Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

cisco bgp multihoming 2 upstream -> expert question <-

hi all and thank's all want help me ...

i've a session bgp with one provider with no problem announcing a /21 aggregate class ..

in few days a new upstream provider will give me bgp session ...

the question is : can i announce some classes to one provider and some on the other (for example a /23 on isp1 a /22  and another /23 on the other provider ?

i've read very guide (like this http://www.nanog.org/meetings/nanog34/presentations/smith.pdf
) but with no success .. (maybe i don't understand and now i can't test enough)

my question primary is : now i've default route ip 0.0.0.0 0.0.0.0 pointing to isp1 gateway ... when isp2 acivate the new link can i advertise my classes (only a part) to the isp2 provider and insert a new default route for the isp2 and all work ?

other question is (can i use fail over and load balancing also if the two links have not the same bandwidth ? )

thank you to all can help me ..

p.s. now i'm receving Full Routing Table from ISP1

Everyone's tags (3)
3 ACCEPTED SOLUTIONS

Accepted Solutions
Hall of Fame Super Blue

cisco bgp multihoming 2 upstream -> expert question <-

If you simply want to use load balancing then i would just use the default route to both ISPs, there is no benefit to getting full routes.

Ideally each ISP sends you a default route and your 2911 simply load balances between them. Note it is better to get the ISP to send you a default because if the ISP connection fails then you no longer receive the route and you automatically send all traffic down the other link. If you configure the defaults as statics on your router then you will need to use IP SLA to track the state of each ISP link.

Using BGP is useful if you want to influence which path you want traffic to take both inbound and outbound. If your links do not have the same bandwidth then you may want to receive a default route from one ISP and partial routes + a default from the other ISP. The partial + default would be used on the link with the higher bandwidth.

In terms of your public addressing you need to check with the providers if they are happy to advertise out each others address space. If they don't then if ISP1s link fails and you are using ISP1s addressing for NAT this traffic will not come via the ISP2 link. So -

Is there a reason you want to receive full routes ?

What do you intend to do with them or are you happy to use a default route ?

How are you going to use the public addressing eg. is it used for NAT and if so what type of NAT ie. internal clients on private addressing to the internet and/or servers accessible from the internet ?

If the links are not the same bandwidth do you want to just use them both equally with default routes or do you want to try and send more over the link with more bandwidth ?

You need answers to all this before you can decide what is the best solution.

Jon

cisco bgp multihoming 2 upstream -> expert question <-

Hello

I agree with Jons  comments - unless you need to receive full routing prefixes or even partial routes from your SP , then its just a waste  memory, cpu process and BW on your routers and links- Defaults in this case would be applicable.

However if you require some partial routes and instead of receiving the route table and then perform filtering  you can use a very useful feature ( inline with you SP) called ORF ( outbound route filtering).

This allows you to state what route prefixes you wish to accept from your ISP and only these routes will be advertised to your router saving  resource and BW...

I would also advised to prohibit you routers from be a transit path between the two Service providers.

ORF

http://www.cisco.com/c/en/us/td/docs/ios/12_2s/feature/guide/fsbgporf.html

Prohibit your ASN from becoming  a transit ASN

ip as-path access-list 1 permit ^$

Router bgp xx

neighbor xxx.xxx.xxx.xxx filter-list 1 out (isp1)
neighbor xxx.xxx.xxx.xxx filter-list 1 out (isp2)

res

Paul

Please don't forget to rate any posts that have been helpful.

Thanks.

Please don't forget to rate any posts that have been helpful. Thanks.
Hall of Fame Super Blue

cisco bgp multihoming 2 upstream -> expert question <-

Roberto

the strange things is that if i set a public ip from class_isp2 i use the download of the link2 and the upload of the link1

This happens because you have 2 default routes. The first default route is chosen and sends it via ISP1 but when the packet is returned the destination IP is one owned by ISP2 so it is routed via ISP2 and comes in on the ISP2 link. If you want it to go out via ISP2 as well then you need to use PBR.

if i announce aggregate class (so /21) on both provider and subclasses some to provider and some to others with different metric i will not resolve ?

Maybe, and then again, maybe not. You need to talk to your providers to find out what they do in this case. Generally speaking providers advertise out their whole address space as an aggregate route to other providers etc. They may not be happy to then have to advertise your address spaces as well. I cannot answer this for you, only they can.

So you are wanting to NAT ISP1 public address to ISP2 public address for some addresses. How do you determine which addresses you want to NAT ie. is it based on destination IP, source IP etc.

