Solved: Routing out primary ISP when HSRP link fails

Jeremy Gibbs · ‎10-01-2013

We have two Cisco ASRs, we have Level3 handing us our default route and Northland handing us our default route via BGP neighbor default-originate etc. If the link I Xex off were to go down, HSRP would send all traffic to the other router connected to Northland. Seeing as my gateway of last resort is being set via BGP to Northlands router, other than a static route with a higher priority, how would I forward traffic following my red arrow through our Northland router to our Level3's router, and out to the Internet.

John Blakley · ‎10-04-2013

Jeremy,

I reread your requirements and Robert has the solution that would work for you and is very easy to implement...unlike what I've put up here.

On NLand router, create an acl matching on the default route and then a route-map. Set the Level3 neighborship to a better local preference, and everything should work fine.

On the NLand router:

access-list 10 permit 0.0.0.0

route-map Default permit 10

match ip address 10

set local-pref 200

route-map Default permit 20

router bgp

neighbor route-map Default in

That's it...that's all you need to do. I'm not sure what I was thinking when I had done the other. The other still works on my box, but it's a lot more than is needed. You don't need any tracking or anything for this solution.

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

View solution in original post

John Blakley · ‎10-01-2013

There are a couple of ways that I can see. Do you have an ibgp connection between the two routers? If so, I would recommend playing with local pref. The problem with the static route on your northland router is that while the traffic will definitely go to the other router, you'll need to take into account the other internal subnets that the other router will need to route back to. For example, suppose you have 192.168.1.0/24 on the switch. The router on the right knows to get to that, use it's internal interface either by an igp or static route. If you tell the switch to send all default traffic to the router on the right, the router on the right can have a static route that will be there all of the time unless that router goes away, in which case the bgp learned route would be put into the table. This would work, but again, you now have to take into account the 192.168.1.0/24 route on the router on the right. It was sending directly to the switch, but now you have to tell it to send back to the router on the right and then the router on the right needs to know how to get it back to the switch.

Back to the ibgp connection. If you configure ibgp between the two routers, you can play with the local prefs in order to prefer routes and have them dynamically adjust for the paths that are needed. Sorry if this makes no sense...it's late

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

Jeremy Gibbs · ‎10-02-2013

Ok,

That makes sense. I have an iBGP neighbor setup between the two routers. What am I suppose to advertise to the "other" router. Here is a quick diagram of what I have setup so far in GNS3. If Level3 router and the switch loose it's connection (fiber unplug), everything routes out northland. But what do I need to advertise between the iBGP routers to allow myself to set up the local pref.

I blanked out some of the IPs as this represents a somewhat production setup (obviously without all the components).

Thanks

rfalconer.sffcu · ‎10-02-2013

Do you have any inbound route-maps applied to your L3 neighbor? Basically, you can just set the local preference to something more than 100 on the default route inbound from L3. With ibgp between your routers, the higher local pref will get to the Northland router and send the traffic toward the L3 router.

If the uplink to L3 goes down, that route goes away and the Northland route is installed.

John Blakley · ‎10-03-2013

Jeremy,

I believe the easiest way to do this is depending on the situation. There are 4 that I could think of:

1. Level3 Router LAN interface down - ibgp connection up, and Level3 WAN up

2. Level3 Router WAN down, Level3 Router LAN up and ibgp up.

3. Level3 Router ibgp connection down, WAN and LAN both up

4. Level3 Router dies completely

If all the planets are aligned right, and you're simply wanting to cover number 1, then you can use a static route on NLand router pointing it's default route to Lvl3 router. If that iBGP connection were to go down due to an interface (you could also solidify this with tracking the line protocol), then the bgp learned route from NLand ISP would be put in the routing table.

Number 3 wouldn't be an issue really since you're wanting to go that way anyway.

Number 4 wouldn't be an issue because the Nland router will take over for everything anyway.

Number 2 is going to be an issue if you go the static route on Nland router. Nland is still going to see the ibgp connection up (I'm assuming you're not using loopbacks for peering also which could change things). If Nland still thinks the connection is up, the static route will stay in the table and you're going to black hole traffic because the interface itself is down to the ISP.

There are a couple of options to work around that. You could advertise your WAN block in bgp on the L3 router and Nland would receive it. Then you could create a couple of tracked objects to track this route and track the ibgp connection. Then create an object list to track both of these on a static route. What should happen is that your static route pointing over the ibgp connection will stay in the table as long as both the WAN route and the ibgp link is up. If one of those go down, your bgp learned route from the Nland provider should get put in the table.

Something like the following:

Lvl3

router bgp

network wan block

Nland

track 1 ip route 172.13.0.0 255.255.255.0 reachability < --- wan block from Lvl3 router

track 2 interface FastEthernet1/0 line-protocol < ---- ibgp connected interface

track 3 list boolean or

object 1

object 2

ip route 0.0.0.0 0.0.0.0 192.168.34.3 track 3 <--- Lvl3 router ibgp connected interface

You'll also need to take into account any natting that's happening on your lan side.

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

Jeremy Gibbs · ‎10-04-2013

Thanks, I am getting somewear!

I currently have this config

track 1 ip route 4.26.24.202 255.255.255.255 reachability

track 2 interface GigabitEthernet2/0 line-protocol

track 3 list boolean or

ip route 0.0.0.0 0.0.0.0 10.255.254.5 track 3

The inital flip works and it inserts the static default route below. When the interfaces come back, that static route stays the same and never defaults back to the BGP route. But if I type in

track 3 list boolean and

It reverts back to the BGP route. Am I missing something?

Before I flip it to and (just causes a state change)

C 10.255.254.4/30 is directly connected, GigabitEthernet2/0

72.0.0.0/24 is subnetted, 1 subnets

C 72.237.4.0 is directly connected, GigabitEthernet4/0

S* 0.0.0.0/0 [1/0] via 10.255.254.5

After I flip it to and

C 10.255.254.4/30 is directly connected, GigabitEthernet2/0

72.0.0.0/24 is subnetted, 1 subnets

C 72.237.4.0 is directly connected, GigabitEthernet4/0

B* 0.0.0.0/0 [20/0] via 67.216.14.169, 00:00:32

It just never seems to flip back to the default BGP route.

John Blakley · ‎10-04-2013

Jeremy,

I reread your requirements and Robert has the solution that would work for you and is very easy to implement...unlike what I've put up here.

On NLand router, create an acl matching on the default route and then a route-map. Set the Level3 neighborship to a better local preference, and everything should work fine.

On the NLand router:

access-list 10 permit 0.0.0.0

route-map Default permit 10

match ip address 10

set local-pref 200

route-map Default permit 20

router bgp

neighbor route-map Default in

That's it...that's all you need to do. I'm not sure what I was thinking when I had done the other. The other still works on my box, but it's a lot more than is needed. You don't need any tracking or anything for this solution.

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

Jeremy Gibbs · ‎10-16-2013

Thanks, that works! One thing I noticed is, at times I saw packets on both HSRP links when pinging from the router named S4. They were reply packets and there were thousands. This made me think there was a loop. I saved all the configs and shut everything down and started it all back up and things appeared to be back to normal. I think it may have been a bug in GNS3. At least I hope that was the issue.