Inbound and Out Bound Traffic Load Balencing in BGP
Hi,
Two ISPs connected to two different routers.
HSRP is running between these routers
we have our own AS number and implemented BGP at present all outgoing traffic is going through one ISP 1 and Incoming is through ISP 2 due to this one of the ISP is full and another one is free.
we want to enable load balancing between these two ISP's and also want to know if i want to route particular IP series through one ISP.
At present we are atking full routes from both ISP's
please find below BGP config
Thanks In Advance Please give me solution for this.
BGP-Config.txt
Two ISPs connected to two different routers.
HSRP is running between these routers
we have our own AS number and implemented BGP at present all outgoing traffic is going through one ISP 1 and Incoming is through ISP 2 due to this one of the ISP is full and another one is free.
we want to enable load balancing between these two ISP's and also want to know if i want to route particular IP series through one ISP.
At present we are atking full routes from both ISP's
please find below BGP config
Thanks In Advance Please give me solution for this.
BGP-Config.txt
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for your reply but in this document there is only one router terminated both ISP links but in my setup both links terminated in different routers.
appreciate if there any option.
as i mentioned at present everything is working fine with incoming through one ISP and outgoing through another ISP but we want to load balance both incoming and out going traffic.
what should i do if i want to route some incoming and outgoing traffic (specific IPS) through one of the selected ISP.
appreciate if there any option.
as i mentioned at present everything is working fine with incoming through one ISP and outgoing through another ISP but we want to load balance both incoming and out going traffic.
what should i do if i want to route some incoming and outgoing traffic (specific IPS) through one of the selected ISP.
You may want to find out if the provider with the congested link offers communities with the option to AS-path prepend other provider ASNs.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi,
Thanks for your update at present we are using aspath prepend to get fail over of one link.
i am new to BGP ( and really scary about BGP) if you can help me in command reference as per my config its really help us. my main concern is Inbound traffic. we have /23 network.
| AS 400 | AS 300
| | I
| R1 ----+----- ISP-A ------ N
| | | T
| Host --------+ | E
| | | R
| R2 ----+----- ISP-B ------ N
| | E
| | AS 200 T
All incoming is coming through ISP B. All out going through ISP A as this router is active for HSRP.
we have configured below
route-map out permit 10
match ip address 10
set metric 100
set as-path prepend 400
Please let me know if you need more details
Thanks for your update at present we are using aspath prepend to get fail over of one link.
i am new to BGP ( and really scary about BGP) if you can help me in command reference as per my config its really help us. my main concern is Inbound traffic. we have /23 network.
| AS 400 | AS 300
| | I
| R1 ----+----- ISP-A ------ N
| | | T
| Host --------+ | E
| | | R
| R2 ----+----- ISP-B ------ N
| | E
| | AS 200 T
All incoming is coming through ISP B. All out going through ISP A as this router is active for HSRP.
we have configured below
route-map out permit 10
match ip address 10
set metric 100
set as-path prepend 400
Please let me know if you need more details
ASKER
when we remove set as-path prepend 400 incoming traffic is coming through both links but if one link fails other link is not taking care the traffic.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Yes at present IBGP Is running between these routers
Please find below config and let me know what i should change in my config
at present we have /23 network and we advertised this to both ISP's
Incoming traffic is coming through both routers and outgoing is going through Router 2.
when router 2 is Down Router 1 is not taking care of all traffic.
Could you please tell me what i have to change in this and if i want to route some traffic through Router 1 how can i do that...??
Please find below config and let me know what i should change in my config
at present we have /23 network and we advertised this to both ISP's
Incoming traffic is coming through both routers and outgoing is going through Router 2.
when router 2 is Down Router 1 is not taking care of all traffic.
Could you please tell me what i have to change in this and if i want to route some traffic through Router 1 how can i do that...??
