HSRP + BGP failover, how to kill Primary BGP?

Ok, so I'm working my lab on some neato things like HSRP + BGP. End goal is LAN & WAN redundancy with 100% bandwidth throughput during failure. This is all in the lab in preparation for a similar deployment with 4xUpstreams and 2x7206VXRs.

Please see the attached diagram.

The general gist is that I have two routers, 7204 (RTR_A) and a 3640 (RTR_B), that are running HSRP on the LAN side. HSRP on the LAN side works fine.

As suggested elsewhere on the Internet, both routers peer with both upstreams to provide Hot-BGP failover. Both upstreams are multiple-access/ethernet.

RTR_A has two BGP sessions on it that include default and three 10.x.x.x networks, working fine. RTR_A also announces a multitude of blocks out, all of which are nailed up by null0 routes, as they are comprised of a lot of misc. subnets that don't fill entire blocks.

RTR_B has the exact same setup, except that the outgoing announcements are AS-Prepended by 1 to make them less desirable than the primary. This effectively makes RTR_B a hot backup on the WAN side.

If I unplug RTR_A's LAN interface, HSRP does work and the LAN side fails over appropriately. The problem I have is that if RTR_A LAN interface goes down, the WAN interface + BGP sessions don't! All of the LAN traffic does go out RTR_B as it should, but the return traffic goes to RTR_A (remember, B is prepended), which then goes nowhere.

So basically, my question is this: in the case of RTR_A's LAN failure, is there a way to make it stop announcing the routes (either by turning off an interface, shutting down, killing BGP, anything) so that inbound traffic comes through RTR_B?

Unfortunately, I need the throughput of both upstream links (which is more like 4 in real life) when RTR_A:LAN fails - failing over to a single link is not an option, aka it must fail over to the exact same throughput&setup that RTR_A has by default.




Re: HSRP + BGP failover, how to kill Primary BGP?

There is a feature known as enhanced object tracking. You can use it by tracking any device on the LAN side. If the LAN side device fails, then the null0 routes are removed from the Primary RTRA (7204) and hence the BGP advertisements will stop. HSRP will anyways flap over to the Secondary router. I think this will work fine.

