bgp single router single ISP multihome

My Cisco router has two connections to the ISP and I am using MED for my failover type of connection. My first link is the primary link. My second link is the backup link. It is working currently. Now, I'd like the SAN traffic to take the backup link as its primary link. I was told that route-map may not work as I will have an asymetric routing. In other words, I will have no problem to send the SAN traffic to the backup link. But the return traffic will go through my other link.
I guess once the traffic gets to the ISP, it is out of my control.

Any feedback on how I would accomplish this would be greatly appreciated.

Who is Participating?
giltjrConnect With a Mentor Commented:
Then you have to ask your ISP if they will route one of the /24's over the second connection.  Nothing you can do.
How many IP addresses do you have?
leblancAccountingAuthor Commented:
I forgot to mention that this is a MPLS connection. So I have 4 subnets that I advertise to the ISP via BGP. Everything  is going through the primary link. I'd like to get the subnet 4 to take the backup link as the primary link..
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

Are their two different ISP's or just one?

If two, then just advertise one of the /24's so the preferred path is the 2nd ISP.

If a single ISP, you will need to work something out with them.  You can't control the return path when there is a single ISP.
leblancAccountingAuthor Commented:
My router, and two MPLS connections to the same ISP.
Here is what you need to do.

I'm assuming you have a single IP address for your SAN that will need to replicate through the WAN. And that your interface facing the carrier uses a public IP address.

You need to think about this in 2 directions:

A) Outgoing
On your Edge router:
1) Use Source Based Routing with a route-map to only route the SAN traffic through the secondary link (define a prefix-list that matches the source IP address of the packets)
2) Configure NAT for your outgoing traffic that NATs the SAN source IP address to the public IP address of the secondary link.

This way the SAN traffic will be sent over the secondary link sourced from the secondary WAN link.

2) Inbound
There shouldn't be a problem in your inbound stream because the traffic was sourced from the secondary public IP address anyway.
Bear in mind that source based routing puts a bit of stress on the routing platform so be careful your router resources have some headroom.

I have answered your question as if your internet connection is just an internet solution.

I don't actually know how your internet connection is an MPLS one. MPLS can be used inside the carrier infrastructure to benefit from a BGP-free core.
When the carrier sells you an MPLS solution with internet, that means that the internet is a sort of a gateway (extra-net) that is provided centrally to all the VRF from the carrier centrally. If that's the case, then I don't think the solution I proposed will actually work because everything will actually be private on the WAN link.

Please let me know more about the environment and I'll certainly give you a hand. It will also help if you provide a snapshot of the router configuration.

giltjrConnect With a Mentor Commented:

Unless  pitachip has not provided us with the correct information, or we have misunderstood his information, what you have suggested still will not work.

The way I understood it, both of his connections are from the same ISP and his ISP routes all inbound traffic to "connection #1" the primary link.  "Connection #2" is only used by his ISP as a backup in case #1 goes down.

What you may have failed to remember, or realize, when you start getting into multiple links that are /24's or larger and you have BGP, IP addresses are not physically associated with a specific link.  They are logically associated with a path based on how you are advertizing them with BGP.  However, when you have a single ISP controlling two links, the ISP can ignore your prepends and do what they want.

So  pitachip must work with his ISP to do what he wants.

 pitachip, one thing you may want to check on is if your ISP supports any specially community strings to control which path a specific subnet will take.  Some ISP's have a specific community string so that you can tell them which path you want subnets to take so that customers can control routing within their (the ISP's) network.

We have to do this with some of our ISP's so that the subnets they own do NOT take the link they provide unless our primary paths (provided by another ISP) is down.
leblancAccountingAuthor Commented:
"The way I understood it, both of his connections are from the same ISP and his ISP routes all inbound traffic to "connection #1" the primary link.  "Connection #2" is only used by his ISP as a backup in case #1 goes down. " This is correct.

"the ISP can ignore your prepends and do what they want." You are correct.

now, I'd like my SAN traffic to take the 2ndary link as the primary and the prmary as the secondary. The issue I think will happen is if I send the SAN traffic through the 2nd link, the inbound will come back through the 1st link. Thus creating asymetric routing.

I don't think route-map filtering can accomplish this. The ISP was mentioned something about community. But I don't know much about community.
giltjrConnect With a Mentor Commented:
You need to find out from your ISP what you need to provide them and then read:

to see how to do it.
Apologies gents, I personally didn't deal with an ISP who ignored my preprends. I've done AS-path manipulation and I'm doing it today with a Tier-1 and a Tier-2 providers. But I took your point, maybe not every ISP will do it.

I think your next solution is really to play with communities, just make sure you have "send-community" (if you're on a Cisco box) on your BGP neighbor statement to make sure you are really sending the community in the update.
No problem.  We have 5 different ISP, all tier 1's and only 2 ignore our prepends.
leblancAccountingAuthor Commented:

Thanks for the link. I will read it soon. I just skim through and it looks like that is what we want to do.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.