Router :1
interface Loopback1
ip address 40.40.41.253 255.255.255.255
!
interface GigabitEthernet0/0
description "WAN link to ISP 1"
ip address 30.30.30.240 255.255.255.252
load-interval 30
duplex full
speed 100
media-type rj45
interface Vlan1
ip address 40.40.40.2 255.255.255.0
ip nat enable
standby 10 ip 40.40.40.1
standby 10 priority 90
standby 10 preempt
router bgp 400
bgp log-neighbor-changes
neighbor 30.30.0.253 remote-as 300
neighbor 30.30.0.253 description ISP 1
neighbor 30.30.0.253 ebgp-multihop 255
neighbor 30.30.0.253 update-source Loopback1
neighbor 40.40.40.3 remote-as 400
maximum-paths 2
!
address-family ipv4
neighbor 30.30.0.253 activate
neighbor 30.30.0.253 soft-reconfiguration inbound
neighbor 30.30.0.253 prefix-list MyPublicPrefixes out
neighbor 30.30.0.253 route-map out out
neighbor 40.40.40.3 activate
neighbor 40.40.40.3 next-hop-self
neighbor 40.40.40.3 route-map IBGP in
neighbor 40.40.40.3 route-map IBGP out
maximum-paths 2
no auto-summary
no synchronization
network 40.40.40.0
network 40.40.41.0
aggregate-address 40.40.40.0 255.255.254.0
exit-address-family
ip route 30.30.0.253 255.255.255.255 30.30.30.249
ip route 40.40.41.0 255.255.255.0 40.40.40.4
ip route 40.40.41.254 255.255.255.255 40.40.40.3
ip prefix-list MyPublicPrefixes seq 5 permit 40.40.40.0/23
ip prefix-list MyPublicPrefixes seq 10 permit 40.40.40.0/24
ip prefix-list MyPublicPrefixes seq 20 permit 40.40.41.0/24
access-list 10 permit 40.40.40.0
access-list 10 permit 40.40.41.0
route-map IBGP permit 10
match ip address 10
!
route-map out permit 10
match ip address 10
set metric 100
Router 2:
interface Loopback1
ip address 40.40.41.254 255.255.255.255
!
interface GigabitEthernet0/0
description "WAN link to ISP 2"
ip address 20.20.20.177 255.255.255.252
ip access-group blockedlist out
ip accounting output-packets
duplex full
speed 100
media-type rj45
interface Vlan1
ip address 40.40.40.3 255.255.255.0
ip accounting output-packets
ip nat enable
standby 10 ip 40.40.40.1
standby 10 priority 110
standby 10 preempt
!
router bgp 400
bgp log-neighbor-changes
neighbor 40.40.40.2 remote-as 400
neighbor 20.29.91.185 remote-as 200
neighbor 20.29.91.185 description ISP2_1
neighbor 20.29.91.185 ebgp-multihop 255
neighbor 20.29.91.185 update-source Loopback1
neighbor 20.20.45.113 remote-as 200
neighbor 20.20.45.113 description ISP2_2
neighbor 20.20.45.113 ebgp-multihop 255
neighbor 20.20.45.113 update-source Loopback1
maximum-paths 2
!
address-family ipv4
neighbor 40.40.40.2 activate
neighbor 40.40.40.2 next-hop-self
neighbor 40.40.40.2 route-map IBGP in
neighbor 40.40.40.2 route-map IBGP out
neighbor 20.29.91.185 activate
neighbor 20.29.91.185 soft-reconfiguration inbound
neighbor 20.29.91.185 prefix-list MyPublicPrefixes out
neighbor 20.29.91.185 route-map out out
neighbor 20.20.45.113 activate
neighbor 20.20.45.113 soft-reconfiguration inbound
neighbor 20.20.45.113 prefix-list MyPublicPrefixes out
neighbor 20.20.45.113 route-map out out
maximum-paths 2
no auto-summary
no synchronization
network 40.40.40.0 mask 255.255.254.0
network 40.40.40.0
network 40.40.41.0
aggregate-address 40.40.40.0 255.255.254.0
exit-address-family
ip route 40.40.41.0 255.255.255.0 40.40.40.4
ip route 40.40.41.253 255.255.255.255 40.40.40.2
ip route 20.29.91.185 255.255.255.255 20.20.20.178
ip route 20.20.45.113 255.255.255.255 20.20.20.178
ip prefix-list MyPublicPrefixes seq 5 permit 40.40.40.0/23
ip prefix-list MyPublicPrefixes seq 10 permit 40.40.40.0/24
ip prefix-list MyPublicPrefixes seq 20 permit 40.40.41.0/24
access-list 10 permit 40.40.40.0
access-list 10 permit 40.40.41.0
route-map IBGP permit 10
match ip address 10
!
