Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Is my BGP configuration on switch alright to detect failure on Routers?

Hi, imagine that on my RemoteSite, I have RouterB->Internet

and RouterC->Internet. A CAT_3750 switch is connected to

both routers on that site. In case traffic stops flowing from RouterB,

I want to make the CAT_3750 pick the path via RouterC instead.

Below is the the configuration I came up with on the CAT_3750 switch. My question is, is this sufficient to establish the CAT_3750 as a peer to RouterB and RouterC and accomplish the failover? I am kind of unsure on whether I have

somehow to declare the neighbor command to include 'remote-as 101', 'remote-as 126' (those are AS known to the RouterB doing eBGP) so that the CAT_3750 can learn those routes as well. Is that necessary? Sorry if this is a stupid question.

Thanks for your kind insight.

CAT_3750#show run

(...)

router bgp 116

neighbor 10.8.202.14 remote-as 116

neighbor 10.8.202.16 remote-as 116

neighbor 10.8.202.14 route-map SELECT_WAN

route-map SELECT_WAN

set local-preference 200

(...)

Here is my lab relevant BGP configuration for both Routers, RouterB and RouterC, the ones connected to the Internet and currently doing eBGP:

RouterB#show run

(...)

router bgp 116

no synchronization

bgp router-id 10.8.202.14

bgp log-neighbor-changes

network 60.69.44.136 mask 255.255.255.240

network 10.8.202.14 mask 255.255.255.255

network 10.8.77.0 mask 255.255.255.248

network 10.8.77.56 mask 255.255.255.248

neighbor 60.69.44.137 remote-as 116

neighbor 60.69.44.137 description SITEVPN

neighbor 10.8.77.1 remote-as 101

neighbor 10.8.77.1 description Router1

neighbor 10.8.77.1 update-source Tunnel0

neighbor 10.8.77.1 route-map FROM_MYVPN in

neighbor 10.8.77.58 remote-as 126

neighbor 10.8.77.58 description SITE2VPN

neighbor 10.8.77.58 update-source Tunnel1

neighbor 10.8.77.58 route-map FROM_MYVPN in

no auto-summary

(...)

RouterC#show run

(...)

!

router bgp 116

no synchronization

bgp router-id 10.8.202.16

bgp log-neighbor-changes

network 60.69.40.0 mask 255.255.248.0

network 60.69.34.28 mask 255.255.255.248

network 60.69.34.136 mask 255.255.255.240

network 10.8.202.16 mask 255.255.255.255

network 10.8.77.28 mask 255.255.255.248

neighbor 60.69.34.29 remote-as 101

neighbor 60.69.34.29 route-map MYWAN in

neighbor 60.69.34.139 remote-as 116

neighbor 10.8.77.29 remote-as 101

neighbor 10.8.77.29 ebgp-multihop 2

neighbor 10.8.77.29 update-source Tunnel3

no auto-summary

!

(...)

2 ACCEPTED SOLUTIONS

Accepted Solutions

Re: Is my BGP configuration on switch alright to detect failure

Hi,

A question is a question, there is nothing called stupid question :)

If all that you require is that 3750 uses router B as the main and router C as the backup, then setting the local preference in the way you did shall take care of that.

Since the 3750 has an iBGP with B and C it will learn the eBGP routes from them via iBGP, and thus no need to have eBGP on it.

As for the iBGP sessions, just make sure that you have the update-source configured right if you are not peering with the direct connected interfaces.

HTH, please do rate all helpful replies,

Mohammed Mahmoud.

Re: Is my BGP configuration on switch alright to detect failure

Hi Marlon,

You got it right on the 3750, but shouldn't you do the same on B and C (update-source loopback0 in front of the 3750, since you are peering with their loopbacks), practically speaking the session will come up if only one side is configured with update source correct, but as a best practice you should do it when ever you are peering using the loopbacks.