Jon

21 REPLIES

cisco bgp multihoming 2 upstream -> expert question <-

That is possible. You can use prefix or route maps to advertise certain routes to certain carriers. Here's a good write up on BGP filtering.

https://learningnetwork.cisco.com/servlet/JiveServlet/download/347273-78678/How%20do%20prefix%20list%20work.pdf

Yes is also the answer to your second question. Again using route maps, you can manipulate routes both advertised and received.

cisco bgp multihoming 2 upstream -> expert question <-

thank you i'll read the doc and try (hope tomorrow)

thank you ... i will inform you ..

Re: cisco bgp multihoming 2 upstream -> expert question <-

again a question (maybe stupid )

for route-map incoming now i've this

ip as-path access-list 5 permit .*

ip as-path access-list 5 permit ^$

route-map ingresso_isp1 permit 10

match as-path 5

neighbor xxx.xxx.xxx.xxx route-map ingresso_isp1 in

must change something or can use also for isp2 ?

thank you very much

Hall of Fame Super Blue

Re: cisco bgp multihoming 2 upstream -> expert question <-

Roberto

That route map matches everything in the first statement so the second statement is not needed ie. ".*" means match anything so it will never get to the "^$".

What exactly do you want to match ?

Jon

Re: cisco bgp multihoming 2 upstream -> expert question <-

hi,

i don't know if i must receive full routing table from both provider ...

is this necessary ?

thank you again

Hall of Fame Super Blue

Re: cisco bgp multihoming 2 upstream -> expert question <-

Roberto

Up to you really. Receiving full routes requires a lot of memory on your routers. Do you need full routes ? Most likely not. It depends on how you want to load balance outbound traffic across the links. Without knowing what you want to do it's hard to say.

Edit - just read your orignal post. If you have default route why are you receiving full routes ? Have you checked with your providers as to whether they are happy to advertise out the other ISPs address space ?

Also your route map is not filtering anything ie. it allows any route with any AS PATH in it. Is this what you want ?

Jon

Re: cisco bgp multihoming 2 upstream -> expert question <-

at this time i'm receving full route from isp1 and announcing all classes on this isp1..

i want to split some classes on isp2 and some others on isp1 ..

subsequently i'd like to using failover and load balancing on two links ...

the router is a 2911/k9 with ram upgraded to 2,5 Gb...-

which is the best solution according to you ?

Hall of Fame Super Blue

cisco bgp multihoming 2 upstream -> expert question <-

If you simply want to use load balancing then i would just use the default route to both ISPs, there is no benefit to getting full routes.

Ideally each ISP sends you a default route and your 2911 simply load balances between them. Note it is better to get the ISP to send you a default because if the ISP connection fails then you no longer receive the route and you automatically send all traffic down the other link. If you configure the defaults as statics on your router then you will need to use IP SLA to track the state of each ISP link.

Using BGP is useful if you want to influence which path you want traffic to take both inbound and outbound. If your links do not have the same bandwidth then you may want to receive a default route from one ISP and partial routes + a default from the other ISP. The partial + default would be used on the link with the higher bandwidth.

In terms of your public addressing you need to check with the providers if they are happy to advertise out each others address space. If they don't then if ISP1s link fails and you are using ISP1s addressing for NAT this traffic will not come via the ISP2 link. So -

Is there a reason you want to receive full routes ?

What do you intend to do with them or are you happy to use a default route ?

How are you going to use the public addressing eg. is it used for NAT and if so what type of NAT ie. internal clients on private addressing to the internet and/or servers accessible from the internet ?

If the links are not the same bandwidth do you want to just use them both equally with default routes or do you want to try and send more over the link with more bandwidth ?

You need answers to all this before you can decide what is the best solution.

Jon

cisco bgp multihoming 2 upstream -> expert question <-

Hello

I agree with Jons  comments - unless you need to receive full routing prefixes or even partial routes from your SP , then its just a waste  memory, cpu process and BW on your routers and links- Defaults in this case would be applicable.

However if you require some partial routes and instead of receiving the route table and then perform filtering  you can use a very useful feature ( inline with you SP) called ORF ( outbound route filtering).

This allows you to state what route prefixes you wish to accept from your ISP and only these routes will be advertised to your router saving  resource and BW...

I would also advised to prohibit you routers from be a transit path between the two Service providers.

ORF

http://www.cisco.com/c/en/us/td/docs/ios/12_2s/feature/guide/fsbgporf.html

Prohibit your ASN from becoming  a transit ASN

ip as-path access-list 1 permit ^$

Router bgp xx

neighbor xxx.xxx.xxx.xxx filter-list 1 out (isp1)
neighbor xxx.xxx.xxx.xxx filter-list 1 out (isp2)

res

Paul

Please don't forget to rate any posts that have been helpful.