route-map out permit 10
match ip address 10
set metric 200
You have two different metrics specified. Why?
ASKER
This is actually implemented by other guy who is not available at present. I also observed this and when i checked in the documents its telling it will only work when we have two paths from same service provider.
i am planing to remove this.
i am planing to remove this.
I'm also curious as to R2 having two external neighbors.
The issue you may face is that the world may really prefer one path over the other. Communities using as-path prepend with limited networks via one provider helps to balance the load.
As far as failover, have you verified paths and routes when one link goes down? Have you verified with your provider(s) that they do not have static routes for your networks to you?
The issue you may face is that the world may really prefer one path over the other. Communities using as-path prepend with limited networks via one provider helps to balance the load.
As far as failover, have you verified paths and routes when one link goes down? Have you verified with your provider(s) that they do not have static routes for your networks to you?
ASKER
tanQ for your update
I'm also curious as to R2 having two external neighbors....This is because our ISP asked to put this.
previously (you can check attached Config when i created this ticket) all outgoing is through Router 1 and all incoming through Router 2. yesterday we removed set as-path prepend 100 from router 1 now incoming is coming through both the routers.
Previously when one link was down all incoming and out going was coming through another link this is not happening now. There are no static rout at our ISP.
please let me know if you need any further info.
I'm also curious as to R2 having two external neighbors....This is because our ISP asked to put this.
previously (you can check attached Config when i created this ticket) all outgoing is through Router 1 and all incoming through Router 2. yesterday we removed set as-path prepend 100 from router 1 now incoming is coming through both the routers.
Previously when one link was down all incoming and out going was coming through another link this is not happening now. There are no static rout at our ISP.
please let me know if you need any further info.
With both routes working, can you run a test during low peak and shut the neighbor(s) down on one router -- wait at least 90 seconds for updates to propagate and see if the alternate path woriks?
neighbor 30.30.0.253 shut
neighbor 30.30.0.253 shut
ASKER
we did neighbor 30.30.0.253 shut ....all out and and incoming traffic is coming through other router.
we have to check whether same thing is happening or not once we shutting down the other router peers.
to do this immediately its not possible tomorrow or day after tomorrow we will check this if its needed.
we have to check whether same thing is happening or not once we shutting down the other router peers.
to do this immediately its not possible tomorrow or day after tomorrow we will check this if its needed.
modus_in_rebus:
I am waiting on the other link to be shut to determine whether traffic reroutes (as it should).
I am waiting on the other link to be shut to determine whether traffic reroutes (as it should).
ASKER
Hi We did the other one also but traffic is not going out.
Finally we did like this.
1. We removed metric in both the routers. Incoming traffic is coming through both the routers.
2. For fail over we Created a IP SLA to check the availability
interface Vlan1
ip address 40.40.40.3 255.255.255.0
ip accounting output-packets
ip nat enable
standby 10 ip 40.40.40.1
standby 10 priority 120
standby 10 preempt
standby 10 track 1 decrement 40 ----> if the track object is down then the priority would be lowered by 40
Below is the configuration for track object:
track 1 ip sla 1 reachability
ip sla 1
icmp-echo 88.87.56.54 source-interface GigabitEthernet0/0
ip sla schedule 1 life forever start-time now
2. Outgoing Traffic we diverted our all other site ips towards other link using Local preferences. After this load is sharing between the links.
