10-11-2010 11:53 PM - edited 03-04-2019 10:04 AM
I have 2 bgp routers multihomed to 2 diff isp both sending def route only. I have a ASA-FW behind the BGP routers. I setup bgp local pref and as-prepend so that symmetrical routing go to ISP#1. I currently have hsrp but would prefer to migrate to another solution for the following conditions:
1. ISP BGP session dies
2. line protocol on isp facing interface goes down
I was looking into GLBP but not sure if it would see condition #1. Also, not sure what are good timers for redirect but was thinking of 2sec interval with default 14,400 seconds timeout
R1-TO ISP#1
glbp 1 ip 10.1.2.1
glbp 1 timers 1 3
glbp 1 timers redirect ? ?
glbp 1 priority 110
glbp 1 preempt
glbp 1 weighting 110 lower 95 upper 105
glbp 1 weighting track 1 decrement 20
glbp 1 forwarder preempt delay minimum 2
track 1 interface f0/0 line-protocol
R2-TO ISP#2
glbp 1 ip 10.1.2.1
glbp 1 timers 1 3
glbp 1 timers redirect ? ?
glbp 1 priority 105
glbp 1 preempt
glbp 1 weighting 110 lower 95 upper 105
glbp 1 weighting track 1 decrement 20
glbp 1 forwarder preempt delay minimum 2
track 1 interface f0/0 line-protocol
10-12-2010 01:27 AM
aamercado wrote:
I have 2 bgp routers multihomed to 2 diff isp both sending def route only. I have a ASA-FW behind the BGP routers. I setup bgp local pref and as-prepend so that symmetrical routing go to ISP#1. I currently have hsrp but would prefer to migrate to another solution for the following conditions:
1. ISP BGP session dies
2. line protocol on isp facing interface goes down
I was looking into GLBP but not sure if it would see condition #1. Also, not sure what are good timers for redirect but was thinking of 2sec interval with default 14,400 seconds timeout
R1-TO ISP#1
glbp 1 ip 10.1.2.1
glbp 1 timers 1 3
glbp 1 timers redirect ? ?
glbp 1 priority 110
glbp 1 preempt
glbp 1 weighting 110 lower 95 upper 105
glbp 1 weighting track 1 decrement 20
glbp 1 forwarder preempt delay minimum 2track 1 interface f0/0 line-protocol
R2-TO ISP#2
glbp 1 ip 10.1.2.1
glbp 1 timers 1 3
glbp 1 timers redirect ? ?
glbp 1 priority 105
glbp 1 preempt
glbp 1 weighting 110 lower 95 upper 105
glbp 1 weighting track 1 decrement 20
glbp 1 forwarder preempt delay minimum 2track 1 interface f0/0 line-protocol
You can track interfaces with HSRP as well just in case you weren't aware.
Using GLBP in this scenario doesn't really give you anything as GLBP is primarily to do with load-balancing across multiple routers but you need different src mac--addresses for that and the src mac will always be the ASA.
If you want to failover if either the BGP session or the line protocol fail then the easisest thing to do would be to -
1) run EIGRP on your ASA
2) redistribute BGP default-route into EIGRP and use a metric so that ISP 1 is preferred.
that way if anything happens to the ISP1 router including if the link between the ISP router and the switch that connects to the ASA goes down, the ASA will then only be able to use the other default route.
If you are unhappy with running EIGRP on your firewall you could use the ASA to track the reachability of an IP destination and if it fails install a backup route to the ISP2 router.
Both ASA EIGRP support and route tracking are supported in version 8.x code.
Jon
10-12-2010 01:37 PM
I am running 8.0 on my ASA. I want something quick and easy so sounds like ASA track would be easier...got any sample configs for me to start out with?
thx
10-12-2010 01:43 PM
aamercado wrote:
I am running 8.0 on my ASA. I want something quick and easy so sounds like ASA track would be easier...got any sample configs for me to start out with?
thx
http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/ip.html#wp1090243
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: