Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

HSRP with running session BGP

HI All !

I prepare to add extra one router as a router redundancy (so far it was not - and I have ruled out the possibility of failure if they broke this one)
 

Currently I have a Cisco 3825, Cisco 3845 I will add - both routers are / will be edge routers which run is / will be BGP session

At the moment the Cisco 3825 has run a BGP session. Routes BGP router receives from ISP

After the changes and added new router I wants my topology diagram looks like this:

topology

I use this tutorial: www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/13768-hsrp-bgp.html

 
 
 

I have done almost the same configuration except that on the Cisco website (see link above), there are two operators but me there is only one but I have two different IP

Now I have a question. If I configure it this way:

R1:

interface Ethernet0
ip address 5.5.5.2 255.255.255.252

interface Ethernet1
ip address 195.0.100.2 255.255.255.192
standby 1 priority 105
standby 1 preempt delay minimum 60
standby 1 ip 195.0.100.4
!
router bgp 100
no synchronization
network 195.0.100.0
neighbor 195.0.100.3 remote-as 100
neighbor 195.0.100.3 next-hop-self
neighbor 5.5.5.1 remote-as 300
no auto-summary
!




R2:

interface Ethernet0
ip address 4.4.4.2 255.255.255.252

interface Ethernet1
ip address 195.0.100.3 255.255.255.192
standby 1 priority 100
standby 1 preempt
standby 1 ip 195.0.100.4
!
!
router bgp 100
no synchronization
network 195.0.100.0
neighbor 195.0.100.2 remote-as 100
neighbor 195.0.100.2 next-hop-self
neighbor 4.4.4.1 remote-as 300
neighbor 4.4.4.1 route-map foo out

no auto-summary
!
access-list 1 permit 195.0.100.0
route-map foo permit 10
match ip address 1
set as-path prepend 100

end

 

Before public area LAN I have private area LAN

If this configuration above work properly or I must some change in this configuration ? Mayby ISP give me another his AS number in BGP ? Anybody can help me ?

Everyone's tags (1)
7 REPLIES
Hall of Fame Super Gold

I believe that what you have

I believe that what you have configured will work (sort of) but has several issues that you might want to address.

- it is certainly possible that the ISP will specify a different AS number and that is an easy change.

- what you are doing uses HSRP to control which router is used for outbound traffic. If there is a problem on Ether1 of R1 then R2 becomes the HSRP active router and sends traffic. But you are prepending the BGP advertisement from R2 so the ISP will continue to send traffic to R1.

- You have not told us much about R4 but configuring HSRP suggests that R4 will just forward traffic to the HSRP virtual address. You might want to think about running a dynamic routing protocol between R1, R2, and R4. You are already running IBGP between R1 and R2 so it would be easy to configure Local Preference in R1 so that it is the preferred router for routes learned from the ISP and R2 becomes the backup. Then if there is a dynamic routing protocol between R1, R2, and R4 it will allow R4 to determine whether it should forward to R1 or to R2.

 

HTH

 

Rick

Community Member

Hi Richard,Unfortunately, ISP

Hi Richard,

Unfortunately, ISP designate only one for me his AS number

I want to do uses HSRP to control which router is used for outbound traffic and it is that you write:If there is a problem on Ether1 of R1 then R2 becomes the HSRP active router and sends traffic. But first of all I want to secure my network when R1 will broken then R2 can send traffic to ISP

I would like to R2 will be backup router for router R1 (similarly in firewall ASA's failover)

 

Also for the router R4 gateway is virtual IP address (R4 is Cisco ASA)


Router R4 is only gateway for the private LAN network before this router and yes, R4 will just forward traffic to the HSRP virtual address.
Also you have good idea about dynamic routing protocol. How can I configure Local preference in R1?

Thank you in advance.

Best regards,
Bartek

Hi, generally, your

Hi,

 

generally, your configuration should work.

But it could be improved a little:

a) If the BGP session to your ISP failes on R1, R1 will still remain Active within HSRP.

The outgoing traffic from your LAN will be sent to R1, then forwarded to R2 (following iBGP routes) and finally forwarded from R2 to the ISP.

So it might be worth to configure some track on R1 to decrease the HSRP priority in a case the eBGP session fails?

 

b) Are your routers connected to the same ISP router or different ones?

In the later case it might be worth to play a little with BGP attributes to make sure R1 is used as the input/ouput gateway for all your traffic (I suppose this is your target)?

Don't forget different ISP routers could receive the same prefix with different attributes.

 

Best regards,

Milan

 

 

 

Community Member

Hi Milan,First of all I would

Hi Milan,

First of all I would like to thanks for your reply.

a) It's good idea! So i add one line in R1:
standy 1 track Fa0/0 (Fa0/0 it's link to ISP R3 IP: 5.5.5.1)

b) My routers (R1 and R2) are connected to the same ISP router (in this case it is AS 300)

Once again you have right, R4 is gateway for LAN network. R4 direct all traffic to R1 (or R2 if R1 is standby) then R1 send packets to ISP

So What solution do you propose about play a little with BGP attributes?

Best regards,
Bartek

Hi,ad a) Possibly some more

Hi,

ad a) Possibly some more gentle tracking would be worth (like some remote IP reachable)? As the interface can be Up but the BGP session Down?

 

ad b) I might have not been clear enough here:

Are both your lines terminated on the same router on the provider side?

Or different routers (same ISP)?

If different routers, I'd think about prepending your AS number more than once when advertising your prefixes from the secondary router.

And configuring better Local Preference on prefixes received via eBGP on your primary router, e.g.

 

Best regards,

Milan

Community Member

Hi,ad a) Main goal is

Hi,

ad a) Main goal is eliminated weak point in my Network - in this scenerio is R1 because in case when R1 broke then my LAN network don't work, don't have access to the Internet so I decide to add new router (in this scenerio is router R2) - it is similiar to situation in Cisco ASA- In this devices we can configure failover.

Answered on your point - You suggest that use standby track Fa0/0 it is not good idea? If I will use some remote IP reachable in my opinion it not work how we want because all traffic is forwarded to ISP router (it is one devices from ISP side) For example:

top

So if R2 will become main router in my network I still don't have access to the Internet - but we do not need to worry about this because this is not my issue

 

I only secure my network if R1 broken then R2 become main router.

Mayby we can track internal interface on router R1 (R1 --> switch SW1) ?

 

Answer 2 on your question : Are both your lines terminated on the same router on the provider side? - YES EXACTLY, both lines are terminated on the same router ISP (it is one device)

 

Best regards,

Bartek

Hi Bartek,I don't say 

Hi Bartek,

I don't say  standby track Fa0/0 it is not good idea.
But it might fail in some scenarios:
Just imagine the BGP session fails for some reason but your Fa0/0 interface remains Up?

IMHO, in your topology the best way would be to configure some track pinging some loopback address on the ISP router advertised by BGP to you.
You can block this particular prefix on your iBGP session on R1.
 So in that case you would recieve this prefix only via eBGP from yyur ISP.
In a case the eBGP session would fail on R1, the track would decrease its HSRP priority and R2 would become Active in HSRP, i.e., it would take the default GW role.

So all you need for such a solution is an agreement with your ISO he will advertise some loopback IP to you.

Does it make a sense?

Best regards,
Milan

1074
Views
0
Helpful
7
Replies
CreatePlease to create content