Solved: Re: Multihoming BGP and static route - Page 2

gasparmenendez · ‎10-03-2017

Hi friends,

I'm using 2 ISPs (ISP-A and ISP-B), have my own block of public IP addresses (170.X.X.0/22) and my ASN (26XX25). I'm using a Cisco ASR1001-X Router. Besides, I have a BGP session established with ISP-B and ISP-A is using default route (in a few days I should have BGP with this ISP too). I need to make ISP-B my primary provider and pass all my traffic through it, but right now all my traffic is through ISP-A, even when I have in my ASR a static route to ISP-B: ip route 0.0.0.0 0.0.0.0 187.X.X.112, where 187.X.X.112 is the gateway for ISP-B. A couple days ago ISP-A went down and I losted internet access, even when my ISP-B were up. Is it possible what I want to do?? Can anybody help me please?? Thanks in advance.

paul driver · ‎10-05-2017

Hello

It looks like you only have 1 bgp neigbour but you state two ISP's - Is this correct?

Andyou are pointing all your egress traffic to an next hop (ISPB) that isnt running any dyanmic routing?

res
Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Richard Burts · ‎10-05-2017

The original post is quite clear about having his own address space."have my own block of public IP addresses (170.X.X.0/22) ". That is why I suggested the network statement and ip route that I did.

Paul

The original post and some of the responses in this discussion have established that there are two ISP and that only one ISP is currently running BGP. It also says that they hope to be running BGP with the second ISP soon. But for now the environment is two ISP and BGP with only one of them.

It is not clearly stated how ISP A is working. But it seems logical to assume that ISP A has a static route forwarding traffic to the customer network. And that ISP A is advertising that network to the Internet. Gaspar - can you verify that this is the case?

You can use the command show ip bgp neighbor advertised-route to see if you are now advertising your network to ISP B. And you might check with them and ask if they have policy that will accept that route advertised from you.

It is possible that you are advertising your network to ISP B and yet traffic from Internet to you comes through ISP A. But before we try to figure that out we need to be sure that you are advertising your network to ISP B and that they are advertising that network to the Internet.

HTH

Rick

HTH

Rick

gasparmenendez · ‎10-05-2017

you're right my friend, I'm using 2 ISP's but have only 1 BGP neigbour (ISP-B), but, I'm pointing all my egress traffic to an next hop (ISPB) that IS running dyanmic routing....(ISP-A is the one with static route),

so I keep asking my question wich nobody had answered yet: with this configuration (or modifying it) can I access to internet (obviously through ISP-B) if my ISP-A goes down???

thanks.

Meheretab Mengistu · ‎10-05-2017

so I keep asking my question wich nobody had answered yet: with this configuration (or modifying it) can I access to internet (obviously through ISP-B) if my ISP-A goes down???

Answer:- Yes, you can have access to the Internet if ISP-A goes down as far as your network is advertised through ISP-B (as suggested by Rick). From the information we have so far, it seems to me that your network is advertised through ISP-A only. As you can see from your previous post, you can send traffic through ISP-B; however, the returning traffic is coming through ISP-A.

Could you verify that your network is also advertised to ISP-B ('show ip bgp neighbor advertised-route' as requested by Rick)?

HTH,
Meheretab

HTH,
Meheretab

gasparmenendez · ‎10-05-2017

ok, I'm getting this:

Contencion1001-X#sh ip bgp neighbors 187.X.X.112 advertised-routes

Total number of prefixes 0
Contencion1001-X#

but I have this configuration:

router bgp 26XX25
bgp router-id 187.X.X.113
bgp log-neighbor-changes
network 170.X.X.0 mask 255.255.252.0
neighbor 187.X.X.112 remote-as 13XX9
neighbor 187.X.X.112 password 7 000150271
neighbor 187.X.X.112 soft-reconfiguration inbound

so I think I'm advertising my network to ISP-B....or I'am not????

Richard Burts · ‎10-05-2017

Gaspar

I am surprised that this is not working. Is it possible that the network statement does not exactly match the entry in the routing table? Could you post the output of show ip route?

It would also be helpful if you would check with ISP B and ask if they have configured policy on what routes they will accept?

