Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 154
  • Last Modified:

BGP with 2 ISP's on Same Cisco Router

Hello:

I have a situation where I have 2 different ISP's both providing GigE service to a single Cisco 7206vXR router. I have BGP configured, but when I look at the traffic flows almost all traffic is using single link, not both. In this case, What would be best config to have the traffic load balance between the 2?

In essence, ISP1 - 1.1.1.1/30, ISP2, 2.2.2.1/30 7206vXR G1/0 1.1.1.2/30 G12.2.2.2/30, Port-channel 1 3.3.3.1/28 to internal network. I have a /20 from ISP 1 and a /20 from Arin as a direct allocation. All traffic except web and email server is on Arin allocation which is announced via my ARIN obtained AS#. web and email server are on /20 from ISP1. Thoughts? Help please? I am trying to endure that I have 2 gig worth of bandwidth for end users to use (not at same time. Most bandwidth provided to end user is about 100 Meg.)
0
Wyant Niswonger
Asked:
Wyant Niswonger
  • 8
  • 6
1 Solution
 
Jan SpringerCommented:
Have you verified that you are advertising to both providers and that they are both accepting  your advertisements?

Have you checked any route views tables to see if one provider carries a longer path than the other?

Are you doing any traffic engineering?
0
 
Wyant NiswongerPresidentAuthor Commented:
[1. Yes. Same route map
2. No. Unsure how.
3. No.
0
 
Jan SpringerCommented:
telnet route-views.oregon-ix.net

    (login is rviews)

if, for example, your prefix is 192.168.0.0/22 and your ASN is 65535 then

   sh ip bgp 192.168.0.0/22 | i 65535

Look at the paths available as known from this device.  Unless both providers are middle to small and they connect upstream to the same set of providers, then I would expect to see both provider ASNs in the path.  Count the number of ASNs in the path.  Everything else being equal, the shortest path wins (fewer ASNs).
0
What Kind of Coding Program is Right for You?

There are many ways to learn to code these days. From coding bootcamps like Flatiron School to online courses to totally free beginner resources. The best way to learn to code depends on many factors, but the most important one is you. See what course is best for you.

 
Wyant NiswongerPresidentAuthor Commented:
So as I read this...

route-views>sh ip bgp xx.xx.xx.0/20 | i 3950XX
  3303 174 3950XX  <-- The second AS is one ISP and the third is mine.
  6539 577 6939 53828 3950XX <--The 4th AS in the second ISP and the fifth is mine.
  1351 10578 6939 53828 3950XX
  6079 6939 53828 3950XX
  24441 3491 3491 174 3950XX
  2497 3257 53828 3950XX
  19214 174 3950XX
  3277 39710 8359 53828 3950XX
  6453 174 3950XX
  4826 53828 3950XX
  58901 51167 1299 53828 3950XX
  4901 174 3950XX
  1239 174 3950XX
  20912 6939 53828 3950XX
  1221 4637 174 3950XX
  3549 3356 174 3950XX
  7660 2516 6939 53828 3950XX
  3267 6939 53828 3950XX
  3257 53828 3950XX
  58443 45177 53828 3950XX
  2914 174 3950XX
  6079 6939 53828 3950XX
  46450 174 3950XX
  852 53828 3950XX
  202018 6939 53828 3950XX
  286 174 3950XX
  200130 6939 53828 3950XX
  20771 6939 53828 3950XX
  101 101 53828 3950XX
  393406 53828 3950XX
  3561 209 174 3950XX
  6939 53828 3950XX
  53364 3257 53828 3950XX
  1668 174 3950XX
  3356 174 3950XX
  62567 6939 53828 3950XX
  58511 53828 3950XX
  7018 174 3950XX
  3333 1273 174 3950XX
route-views>

Since AS174 is shorter I should be preferring that, but I am not. Thoughts?

-Thanks!
0
 
Jan SpringerCommented:
You are correct.

Both providers are seeing your advertisement.

There are two equal paths between both providers.  I would except *some* traffic via 174.   Are you seeing none?

