Solved

bgp single router single ISP multihome

Posted on 2013-06-28
12
354 Views
Last Modified: 2013-10-26
My Cisco router has two connections to the ISP and I am using MED for my failover type of connection. My first link is the primary link. My second link is the backup link. It is working currently. Now, I'd like the SAN traffic to take the backup link as its primary link. I was told that route-map may not work as I will have an asymetric routing. In other words, I will have no problem to send the SAN traffic to the backup link. But the return traffic will go through my other link.
I guess once the traffic gets to the ISP, it is out of my control.

Any feedback on how I would accomplish this would be greatly appreciated.

Thanks
0
Comment
Question by:leblanc
  • 6
  • 4
  • 2
12 Comments
 
LVL 57

Expert Comment

by:giltjr
ID: 39286148
How many IP addresses do you have?
0
 
LVL 1

Author Comment

by:leblanc
ID: 39286159
I forgot to mention that this is a MPLS connection. So I have 4 subnets that I advertise to the ISP via BGP. Everything  is going through the primary link. I'd like to get the subnet 4 to take the backup link as the primary link..
0
 
LVL 57

Expert Comment

by:giltjr
ID: 39286177
Are their two different ISP's or just one?

If two, then just advertise one of the /24's so the preferred path is the 2nd ISP.

If a single ISP, you will need to work something out with them.  You can't control the return path when there is a single ISP.
0
 
LVL 1

Author Comment

by:leblanc
ID: 39286183
My router, and two MPLS connections to the same ISP.
0
 
LVL 57

Accepted Solution

by:
giltjr earned 500 total points
ID: 39286199
Then you have to ask your ISP if they will route one of the /24's over the second connection.  Nothing you can do.
0
 
LVL 6

Expert Comment

by:pgstephan
ID: 39303426
Here is what you need to do.

I'm assuming you have a single IP address for your SAN that will need to replicate through the WAN. And that your interface facing the carrier uses a public IP address.

You need to think about this in 2 directions:

A) Outgoing
On your Edge router:
1) Use Source Based Routing with a route-map to only route the SAN traffic through the secondary link (define a prefix-list that matches the source IP address of the packets)
2) Configure NAT for your outgoing traffic that NATs the SAN source IP address to the public IP address of the secondary link.

This way the SAN traffic will be sent over the secondary link sourced from the secondary WAN link.

2) Inbound
There shouldn't be a problem in your inbound stream because the traffic was sourced from the secondary public IP address anyway.
Bear in mind that source based routing puts a bit of stress on the routing platform so be careful your router resources have some headroom.

******
I have answered your question as if your internet connection is just an internet solution.

I don't actually know how your internet connection is an MPLS one. MPLS can be used inside the carrier infrastructure to benefit from a BGP-free core.
When the carrier sells you an MPLS solution with internet, that means that the internet is a sort of a gateway (extra-net) that is provided centrally to all the VRF from the carrier centrally. If that's the case, then I don't think the solution I proposed will actually work because everything will actually be private on the WAN link.

Please let me know more about the environment and I'll certainly give you a hand. It will also help if you provide a snapshot of the router configuration.

HTH.
0
Give your grad a cloud of their own!

With up to 8TB of storage, give your favorite graduate their own personal cloud to centralize all their photos, videos and music in one safe place. They can save, sync and share all their stuff, and automatic photo backup helps free up space on their smartphone and tablet.

 
LVL 57

Assisted Solution

by:giltjr
giltjr earned 500 total points
ID: 39303891
pgstephan,

Unless  pitachip has not provided us with the correct information, or we have misunderstood his information, what you have suggested still will not work.

The way I understood it, both of his connections are from the same ISP and his ISP routes all inbound traffic to "connection #1" the primary link.  "Connection #2" is only used by his ISP as a backup in case #1 goes down.

What you may have failed to remember, or realize, when you start getting into multiple links that are /24's or larger and you have BGP, IP addresses are not physically associated with a specific link.  They are logically associated with a path based on how you are advertizing them with BGP.  However, when you have a single ISP controlling two links, the ISP can ignore your prepends and do what they want.

So  pitachip must work with his ISP to do what he wants.

 pitachip, one thing you may want to check on is if your ISP supports any specially community strings to control which path a specific subnet will take.  Some ISP's have a specific community string so that you can tell them which path you want subnets to take so that customers can control routing within their (the ISP's) network.

We have to do this with some of our ISP's so that the subnets they own do NOT take the link they provide unless our primary paths (provided by another ISP) is down.
0
 
LVL 1

Author Comment

by:leblanc
ID: 39304264
"The way I understood it, both of his connections are from the same ISP and his ISP routes all inbound traffic to "connection #1" the primary link.  "Connection #2" is only used by his ISP as a backup in case #1 goes down. " This is correct.

"the ISP can ignore your prepends and do what they want." You are correct.

now, I'd like my SAN traffic to take the 2ndary link as the primary and the prmary as the secondary. The issue I think will happen is if I send the SAN traffic through the 2nd link, the inbound will come back through the 1st link. Thus creating asymetric routing.

I don't think route-map filtering can accomplish this. The ISP was mentioned something about community. But I don't know much about community.
0
 
LVL 57

Assisted Solution

by:giltjr
giltjr earned 500 total points
ID: 39304465
You need to find out from your ISP what you need to provide them and then read:

http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a00801475b2.shtml

to see how to do it.
0
 
LVL 6

Expert Comment

by:pgstephan
ID: 39304616
Apologies gents, I personally didn't deal with an ISP who ignored my preprends. I've done AS-path manipulation and I'm doing it today with a Tier-1 and a Tier-2 providers. But I took your point, maybe not every ISP will do it.

I think your next solution is really to play with communities, just make sure you have "send-community" (if you're on a Cisco box) on your BGP neighbor statement to make sure you are really sending the community in the update.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 39305408
No problem.  We have 5 different ISP, all tier 1's and only 2 ignore our prepends.
0
 
LVL 1

Author Comment

by:leblanc
ID: 39305522
giltjr,

Thanks for the link. I will read it soon. I just skim through and it looks like that is what we want to do.
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Suggested Solutions

In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now