cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4739
Views
0
Helpful
15
Replies

Load Sharing Multihomed to Two ISPs Through Multiple Local Routers

vinodjad1234
Level 2
Level 2

Hi,

I am new in BGP configuration field. I have two ISP's which are terminated to my two routers. and two ISP are connected to ISP C. I have one AS number in my LAN . I am looking for loadsharing and if router A is connected to ISP A ... and router B is connected to ISP B. I want to have load sharing with one subnet to go via router A and other subnet to go via router B.

I have no clear picture about BGP configuration ............ how to achieve it ............?

According to my knowledge , I can configure the two static route with floating option. and divide the traffic flow but to reach ISP C. i want to understand how to achieve it with help of BGP?

Diagram is attached ...

Please suggest me ..................

15 Replies 15

Laurent Aubert
Cisco Employee
Cisco Employee

Hi,

The best way to loadshare in your case is to have a third router behind A and B. This router will have two default route received from A and B (via any IGP). A and B will receive from this router your local subnets.

This way your traffic sent to the Internet will be CEF load-balanced based on the source and destination IP addresses of the packet.

You can't do it via BGP as you can't load-balance between an eBGP and iBGP route (except in MPLS-VPN world)

HTH

Laurent.

james.mirtsis
Level 1
Level 1

Hi,

   Sorry but I couldn't open your topology diagram, but I am thinking there has to be an easier way to acheive this than to buy another router. Are you running an IGP between your two routers? Could you possibly use a route map? How is your LAN connected to these 2 routers and how are the routers configured?

Hi,

I have attached diagram since you are not able to open the existing diagram.

Behind Router 1 ( Existing name A ) and Router 2 ( Exsiting name B ) , I have firewall which is clustered and got one virtual IP address.

I have two subnets with 1.1.1.0/ 24 and 2.2.2.0 /24.( Just example )

I have attached the actual set-up diagram.

As Mr. Ashok has mentioned earlier that I will be getting the partial routing updates from ISP side so that I can apply Local preferance but unfortunately I am getting only default route from ISP side.

Expected output :

1 ) Outbound traffic --

*  Traffic that is coming from 1.1.1.0 /24 subnet that should go ISP A  ( Inside LAN Set up router - AS 400  ) ROUTER 1 ----- ISP A Link

* Traffic that is coming from 2.2.2.0 /24 subnet that should go ISP B(   Inside LAN Set up router - AS 400  ) ROUTER 2 ------ ISP B link

* If Router 1 ----- ISP A link fails , all traffic should go through the ROUTER 2 ------ ISP B link and vice versa

2) Inbound traffic ---

* Traffic that is destined for 1.1.1.0 / 24 from internet should come from ISP A Link ----- Router 1

* Traffic that is destined for 2.2.2.0 / 24 from internet should come from ISP B link ------ Router 2

* If one ISP fails , other ISP should route the traffic back to AS 100 from internet.

Sorry for such a big explanations ............... I would be appreciative if i could get proper solution for the same.

ashok_boin
Level 5
Level 5

Hi,

You can achieve load sharing (not perfect balance) by tuning BGP attributes as well.

You should be receiving full or partial routing tables from both ISPs through BGP. If yes, then you can apply higher local preference (like 200) for the networks 0-128 (first octet) and default preference (100) for remaining through ISP-A and vice versa for ISP-B. With this configuration, you can achieve load sharing (outbound traffic). You need to experiment with tuning the attributes for received routes to suit your business requirements. For eg: your organization may need to contact 2 customer networks through VPN (Internet) always. Then, you can fine tune BGP parameters specific to these networks.

Your inbound traffic can also be load balanced with AS Path prepend technique which has been popular but you need to have at least /24 subnets.

Hope it helps...

Regards...

-Ashok.


With best regards...
Ashok

Hi,

I have attached diagram since you are not able to open the existing diagram.

Behind  Router 1 ( Existing name A ) and Router 2 ( Exsiting name B ) , I have  firewall which is clustered and got one virtual IP address.

I have two subnets with 1.1.1.0/ 24 and 2.2.2.0 /24.( Just example )

I have attached the actual set-up diagram.

As  Mr. Ashok has mentioned earlier that I will be getting the partial  routing updates from ISP side so that I can apply Local preferance but  unfortunately I am getting only default route from ISP side.

Expected output :

1 ) Outbound traffic --

*   Traffic that is coming from 1.1.1.0 /24 subnet that should go ISP A  (  Inside LAN Set up router - AS 400  ) ROUTER 1 ----- ISP A Link

*  Traffic that is coming from 2.2.2.0 /24 subnet that should go ISP B(    Inside LAN Set up router - AS 400  ) ROUTER 2 ------ ISP B link

* If Router 1 ----- ISP A link fails , all traffic should go through the ROUTER 2 ------ ISP B link and vice versa

2) Inbound traffic ---

* Traffic that is destined for 1.1.1.0 / 24 from internet should come from ISP A Link ----- Router 1

* Traffic that is destined for 2.2.2.0 / 24 from internet should come from ISP B link ------ Router 2

* If one ISP fails , other ISP should route the traffic back to AS 100 from internet.