HTH

Rick

HTH

Rick

gasparmenendez · ‎10-05-2017

here it is:

Contencion1001-X#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       a - application route
       + - replicated route, % - next hop override, p - overrides from PfR

Gateway of last resort is 208.X.X.181 to network 0.0.0.0

S*    0.0.0.0/0 [1/0] via 208.X.X.181
      10.0.0.0/8 is variably subnetted, 26 subnets, 3 masks
C        10.147.20.0/30 is directly connected, GigabitEthernet0/0/4.148
L        10.147.20.1/32 is directly connected, GigabitEthernet0/0/4.148
C        10.147.21.0/30 is directly connected, GigabitEthernet0/0/4.156
L        10.147.21.1/32 is directly connected, GigabitEthernet0/0/4.156
C        10.147.22.0/30 is directly connected, GigabitEthernet0/0/4.32
L        10.147.22.1/32 is directly connected, GigabitEthernet0/0/4.32
C        10.147.24.0/30 is directly connected, GigabitEthernet0/0/4.24
L        10.147.24.1/32 is directly connected, GigabitEthernet0/0/4.24
C        10.147.25.0/30 is directly connected, GigabitEthernet0/0/4.25
L        10.147.25.1/32 is directly connected, GigabitEthernet0/0/4.25
C        10.147.26.0/30 is directly connected, GigabitEthernet0/0/4.26
L        10.147.26.1/32 is directly connected, GigabitEthernet0/0/4.26
C        10.147.27.0/30 is directly connected, GigabitEthernet0/0/4.27
L        10.147.27.1/32 is directly connected, GigabitEthernet0/0/4.27
C        10.147.28.0/30 is directly connected, GigabitEthernet0/0/4.28
L        10.147.28.1/32 is directly connected, GigabitEthernet0/0/4.28
C        10.147.29.0/30 is directly connected, GigabitEthernet0/0/4.29
L        10.147.29.1/32 is directly connected, GigabitEthernet0/0/4.29
C        10.147.31.0/29 is directly connected, GigabitEthernet0/0/4.31
L        10.147.31.1/32 is directly connected, GigabitEthernet0/0/4.31
C        10.147.89.0/30 is directly connected, GigabitEthernet0/0/4.89
L        10.147.89.1/32 is directly connected, GigabitEthernet0/0/4.89
C        10.147.197.0/29 is directly connected, GigabitEthernet0/0/4.97
L        10.147.197.1/32 is directly connected, GigabitEthernet0/0/4.97
C        10.170.18.0/30 is directly connected, GigabitEthernet0/0/4.47
L        10.170.18.1/32 is directly connected, GigabitEthernet0/0/4.47
      170.X.0.0/16 is variably subnetted, 31 subnets, 4 masks
C        170.X.X.0/28 is directly connected, TenGigabitEthernet0/1/0
L        170.X.X.1/32 is directly connected, TenGigabitEthernet0/1/0
S        170.X.X.16/28 [1/0] via 170.X.X.2
C        170.X.X.32/29 is directly connected, GigabitEthernet0/0/1
L        170.X.X.33/32 is directly connected, GigabitEthernet0/0/1
C        170.X.X.40/29 is directly connected, GigabitEthernet0/0/2
L        170.X.X.41/32 is directly connected, GigabitEthernet0/0/2
S        170.X.X.48/28 [1/0] via 10.170.18.2
C        170.X.X.64/30 is directly connected, GigabitEthernet0/0/4.65
L        170.X.X.65/32 is directly connected, GigabitEthernet0/0/4.65
C        170.X.X.68/30 is directly connected, GigabitEthernet0/0/4.69
L        170.X.X.69/32 is directly connected, GigabitEthernet0/0/4.69
C        170.X.X.72/30 is directly connected, GigabitEthernet0/0/4.44
L        170.X.X.73/32 is directly connected, GigabitEthernet0/0/4.44
S        170.X.X.80/28 [1/0] via 170.X.X.2
C        170.X.X.96/30 is directly connected, GigabitEthernet0/0/4.20
L        170.X.X.97/32 is directly connected, GigabitEthernet0/0/4.20
S        170.X.X.100/30 [1/0] via 10.147.24.2
S        170.X.X.108/30 [1/0] via 10.147.89.2
S        170.X.X.112/30 [1/0] via 10.147.21.2
S        170.X.X.116/30 [1/0] via 10.147.197.2
S        170.X.X.120/30 [1/0] via 10.147.27.2
S        170.X.X.124/30 [1/0] via 10.147.29.2
S        170.X.X.128/30 [1/0] via 10.147.26.2
S        170.X.X.132/30 [1/0] via 10.147.28.2
S        170.X.X.136/30 [1/0] via 10.147.25.2
C        170.X.X.140/30 is directly connected, GigabitEthernet0/0/4.75
L        170.X.X.141/32 is directly connected, GigabitEthernet0/0/4.75
S        170.X.X.144/30 [1/0] via 10.147.20.2
S        170.X.X.148/30 [1/0] via 10.147.31.2
S        170.X.X.152/29 [1/0] via 10.147.22.2
      187.X.0.0/16 is variably subnetted, 2 subnets, 2 masks
C        187.X.X.112/31 is directly connected, TenGigabitEthernet0/0/1
L        187.X.X.113/32 is directly connected, TenGigabitEthernet0/0/1
      208.X.X.0/24 is variably subnetted, 2 subnets, 2 masks
C        208.X.X.180/30 is directly connected, TenGigabitEthernet0/0/0
L        208.X.X.182/32 is directly connected, TenGigabitEthernet0/0/0
Contencion1001-X#

Meheretab Mengistu · ‎10-05-2017

I do not see your network advertised to your neighbor. You can not advertise a network if you do not have it in your routing table. Do you have the network 170.X.X.0/22 in your routing table? Could you share the output of 'sh ip route | inc 172.X.X.0' ?

