1. Home
  2. Cisco Systems
  3. BGP on single router with 2 different ISPs

BGP on single router with 2 different ISPs

I have a Cisco 2801 that has 2 different ISPs using BGP. This router also serves as an internal router for vlans and a firewall. Currently I have one of the providers sending me their client routes. However, traffic is not going down that line at all. I have also configured several vlans to use a particular line via route-map. It works fine as I do a tracert it goes down the proper line. The problem is how can I get return traffic to use the same line.

Let's say BGP believes (for lack of a better word) line 1 to be the shortest path so by default all traffic would go down that line. To achieve some load-sharing, I force my vlan to go down line 2. However, when traffic I generate is to come back to me it comes down line 1. Normally, this would be fine but there is enough aggregate traffic where I need to do something. Hence, my thinking of doing a manual load-share, if you will, by jockeying which vlans go down which line but if all the traffic comes back the same line (line 1 in this example), I really don't gain anything.

I suppose I could force all outbound traffic to go down line 2 and have line 1 handle the return traffic. However, this solution doesn't sound all that appealing. Given I am only advertising a single class C address space I don't know if some sort of filtering would be the answer. I suppose I could break up that class C into 2 subnets and advertise 1 block with line 1 as the primary and the 2nd block with line 2 as the primary.

Just looking for ideas at this point.

Thank you.

Reply to
MCScrapE
Loading thread data ...

In article , MCScrapE wrote: :I have a Cisco 2801 that has 2 different ISPs using BGP.

:I have also configured :several vlans to use a particular line via route-map. It works fine as :I do a tracert it goes down the proper line. The problem is how can I :get return traffic to use the same line.

This is a classic difficulty that is not easy to solve from your end.

The traditional way to handle this is to get the ISPs to BGP peer your AS with each other, and advertise it to their up/downstreams. The return traffic just isn't going to get to the second ISP unless the Internet knows to send it there. And anything beyond your premises doesn't know anything about your VLANs, so you will have to segregate by subnet rather than by VLAN.

The other way to handle this, which has some notable technical disadvantages compared to the above, is to NAT the traffic that goes out to the second ISP, so that the return address on it is in the IP space handled by the second ISP. But not all traffic is NAT (or PAT) friendly, and you need some fancy footwork if you want to get automatic failover. If your failover cannot lose connects that were "in flight" then you need to go the BGP AS "bribe the ISPs lavishly to cooperate" path.

Reply to
Walter Roberson

Walter,

Thanks for the reply and for constantly monitoring this group. :-) Seems like every other post has you in it.

Anyway, I have been configuring the route-maps to be applied as ip policies on the sub-interfaces. The route-maps essentially are saying match ip address 150 and the next line sets the next hop with the preferred address and then the failover address. The access list is access-list 150 permit ip 10.200.50.0 0.0.0.255.

I will contact my ISPs and hope they play nice. I have 9 locations with the same ISPs in all of them so hopefully that will give me a little leverage.

Thank you again.

Andrew

Reply to
MCScrapE

One option you have to influence the inbound path selection is to modify the AS-path attribute. Using the set as-path command you can add your own AS-number to the AS-path attribute multiple times, increasing the autonomous system path length for a prefix.

If you want a prefix to be reached through ISP 1, you could apply a route-map to ISP 2 prepending your ASN to make the AS-path over ISP 2 longer, and ensure it's only used for return traffic when ISP 1 is totally unavailable.

The more times you prepend your ASN, the longer the path over ISP 2 appears.

If all other BGP attribute values are the same, the routers in an autonomous system would choose the shortest route in terms of autonomous systems traversed.

You could also use the MED attribute if you only had 1 ISP and multiple exits, but that is not an option in this case.

Regards,

/TC

"MCScrapE" skrev i meddelandet news: snipped-for-privacy@f14g2000cwb.googlegroups.com...

Reply to
Tony Clifton

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.