BGP on single router with 2 different ISPs

Discussion in 'Cisco' started by MCScrapE, May 6, 2005.

  1. MCScrapE

    MCScrapE Guest

    I have a Cisco 2801 that has 2 different ISPs using BGP. This router
    also serves as an internal router for vlans and a firewall. Currently
    I have one of the providers sending me their client routes. However,
    traffic is not going down that line at all. I have also configured
    several vlans to use a particular line via route-map. It works fine as
    I do a tracert it goes down the proper line. The problem is how can I
    get return traffic to use the same line.

    Let's say BGP believes (for lack of a better word) line 1 to be the
    shortest path so by default all traffic would go down that line. To
    achieve some load-sharing, I force my vlan to go down line 2. However,
    when traffic I generate is to come back to me it comes down line 1.
    Normally, this would be fine but there is enough aggregate traffic
    where I need to do something. Hence, my thinking of doing a manual
    load-share, if you will, by jockeying which vlans go down which line
    but if all the traffic comes back the same line (line 1 in this
    example), I really don't gain anything.

    I suppose I could force all outbound traffic to go down line 2 and have
    line 1 handle the return traffic. However, this solution doesn't sound
    all that appealing. Given I am only advertising a single class C
    address space I don't know if some sort of filtering would be the
    answer. I suppose I could break up that class C into 2 subnets and
    advertise 1 block with line 1 as the primary and the 2nd block with
    line 2 as the primary.

    Just looking for ideas at this point.

    Thank you.
    MCScrapE, May 6, 2005
    #1
    1. Advertising

  2. In article <>,
    MCScrapE <> wrote:
    :I have a Cisco 2801 that has 2 different ISPs using BGP.

    :I have also configured
    :several vlans to use a particular line via route-map. It works fine as
    :I do a tracert it goes down the proper line. The problem is how can I
    :get return traffic to use the same line.

    This is a classic difficulty that is not easy to solve from your end.

    The traditional way to handle this is to get the ISPs to BGP peer
    your AS with each other, and advertise it to their up/downstreams.
    The return traffic just isn't going to get to the second ISP unless
    the Internet knows to send it there. And anything beyond your
    premises doesn't know anything about your VLANs, so you will have
    to segregate by subnet rather than by VLAN.

    The other way to handle this, which has some notable technical
    disadvantages compared to the above, is to NAT the traffic that
    goes out to the second ISP, so that the return address on it is
    in the IP space handled by the second ISP. But not all traffic
    is NAT (or PAT) friendly, and you need some fancy footwork if
    you want to get automatic failover. If your failover cannot lose
    connects that were "in flight" then you need to go the BGP AS
    "bribe the ISPs lavishly to cooperate" path.
    --
    "Mathematics? I speak it like a native." -- Spike Milligan
    Walter Roberson, May 6, 2005
    #2
    1. Advertising

  3. MCScrapE

    MCScrapE Guest

    Walter,

    Thanks for the reply and for constantly monitoring this group. :)
    Seems like every other post has you in it.

    Anyway, I have been configuring the route-maps to be applied as ip
    policies on the sub-interfaces. The route-maps essentially are saying
    match ip address 150 and the next line sets the next hop with the
    preferred address and then the failover address. The access list is
    access-list 150 permit ip 10.200.50.0 0.0.0.255.

    I will contact my ISPs and hope they play nice. I have 9 locations
    with the same ISPs in all of them so hopefully that will give me a
    little leverage.

    Thank you again.

    Andrew
    MCScrapE, May 6, 2005
    #3
  4. MCScrapE

    Tony Clifton Guest

    One option you have to influence the inbound path selection is to modify the
    AS-path attribute. Using the set as-path command you can add your own
    AS-number to the AS-path attribute multiple times, increasing the autonomous
    system path length for a prefix.

    If you want a prefix to be reached through ISP 1, you could apply a
    route-map to ISP 2 prepending your ASN to make the AS-path over ISP 2
    longer, and ensure it's only used for return traffic when ISP 1 is totally
    unavailable.

    The more times you prepend your ASN, the longer the path over ISP 2 appears.

    If all other BGP attribute values are the same, the routers in an autonomous
    system would choose the shortest route in terms of autonomous systems
    traversed.

    You could also use the MED attribute if you only had 1 ISP and multiple
    exits, but that is not an option in this case.

    Regards,

    /TC

    "MCScrapE" <> skrev i meddelandet
    news:...
    > Walter,
    >
    > Thanks for the reply and for constantly monitoring this group. :)
    > Seems like every other post has you in it.
    >
    > Anyway, I have been configuring the route-maps to be applied as ip
    > policies on the sub-interfaces. The route-maps essentially are saying
    > match ip address 150 and the next line sets the next hop with the
    > preferred address and then the failover address. The access list is
    > access-list 150 permit ip 10.200.50.0 0.0.0.255.
    >
    > I will contact my ISPs and hope they play nice. I have 9 locations
    > with the same ISPs in all of them so hopefully that will give me a
    > little leverage.
    >
    > Thank you again.
    >
    > Andrew
    >
    Tony Clifton, May 6, 2005
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. AP
    Replies:
    5
    Views:
    726
    Guest
    May 28, 2004
  2. papi
    Replies:
    4
    Views:
    2,174
    theapplebee
    Sep 8, 2009
  3. darktiger

    3640 router, BGP-4, and 2x ISPs

    darktiger, Jun 30, 2005, in forum: Cisco
    Replies:
    2
    Views:
    557
    Barry Margolin
    Jul 1, 2005
  4. Replies:
    5
    Views:
    5,775
    anilkarthik
    Jul 28, 2008
  5. Gary

    BGP on a single router

    Gary, Nov 1, 2005, in forum: Cisco
    Replies:
    2
    Views:
    427
    news_user
    Nov 5, 2005
Loading...

Share This Page