Solved: Hi,Just with BGP it is not

Artem Volkov · ‎09-22-2014

Hi friends. Need your help.

I have a lot of branches, whitch connects to HQ via IBGP. All traffic goes throught main link. I need to change this traffic flow:

1) In normal (two links work). All vlans work throught main link, but vlan 300 work throught backup link.

2) When main link goes down, all vlans must flow throught backup link and traffic of vlan 300 must be dropped (don't go to HQ).

Can i do this only using IBGP without tracking?

Sry for my English.

Regards.

Artem.

Joseph Nelson · ‎09-22-2014

Edit: Not fully-baked solution yet. I will re-post later.

To be brief however, there are ways to do it in iBGP but they are configuration intensive and won't scale especially if you have lots of branch sites. The best solution would be to implement your policy at the branch:

Setup IP SLA probe + track to ping ASR1 interface
Setup a static route for whatever VLAN300 hosts are talking to in your HQ. This router should have next-hop ASR2; track the object created in Step 1 (i.e. ip route x.x.x.x <mask> ASR2 track x)
Setup a policy-route, apply to VLAN300 interface. Set your policy route to "set ip default interface null0"

In this way, if path through ASR1 fails, the rest of the traffic fails over to backup link via iBGP connection. When the IP SLA fails, the more specific static route in Step 2 get's removed. With no explicit route, the policy-route send traffic from VLAN300 to null0.

I can provide some config example if you like.

Rate if helpful...

View solution in original post

Akash Agrawal · ‎09-22-2014

Hi,

Just with BGP it is not possible and through BGP (or any routing protocol) we can do destination based routing but your requirement is different routing based on source. For sourcebased routing we have PBR (policy based routing).

http://www.cisco.com/c/en/us/td/docs/ios/12_2/qos/configuration/guide/fqos_c/qcfpbr.html

Regards,

Akash

Joseph Nelson · ‎09-22-2014

Edit: Not fully-baked solution yet. I will re-post later.

To be brief however, there are ways to do it in iBGP but they are configuration intensive and won't scale especially if you have lots of branch sites. The best solution would be to implement your policy at the branch:

Setup IP SLA probe + track to ping ASR1 interface
Setup a static route for whatever VLAN300 hosts are talking to in your HQ. This router should have next-hop ASR2; track the object created in Step 1 (i.e. ip route x.x.x.x <mask> ASR2 track x)
Setup a policy-route, apply to VLAN300 interface. Set your policy route to "set ip default interface null0"

In this way, if path through ASR1 fails, the rest of the traffic fails over to backup link via iBGP connection. When the IP SLA fails, the more specific static route in Step 2 get's removed. With no explicit route, the policy-route send traffic from VLAN300 to null0.

I can provide some config example if you like.

Rate if helpful...

Joseph Nelson · ‎09-23-2014

Artem,

Did you find that information useful at all?

Artem Volkov · ‎09-24-2014

Thanks , Joseph. And what about vlan 300 traffic, whitch will back from ASR in your solution? Whitch path it selects?

I am affraid that it will go throught backup link, but will back throught main link.

Joseph Nelson · ‎09-24-2014

I'm sorry Artem, can your restate your question?

The failover should work in the way I specified. The trick is that in the policy-route, you say "if I don't have an explicit route ( default route doesn't count) in my routing table, I will null-route this destination."

This is the theory at least. I can provide a config example but I don't have the equipment to test with.

IBGP switch vlan traffic