HTH,
Meheretab

gasparmenendez · ‎10-05-2017

sh ip route already posted a moment ago....but here it is:

Contencion1001-X#sh ip route | i 170.X.X.0
C 170.X.X.0/28 is directly connected, TenGigabitEthernet0/1/0

thanks.

Meheretab Mengistu · ‎10-05-2017

I see that you did not add the static route 'ip route 170.X.X.0 255.255.252.0 Null0', which was suggested by Rick earlier. Please add it, and let us know the output of the following commands:
sh ip route | i 170.X.X.0
sh ip bgp neighbors 187.X.X.112 advertised-routes

HTH,
Meheretab

gasparmenendez · ‎10-05-2017

i added that route yesterday but as I see no success I removed, but now I added again and this is what I'm getting:

Contencion1001-X#sh ip route | i 170.X.X.0
S        170.X.X.0/22 is directly connected, Null0
C        170.X.X.0/28 is directly connected, TenGigabitEthernet0/1/0
Contencion1001-X#
and:
Contencion1001-X#sh ip bgp neighbors 187.X.X.112 advertised-routes
BGP table version is 3, local router ID is 187.X.X.113
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
*> 170.X.X.0/22 0.0.0.0                  0         32768 i

Meheretab Mengistu · ‎10-05-2017

The main reason we are asking you to add the route to Null0 is that BGP advertises networks as far as it gets exact match in the routing table.

I assumed you have the whole block of 172.X.X.0/22. Otherwise, it will cause a black-hole and may be rejected by the ISP.

Run your test one more time when it is convenient for you. You need to add the following two routes, which I believe you have removed:
ip route 0.0.0.0 0.0.0.0 187.X.X.112
ip route 0.0.0.0 0.0.0.0 208.X.X.181 10

If it still goes through ISP-A, you will need to contact ISP-B to check their policy on what routes they will accept.

HTH,
Meheretab

HTH,
Meheretab

gasparmenendez · ‎10-05-2017

already done the changes but still the same, only outgoing traffic is through ISP-B....all incoming keeps through ISP-A. I'll talk to ISP-B...keep you posted!!

thanks.

Richard Burts · ‎10-05-2017

Gaspar

We are making progress. Now we see that you are advertising your network to ISP B.Now there is a question about whether ISP B is advertising your network to the Internet. Can you ask them about that?

At this point your BGP appears to be doing what it should. An output shown in an earlier part of this thread shows that you are learning 1 route from ISP B. I assume that this would be a default route. Now you are advertising your network to ISP B. Learning a default route from ISP B and advertising your network to them is what you want BGP to do.

And at some point you want BGP to do the same things with ISP A. When that happens we can be fairly confident that you will have failover (and failback) working so that if one ISP goes down that your network will continue to operate using the surviving ISP.

You have asked this question a few times "can I access to internet (obviously through ISP-B) if my ISP-A goes down??? " That will be easy to answer when both ISP are using BGP. But it is complicated when one ISP uses BGP and the other ISP is using static routes. There are at least two things that make this complicated:

1) ISP A seems to be advertising your network to the Internet. What happens to that advertisement if ISP A stops working? If the link from you to ISP A stops working would ISP A stop advertising your network? If ISP continues to advertise your network to the Internet but can not forward traffic to you then your failover will not work. (note that this issue is resolved when both ISP are using BGP)

2) You have a static route for outbound traffic (which currently sends traffic through ISP B). What would happen if that link stopped working (or if the router at ISP B stopped working)? The usual way to handle this is to implement IP SLA to track the static route and to remove it from the routing table if the next hop is no longer reachable. Note that you have a similar issue if you have a backup static route to the other ISP. Note that this issue is resolved when both ISP are using BGP.

So perhaps there is a questin about how quickly you are likely to get BGP running with ISP A. And perhaps a question about whether it is worth much effort to fix failover in the current environment (with ISP A using static) if you will soon be able to use BGP for both ISP.

HTH

Rick

HTH

Rick

gasparmenendez · ‎10-05-2017

excellent answer Rick!! crystal clear...like you can see I am advertising my network to ISP B, they're just providing transit, I just talked to them. About BGP, I want to use load-sharing, so I'm going to ask to ISP A to move fast with my request, but I think I need to ask to ISP A just for transit, same as ISP B, right??