Thanks.

Please don't forget to rate any posts that have been helpful. Thanks.

cisco bgp multihoming 2 upstream -> expert question <-

then assuming that the full routing table does not serve me ( which is likely ) .. enough for me to announce my routes in a splitted between my two isp .. filter routes incoming from my ISP and add the two default route to the gateway of the isp ?

so I should do such a thing ..

ip prefix-list isp1 seq 1 permit  3.3.3.0/24

ip prefix-list isp2 seq 1 permit 3.3.3.1/23

ip as-path access-list 1 permit ^$

router bgp xxx

network 3.3.3.0 mask 255.255.255.0

network 3.3.3.  1 mask  255.255.254.0

neighbor  . . .  remote-as 70

neighbor  . . .  route-map GW1_out  out

neighbor  . . .  route-map GW1_in  in

neighbor   . . .  filter-list 1 out

neighbor  . . .  remote-as 80

neighbor  . . .  route-map GW2_out  out

neighbor  . . .  route-map GW2_in in

neighbor   . . .   filter-list 1 out

route-map GW1_out permit 10

match ip address prefix-list isp1

route-map GW2_out permit 10

match ip address prefix-list isp2

but i must filter all incoming routes from each ISP? if yes how ?

setting metric in route-map can i able to have fail-over ?

thanks to all ... i will rate your post

Re: cisco bgp multihoming 2 upstream -> expert question <-

here me again ... i've setup the second isp with the following configuration route are correctly advertised for each provider

dropping off the FRT

router bgp MYASN

no synchronization

bgp log-neighbor-changes

network xx.yy.zz.0 mask 255.255.255.0

network xx.yy.tt.0 mask 255.255.254.0

network xx.yy.kk.0 mask 255.255.252.0

aggregate-address xx.yy.ss.0 255.255.255.0

redistribute connected

neighbor isp1neighbor remote-as isp1as

neighbor isp1neighbor ebgp-multihop 10

neighbor isp1neighbor update-source GigabitEthernet0/2

neighbor isp1neighbor soft-reconfiguration inbound

neighbor isp1neighbor route-map isp1_in in

neighbor isp1neighbor route-map isp1_out out

neighbor isp1neighbor filter-list 5 out

neighbor isp2firstneighbor remote-as isp2as

neighbor isp2firstneighbor ebgp-multihop 10

neighbor isp2firstneighbor update-source GigabitEthernet0/0

neighbor isp2firstneighbor soft-reconfiguration inbound

neighbor isp2firstneighbor route-map isp2_in in

neighbor isp2firstneighbor route-map isp2_out out

neighbor isp2firstneighbor filter-list 5 out

neighbor isp2secondneighbor remote-as isp2as

neighbor isp2secondneighbor ebgp-multihop 10

neighbor isp2secondneighbor update-source GigabitEthernet0/0

neighbor isp2secondneighbor soft-reconfiguration inbound

neighbor isp2secondneighbor route-map isp2_in in

neighbor isp2secondneighbor route-map isp2_out out

neighbor isp2secondneighbor filter-list 5 out

no auto-summary

!        

ip forward-protocol nd

!        

ip as-path access-list 5 permit ^$

ip route 0.0.0.0 0.0.0.0 gw_to_isp2

ip route 0.0.0.0 0.0.0.0 gw_to_isp1

ip route isp1neighbor 255.255.255.255 gw_to_isp1

ip route isp2firstneighbor 255.255.255.255 gw_to_isp2

ip route isp2secondneighbor 255.255.255.255 gw_to_isp2

!        

!        

ip prefix-list class_isp2 seq 5 permit  xx.yy.ss.0/24

ip prefix-list class_isp2 seq 7 permit xx.yy.zz.0/24

!        

ip prefix-list class_isp1 seq 1 permit xx.yy.tt.0/23

ip prefix-list class_isp1 seq 2 permit xx.yy.kk.0/22

route-map isp1_in permit 10

match as-path 5

!        

route-map isp2_in permit 10

match as-path 5

!        

route-map isp2_out permit 10

match ip address prefix-list class_isp2

!        

route-map isp1_out permit 10

match ip address prefix-list class_isp1

!        

the strange things is that if i set a public ip from class_isp2 i use the download of the link2 and the upload of the link1





same if i make a tracert

same things from an ip of the isp1_class

some ideas from big expert ?

thank you

if i would setting failover link must i use metric on ip route 0.0.0.0 ? thank you

Messaggio modificato da Roberto Costantini

Hall of Fame Super Blue

Re: cisco bgp multihoming 2 upstream -> expert question <-

Are you doing NAT for private internal addresses ?

How do you want to use the public addressing ie. is it for NAT purposes ?

Edit - you are filtering all routes from each ISpP with your filter list. Do you know if the ISP is sending you a default route ? If each ISP is then failover is a lot easier. You can accept the default route from each ISP and if the link fails you can send all traffic down the other link.

If you are not receiving a default route then for failover you will need to run IP SLA to check the status of the links to each ISP.

Please confirm whether each ISP is sending a default route or not.

Jon

Re: cisco bgp multihoming 2 upstream -> expert question <-

hi jon,

behind the router that is pppoe concentrator tha deploy public ip addressing so ip route on bgp router for classes (example xx.yy.zz.00/22 is pointing to pppoe concentrator ip) ... no nat ...

i've set default route for both isp but i don't know how can i check if they are sending me their default route .. ..

thank you ..

Hall of Fame Super Blue

cisco bgp multihoming 2 upstream -> expert question <-

So no NAT for the /22 but what about ISP2, how you intend to use those.

As you can probably see, BGP multihoming with failover using 2 different ISPs and different address ranges is a complicated issue. If you want true failover then you need to be able to advertise ISP1s addresses via ISP2 and vice versa which you are not doing at the moment.

So if ISP1 connection failed the ISP1 address range could be routed back via ISP2. But the ISPs might not want to do this because it messes with their address aggregation.

I think you need to talk to the ISPs, to find out what they are willing to do in terms of advertising each others address space, whether or not they can just send you a default route and not the whole routing table etc.

Only when you have answers to these questions can you design a solution that works.

Jon

cisco bgp multihoming 2 upstream -> expert question <-

now i'm switching trough pppoeserver public ip pool some to isp1 (dynamic client) and some to isp2(static client)

so  reading in this document . http://onesc.net/communities/as701/bordergateproto.pdf

if i announce aggregate class (so /21) on both provider and subclasses some to provider and some to others with different metric i will not resolve ?

the strange think and which i don't understand because i'm using upload from a provider and download from another ???!?!?!?

thank you

Hall of Fame Super Blue

cisco bgp multihoming 2 upstream -> expert question <-

Roberto

the strange things is that if i set a public ip from class_isp2 i use the download of the link2 and the upload of the link1

This happens because you have 2 default routes. The first default route is chosen and sends it via ISP1 but when the packet is returned the destination IP is one owned by ISP2 so it is routed via ISP2 and comes in on the ISP2 link. If you want it to go out via ISP2 as well then you need to use PBR.

if i announce aggregate class (so /21) on both provider and subclasses some to provider and some to others with different metric i will not resolve ?

Maybe, and then again, maybe not. You need to talk to your providers to find out what they do in this case. Generally speaking providers advertise out their whole address space as an aggregate route to other providers etc. They may not be happy to then have to advertise your address spaces as well. I cannot answer this for you, only they can.

So you are wanting to NAT ISP1 public address to ISP2 public address for some addresses. How do you determine which addresses you want to NAT ie. is it based on destination IP, source IP etc.

Jon

cisco bgp multihoming 2 upstream -> expert question <-

Hall of Fame Super Blue

Re: cisco bgp multihoming 2 upstream -> expert question <-

Roberto

Yes, very much like that but you may also need a NAT setup if you want to use ISP2's address ranges.

Do you want to NAT ISP1 addresses to ISP2 addresses if they go via ISP2 ?

Jon

Re: cisco bgp multihoming 2 upstream -> expert question <-

sorry i don't understand ... i won't use nat ... my isp (twice) give me only a /30 to connect ptp circuit to go internet and propagate bgp ... all address that i use are mine expect that using for interfaces facing to isp1 and isp2 !

thank you for your patience

Hall of Fame Super Blue

cisco bgp multihoming 2 upstream -> expert question <-

So if the source IP is from ISP1 then you send it out of the ISP1 interface. If the source IP is from ISP2 then you send it out of the ISP2 interface ?

If so you do not need NAT. But what happens if the link to ISP2 fails. You send an IP with a source IP from ISP2 via ISP1. It gets to the destination but when it is routed back it comes in via ISP2 but the link to ISP2 is down so the packet will be dropped ?

How are you proposing to handle that ?

Jon

Re: cisco bgp multihoming 2 upstream -> expert question <-

excatly ... i'd thinking to use localpreference in advertising classes ..

like this example

http://blog.ipexpert.com/2012/02/08/multi-homed-bgp-and-policy-based-routing/

do you think will it work ?

660
Views
0
Helpful
21
Replies