Finally we did like this.
1. We removed metric in both the routers. Incoming traffic is coming through both the routers.
2. For fail over we Created a IP SLA to check the availability
interface Vlan1
ip address 40.40.40.3 255.255.255.0
ip accounting output-packets
ip nat enable
standby 10 ip 40.40.40.1
standby 10 priority 120
standby 10 preempt
standby 10 track 1 decrement 40 ----> if the track object is down then the priority would be lowered by 40
Below is the configuration for track object:
track 1 ip sla 1 reachability
ip sla 1
icmp-echo 88.87.56.54 source-interface GigabitEthernet0/0
ip sla schedule 1 life forever start-time now
2. Outgoing Traffic we diverted our all other site ips towards other link using Local preferences. After this load is sharing between the links.
So, what you're saying is that when the BGP configuration was shut down for the peer(s) on the other router, the BGP routes did not get updated in the first router and that traffic did not re-route?
ASKER
Thanks for your reply
yes Incoming traffic is coming but out going is not going. may be its because of IBGP route map as we are not advertising routes through IBGP as we are taking full routes from both ISPs.
Please let me know if i am doing some thing wrong here or if there is any better alternative for this.
yes Incoming traffic is coming but out going is not going. may be its because of IBGP route map as we are not advertising routes through IBGP as we are taking full routes from both ISPs.
Please let me know if i am doing some thing wrong here or if there is any better alternative for this.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
You mean our Own netblocks....??
fi its our own netblocks we are already advertising.
fi its our own netblocks we are already advertising.
To summarize:
* both paths inbound are currently being utilized after tweaking configuration
* primary router inbound and outbound work when backup router peer is disabled
* when primary router peer is disabled, traffic comes in via backup router but outgoing traffic is not leaving the network
If the primary router LAN interface is up and is also the default gateway for the LAN; and the primary router peer is down, the local area network traffic is not routing to the backup router?
* both paths inbound are currently being utilized after tweaking configuration
* primary router inbound and outbound work when backup router peer is disabled
* when primary router peer is disabled, traffic comes in via backup router but outgoing traffic is not leaving the network
If the primary router LAN interface is up and is also the default gateway for the LAN; and the primary router peer is down, the local area network traffic is not routing to the backup router?
ASKER
yes you are correct.
to over come this we created Track in vlan to wan interface.when its not reachable it will automatically decrement priority valu to 40 and second router become active then all out going traffic is going our properly to ward other router.
to over come this we created Track in vlan to wan interface.when its not reachable it will automatically decrement priority valu to 40 and second router become active then all out going traffic is going our properly to ward other router.
With that scenario (primary down) and you traceroute to an IP off net from a LAN PC, the traceroute dies at the primary router?
What do you see with a:
sh ip route <IP>
sh ip bgp <IP>
sh ip bgp sum
What do you see with a:
sh ip route <IP>
sh ip bgp <IP>
sh ip bgp sum
ASKER
At present i cant check this immediately because i have to revert back all my changes to check this.
at present its working as we wanted after we made changes as per above changes comment.(07/19/09 04:31 PM,) and we allowed both EBGP peers in IBGP.
1.All outgoing default its going to router1.
2.There we diverted traffic to Router 2 using local preferences.
3.Incoming is coming to both Routers.
4.When Router 1 is down (weather its router physically down or BGP peer down) its diverting traffic to other router this is happening because of IP SLA and Track in VLAn .
Thanks to all for your support.
at present its working as we wanted after we made changes as per above changes comment.(07/19/09 04:31 PM,) and we allowed both EBGP peers in IBGP.
1.All outgoing default its going to router1.
2.There we diverted traffic to Router 2 using local preferences.
3.Incoming is coming to both Routers.
4.When Router 1 is down (weather its router physically down or BGP peer down) its diverting traffic to other router this is happening because of IP SLA and Track in VLAn .
Thanks to all for your support.
ASKER