NOTE: Using the update source loopback on a router allow the local internal BGP sessions to use the loopback interface for the BGP TCP connections.

HTH, please do rate all helpful replies,

Mohammed Mahmoud.

3 REPLIES

Re: Is my BGP configuration on switch alright to detect failure

Hi,

A question is a question, there is nothing called stupid question :)

If all that you require is that 3750 uses router B as the main and router C as the backup, then setting the local preference in the way you did shall take care of that.

Since the 3750 has an iBGP with B and C it will learn the eBGP routes from them via iBGP, and thus no need to have eBGP on it.

As for the iBGP sessions, just make sure that you have the update-source configured right if you are not peering with the direct connected interfaces.

HTH, please do rate all helpful replies,

Mohammed Mahmoud.

New Member

Re: Is my BGP configuration on switch alright to detect failure

You rule! Since the bgp neighbor ip 10.8.202.14 and 10.8.202.16 are the respective loopback0 interfaces of RoutersB and RouterC, I understand I should include the update-source command in the CAT_3750 then.

CAT_3750#show run

(...)

router bgp 116

neighbor 10.8.202.14 remote-as 116

neighbor 10.8.202.14 update-source looback0 (this is the loopback0 of the RouterB)

neighbor 10.8.202.16 remote-as 116

neighbor 10.8.202.16 update-source looback0 (this is the loopback0 of the RouterC)

neighbor 10.8.202.14 route-map SELECT_WAN

route-map SELECT_WAN

set local-preference 200

(...)

Here is my lab relevant BGP configuration for both Routers, RouterB and RouterC, the ones connected to the Internet and currently doing eBGP:

RouterB#show run

(...)

router bgp 116

no synchronization

bgp router-id 10.8.202.14

bgp log-neighbor-changes

network 60.69.44.136 mask 255.255.255.240

network 10.8.202.14 mask 255.255.255.255

network 10.8.77.0 mask 255.255.255.248

network 10.8.77.56 mask 255.255.255.248

neighbor 60.69.44.137 remote-as 116

neighbor 60.69.44.137 description SITEVPN

neighbor 10.8.77.1 remote-as 101

neighbor 10.8.77.1 description Router1

neighbor 10.8.77.1 update-source Tunnel0

neighbor 10.8.77.1 route-map FROM_MYVPN in

neighbor 10.8.77.58 remote-as 126

neighbor 10.8.77.58 description SITE2VPN

neighbor 10.8.77.58 update-source Tunnel1

neighbor 10.8.77.58 route-map FROM_MYVPN in

no auto-summary

(...)

RouterC#show run

(...)

!

router bgp 116

no synchronization

bgp router-id 10.8.202.16

bgp log-neighbor-changes

network 60.69.40.0 mask 255.255.248.0

network 60.69.34.28 mask 255.255.255.248

network 60.69.34.136 mask 255.255.255.240

network 10.8.202.16 mask 255.255.255.255

network 10.8.77.28 mask 255.255.255.248

neighbor 60.69.34.29 remote-as 101

neighbor 60.69.34.29 route-map MYWAN in

neighbor 60.69.34.139 remote-as 116

neighbor 10.8.77.29 remote-as 101

neighbor 10.8.77.29 ebgp-multihop 2

neighbor 10.8.77.29 update-source Tunnel3

no auto-summary

!

(...)

Re: Is my BGP configuration on switch alright to detect failure

Hi Marlon,

You got it right on the 3750, but shouldn't you do the same on B and C (update-source loopback0 in front of the 3750, since you are peering with their loopbacks), practically speaking the session will come up if only one side is configured with update source correct, but as a best practice you should do it when ever you are peering using the loopbacks.

NOTE: Using the update source loopback on a router allow the local internal BGP sessions to use the loopback interface for the BGP TCP connections.

HTH, please do rate all helpful replies,

Mohammed Mahmoud.

193
Views
0
Helpful
3
Replies