I would try updating your advertisements to announce the /20 to both, one /21 to one provider and the other /21 to the other provider.  Make sure that both providers will accept /20 le 24.
0
 
Wyant NiswongerPresidentAuthor Commented:
Hi Jan.

Trying to make sure I get this right...

(names changed to protect the not so innocent)

ip prefix-list Cogent seq 5 permit 38.XX.XX.0/22
ip prefix-list Cogent seq 10 permit 38.XX.YY.0/22
ip prefix-list Cogent seq 20 permit 45.XX.XX.0/20
!
ip prefix-list InternetDefault seq 5 permit 0.0.0.0/0
!
ip prefix-list Arin seq 5 permit 45.XX.XX.0/20

route-map Cogent-Nitel-Out permit 10
 match ip address prefix-list Arin
!
route-map Cogent-Nitel permit 10
 match ip address prefix-list InternetDefault
!
route-map Cogent-Out permit 10
 match ip address prefix-list Cogent

router bgp 3950XX
 bgp log-neighbor-changes
 bgp scan-time 10
 network 38.XX.XX.0 mask 255.255.252.0 <--ISP-1 Assigned Block
 network 38.XX.YY.0 mask 255.255.252.0 <--ISP-1 Assigned Block #2
 network 38.XX.YY.ZZ mask 255.255.255.240 <--ISP 1 Assigned Block #3 - Internal equipment
 network 45.XX.XX.0 mask 255.255.240.0 <--Arin Direct Assignement
 timers bgp 20 90
 neighbor 38.104.XX.XX remote-as 174
 neighbor 38.104.XX.XX soft-reconfiguration inbound
 neighbor 38.104.XX.XX route-map Cogent-Nitel in
 neighbor 38.104.XX.XX route-map Cogent-Out out
 neighbor 64.191.XX.XX remote-as 53828
 neighbor 64.191.XX.XX soft-reconfiguration inbound
 neighbor 64.191.XX.XX route-map Cogent-Nitel in
 neighbor 64.191.XX.XX route-map Cogent-Nitel-Out out

What would you recommend?

-Thank you
0
 
Jan SpringerCommented:
Are you only accepting a default route?  How much memory does the 7206 have?
0
 
Wyant NiswongerPresidentAuthor Commented:
Yes, only default route. 7206 has 1 Gig.
0
 
Jan SpringerCommented:
This is an example of splitting your inbound traffic between two providers.  Your router will pick one default route.  So, some incoming from both, all outgoing to one.

! insert the routes into the routing table

ip route 38.XX.XX.0/22 null0 250
ip route 38.XX.YY.0/22 null0 250
ip route 45.XX.XX.0/21 null0 250
ip route 45.XX.YY.0/21 null0 250
ip route 45.XX.XX.0/20 null0 250


! prefixes that you want to announce to Cogent

ip prefix-list Cogent seq 5 permit 38.XX.XX.0/22 le 24
ip prefix-list Cogent seq 10 permit 38.XX.YY.0/22 le 24
ip prefix-list Cogent seq 20 permit 45.XX.XX.0/20 le 24
ip prefix-list Cogent seq 30 permit 45.XX.XX.0/21 le 24


! prefixes that you want to announce to Nitel

ip prefix-list Nitel seq 5 permit 38.XX.XX.0/22 le 24
ip prefix-list Nitel seq 10 permit 38.XX.YY.0/22 le 24
ip prefix-list Nitel seq 20 permit 45.XX.XX.0/20 le 24
ip prefix-list Nitel seq 30 permit 45.XX.YY.0/21 le 24


! what you're willing to accept from either provider

ip prefix-list InternetDefault seq 5 permit 0.0.0.0/0


router bgp 3950NN
 ! networks that you want to advertise

 network 38.XX.XX.0 mask 255.255.252.0
 network 38.XX.YY.0 mask 255.255.252.0
 network 45.XX.XX.0 mask 255.255.240.0
 network 45.XX.XX.0 mask 255.255.248.0
 network 45.XX.YY.0 mask 255.255.248.0

 ! for simple announces without other traffic engineering
 ! just use prefix-lists
 
 neighbor 38.104.XX.XX remote-as 174
 neighbor 38.104.XX.XX soft-reconfiguration inbound
 neighbor 38.104.XX.XX prefix-list InternetDefault in
 neighbor 38.104.XX.XX prefix-list Cogent out
 neighbor 64.191.XX.XX remote-as 53828
 neighbor 64.191.XX.XX soft-reconfiguration inbound
 neighbor 64.191.XX.XX prefix-list InternetDefault in
 neighbor 64.191.XX.XX prefix-list Nitel out


The null routes combined with the network statements and prefix lists will determine what you send to your provider.  If you send 45.xx.xx.0/20 and 45.xx.xx.0/21, you should see both of those being advertised.  Most specific (/21) will win.
0
 
Wyant NiswongerPresidentAuthor Commented:
Sorry for the long delay. The changes recommended have not helped. I am seeing significant packet loss. I am on with one of the providers now.
0
 
Wyant NiswongerPresidentAuthor Commented:
When I setup your recommended solution, I cannot do the null 0 250. Here is the setup:

7206vXR
g0/1 --> Cogent ISP x.x.x.x/30
g0/3 --> Nitel ISP y.y.y.y/30
g0/2 --> Port Channel 1 to 2960 switch (Cat 6 copper) to G0/21
g4/0 --> Port Channel 1 to 2960 switch (Cat 6 copper) to G0/22
Port Channel 1 38.69.x.x/28
Router BGP statements ref'd above.
ip route 38.69.x.x/28 Cogent ISP
ip route 45.x.x.x/20 38.69.x.y/28 --> Without this traffic to uBR and from Customer segment stops. No routing protocol between internal devices.
ip route 38.12.x.x/21 38.69.x.y/28 -->See statement above
ip route 10.x.x.x/21 38.69.x.y/28 --> See statement above

2960 (no vlan 1, vlan 38 - 38.69.x.z/28. IP Default gateway Port-channel 1 on 7206 IP)

G0/1-4 -->Port Channel 3 to Windows server.(Web, email, etc)
G0/21-22 -->Port Channel 1 to 7206
G0/23-24 --> Port Channel 2 to uBR10K (MM Fiber)

uBR10K

G1/2/0-1 --> Port Channel 2 to 2960 38.69.x.y/28
Bundle 1
10.x.x.x CM
45.X.X.X/20 CPE
38.X.X.X CPE

static route 0 0 38.69.x.x/28 (Port channel 1 on router)

What am I missing?
0
 
Jan SpringerCommented:
These are not valid routing statements on a 7206.
    ip route 38.69.x.x/28 Cogent ISP
    ip route 45.x.x.x/20 38.69.x.y/28

So, if you have a downstream device to which you need to route all subnets (for example),

   ip route 38.XX.XX.0/22 38.69.x.x
   ip route 38.XX.YY.0/22 38.69.x.x
   ip route 45.XX.XX.0/21 38.69.x.x
   ip route 45.XX.YY.0/21 38.69.x.x
   ip route 45.XX.XX.0/20 38.69.x.x

If you want to send just the routing information from the 7206 (ip route, prefix-list, all bgp, etc) to my EE inbox, I can give you exact information back and then generically comment what was done here.
1
 
Wyant NiswongerPresidentAuthor Commented:
Done. I was trying to be vague..... :)
0
 
JustInCaseCommented:
The easiest way to load balance traffic is to use Weight attribute.
You have configuration details in Cisco article - Load Sharing When Multihomed to Two ISPs Through a Single Local Router
1
 
Wyant NiswongerPresidentAuthor Commented:
I still have a few issues, but they are related to the ISP's. I have tickets in with them.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get Certified for a Job in Cybersecurity

Want an exciting career in an emerging field? Earn your MS in Cybersecurity and get certified in ethical hacking or computer forensic investigation. WGU’s MSCSIA degree program was designed to meet the most recent U.S. Department of Homeland Security (DHS) and NSA guidelines.  

  • 8
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now