receive. And posibly to modify BGP attributes.

But you need some BGP knowledge for that.

If you have no BGP knowledge so far, I'd recommend to study BGP basics first.

Or to hire somemobody with BGP knowledge to configure your routers in the HQ.

HTH,

Milan