Sorry for such a big explanations ............... I would be appreciative if i could get proper solution for the same.

Thanks for the diagram Vinod and thanks for the explination, an in depth explination means that we can understand your requirements and give you the right solution.

Let's start with the BGP and influencing the traffic coming from the internet back into your network. I am asuming you already have BGP correctly configured and peering with your ISP and traffic is successfully being routed out of and back into your network and all you want to do now is manipulate how that trafffic flows. So:

For router 1, this will force traffic for 2.0.0.0 to prefer to come in through router 2

access-list [1-99] permit 2.0.0.0 0.0.0.255 (use a number 1-99 that isn't being used)

route-map Set_AS_Path permit 10
match ip address [access-list number you just used]
set as-path prepend 400 400 400


router bgp 400
neighbor x.x.x.x (isp a address) route-map Set_AS_Path out


For router 2 do exactly the same thing but change the network in the access-list to 1.0.0.0 and the neighbor address to isp b.

To influence traffic leaving your network there are a few ways to do this. The best way to do this will be dependant on your exact infrustructure between your firewalls and routers 1 & 2. Are the firewalls connected to both routers (diagram shows they are not)? Are the firewalls capable of trunking? I would suggest the use of sub interfaces on the LAN side of routers 1 & 2 and running HSRP on the 2 different sub interfaces, so that R1 is active for 1.0.0.0 and passive for 2.0.0.0 and R2 is the opposite. This way you have redundancy if on of your routers fails as well as if one of the ISP's fail, but this solution would require the firewalls to have physical connections to both routers. 

Hi,

Thanks for your reply.

After reading your information , I have understood about manipulating of BGP.

As you explained about incoming traffic , I have understood.

About outgoing traffic ( traffic leaving my network ) , I have not got still clear picture.

Actually if you see the diagram , Firewalls are directily connected to my router 1 & 2 respectively. and HSRP is already configured in routers as well as firewall also configured with VRRP.

what will be the best practice to configured or manipulate the BGP configuration for outgoing traffic. I have configured IBGP within my router 1 & 2.

Please suggest for the best solution for outgoing traffic.

Hi Vinod,

I presume you have configured 2 VRRP groups; one for each local subnet and configured the firewalls acordingly like below...

Firewall 1: VRRP Group 1: Active and default gw for Switch 1 (1.1.1.0/24)

Firewall 2: Another VRRP group 2, active and default gw for Switch 2 (2.2.2.0/24)

Then, configure R1 as default GW and floating default to R2 for FW1 (either static or dynamic) . Similar configuration for FW2 but R2 as the primary default GW.

I feel this should take care of your business requirement.

Regards...

-Ashok.


With best regards...
Ashok

You may have missed some details. 1.1.1.0 needs to go to ISP A and 2.2.2.0 needs to go to ISP B.  makeing R1 the default gateway would send all traffic to ISP A so that will not work.

Hi James,

I was talking about making R1 as default GW only for FW1 which is active for 1.1.1.0/24 and R2 as default GW for FW2 which is active for 2.2.2.0/24.

Am I missing any low level detail?

Regards..

-Ashok.


With best regards...
Ashok

Vinod,

         looking at your diagram if 1 firewall dies then the traffic on the switch connected to it has a single point of failure. I suggest you connect each switch to both firewalls. What is the default gateway for the hosts, the routers or the firewalls? You will need to run 2 instances of HSRP, one instance for each subnet. The default gateway for the hosts should be the virtual address of the HSRP group.

Router 1 will be active for subnet 1.1.1.0  and Router 2 will be the active router for subnet 2.2.2.0.

You also need to decide if 1 firewall will take the full load of traffic or if both will share the traffic. You do realise that if 1 router dies at the moment, going by your diagram traffic will either need to go through both firwalls or possibly even be blackholed if 1 firewall is the active firewall for all traffic? I also suggest you fully mesh these to avoid complex problems.

Hi James ,

Thanks for your reply and sharing your knowledge.

Actually looking at my query , I am more concern about routing ( outgong traffic ) which is leaving from network .... but not the design perspective....

Switch which has been connected behind firewall are not having single point of failure. It is l3 switch and both are internconnected and that is also configured with HSRP. so even one firewall goes down switch will forward traffic towards other switch and pass on other firewall.

Thanks for all to share the knowledge and giving me clear idea about BGP manipulation.

Please suggest me for routing that too perticular about outgoing traffic.

I have tested the incoming traffic by creating lab set-up with the help of AS-Prepend which has been shared in this query and it is working fine.


Sorry for inconvience about diagram which is not cleared with interconnection with L3 switch which is behind the firewall.

francisco_1
Level 7
Level 7

I have just been discussing a similar requirment like yours and what you are trying to achieve is a source-based routing and you can't do that with pure BGP. You'll need PBR.

A simple design i think that will work for you is Router A connected to ISP A, Router B to ISP B so both RA&RB have eBGP peering with ISPs and also both RA&RB also have iBGP peering with R C. Now RC is the gateway out to the internet and doing the source base PBR. This will work.

Francisco.

Let me know if you need a config sample so i can build it in the lab or you could try it your self

Francisco.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco