Dual Home BGP Issue Some Websites Don't Seem to Load
I have a very perplexing issue. I am trying to get to a dual-homed configuration. Both my ISPs are working with BGP on separate routers. If I use only one or the other uniquely, the internet works, everything is good. When I activate both at once I see issues getting to certain websites, people attempting to login to our VPN can't seem to get to our VPN concentrator.
Here's my config in a nutshell
Full BGP tables from both providers (no default route)
1 block PI space
1 block ISP assigned but have permission to origin from my AS (Slowly IP renumbering to our PI space)
Both IP spaces have HSRP configured on their router interfaces (x.x.x.254 x.x.x.253 HSRP=x.x.x.1) (y.y.y.253, y.y.y.254 HSRP=y.y.y.1)
The tests I've been running are 3 fold
From my PI space (x.x.x.x) to www.as577.net
From my ISP assigned space (y.y.y.y) to www.as577.net
From my LAN behind a firewall NAT'd to an ISP assigned space (z.z.z.z) to www.as577.net
When using 1 ISP All three of these work.
When activating both ISPs and getting the tables and waiting a requisite amount of time (5 mins) to make sure everything converges I seem to have issues getting to some sites and not others. IE www.google.com works, but the site above does not.
I've tried wireshark from the client machines and I see the requests go out but not come back.
DNS seems ok as I've tried to do nslookup on the site in question and am using the google public DNS and it's responding back with IPs.
Just wondering if anyone might have any pointers as to other things I could check. Is there a reliable way to check if networks in my upstream are accepting my ISP assigned space from my AS?
Ended up that we had some Palo Alto Networks firewalls in between the provider router and ours. It was dropping asymmetric traffic with a rule rejecting non-SYN TCP traffic. Once the rule was removed everything worked fine.
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...