BGP with 2 ISP's on Same Cisco Router
Hello:
I have a situation where I have 2 different ISP's both providing GigE service to a single Cisco 7206vXR router. I have BGP configured, but when I look at the traffic flows almost all traffic is using single link, not both. In this case, What would be best config to have the traffic load balance between the 2?
In essence, ISP1 - 1.1.1.1/30, ISP2, 2.2.2.1/30 7206vXR G1/0 1.1.1.2/30 G12.2.2.2/30, Port-channel 1 3.3.3.1/28 to internal network. I have a /20 from ISP 1 and a /20 from Arin as a direct allocation. All traffic except web and email server is on Arin allocation which is announced via my ARIN obtained AS#. web and email server are on /20 from ISP1. Thoughts? Help please? I am trying to endure that I have 2 gig worth of bandwidth for end users to use (not at same time. Most bandwidth provided to end user is about 100 Meg.)
I have a situation where I have 2 different ISP's both providing GigE service to a single Cisco 7206vXR router. I have BGP configured, but when I look at the traffic flows almost all traffic is using single link, not both. In this case, What would be best config to have the traffic load balance between the 2?
In essence, ISP1 - 1.1.1.1/30, ISP2, 2.2.2.1/30 7206vXR G1/0 1.1.1.2/30 G12.2.2.2/30, Port-channel 1 3.3.3.1/28 to internal network. I have a /20 from ISP 1 and a /20 from Arin as a direct allocation. All traffic except web and email server is on Arin allocation which is announced via my ARIN obtained AS#. web and email server are on /20 from ISP1. Thoughts? Help please? I am trying to endure that I have 2 gig worth of bandwidth for end users to use (not at same time. Most bandwidth provided to end user is about 100 Meg.)
ASKER
[1. Yes. Same route map
2. No. Unsure how.
3. No.
2. No. Unsure how.
3. No.
telnet route-views.oregon-ix.net
(login is rviews)
if, for example, your prefix is 192.168.0.0/22 and your ASN is 65535 then
sh ip bgp 192.168.0.0/22 | i 65535
Look at the paths available as known from this device. Unless both providers are middle to small and they connect upstream to the same set of providers, then I would expect to see both provider ASNs in the path. Count the number of ASNs in the path. Everything else being equal, the shortest path wins (fewer ASNs).
(login is rviews)
if, for example, your prefix is 192.168.0.0/22 and your ASN is 65535 then
sh ip bgp 192.168.0.0/22 | i 65535
Look at the paths available as known from this device. Unless both providers are middle to small and they connect upstream to the same set of providers, then I would expect to see both provider ASNs in the path. Count the number of ASNs in the path. Everything else being equal, the shortest path wins (fewer ASNs).
ASKER
So as I read this...
route-views>sh ip bgp xx.xx.xx.0/20 | i 3950XX
3303 174 3950XX <-- The second AS is one ISP and the third is mine.
6539 577 6939 53828 3950XX <--The 4th AS in the second ISP and the fifth is mine.
1351 10578 6939 53828 3950XX
6079 6939 53828 3950XX
24441 3491 3491 174 3950XX
2497 3257 53828 3950XX
19214 174 3950XX
3277 39710 8359 53828 3950XX
6453 174 3950XX
4826 53828 3950XX
58901 51167 1299 53828 3950XX
4901 174 3950XX
1239 174 3950XX
20912 6939 53828 3950XX
1221 4637 174 3950XX
3549 3356 174 3950XX
7660 2516 6939 53828 3950XX
3267 6939 53828 3950XX
3257 53828 3950XX
58443 45177 53828 3950XX
2914 174 3950XX
6079 6939 53828 3950XX
46450 174 3950XX
852 53828 3950XX
202018 6939 53828 3950XX
286 174 3950XX
200130 6939 53828 3950XX
20771 6939 53828 3950XX
101 101 53828 3950XX
393406 53828 3950XX
3561 209 174 3950XX
6939 53828 3950XX
53364 3257 53828 3950XX
1668 174 3950XX
3356 174 3950XX
62567 6939 53828 3950XX
58511 53828 3950XX
7018 174 3950XX
3333 1273 174 3950XX
route-views>
Since AS174 is shorter I should be preferring that, but I am not. Thoughts?
-Thanks!
route-views>sh ip bgp xx.xx.xx.0/20 | i 3950XX
3303 174 3950XX <-- The second AS is one ISP and the third is mine.
6539 577 6939 53828 3950XX <--The 4th AS in the second ISP and the fifth is mine.
1351 10578 6939 53828 3950XX
6079 6939 53828 3950XX
24441 3491 3491 174 3950XX
2497 3257 53828 3950XX
19214 174 3950XX
3277 39710 8359 53828 3950XX
6453 174 3950XX
4826 53828 3950XX
58901 51167 1299 53828 3950XX
4901 174 3950XX
1239 174 3950XX
20912 6939 53828 3950XX
1221 4637 174 3950XX
3549 3356 174 3950XX
7660 2516 6939 53828 3950XX
3267 6939 53828 3950XX
3257 53828 3950XX
58443 45177 53828 3950XX
2914 174 3950XX
6079 6939 53828 3950XX
46450 174 3950XX
852 53828 3950XX
202018 6939 53828 3950XX
286 174 3950XX
200130 6939 53828 3950XX
20771 6939 53828 3950XX
101 101 53828 3950XX
393406 53828 3950XX
3561 209 174 3950XX
6939 53828 3950XX
53364 3257 53828 3950XX
1668 174 3950XX
3356 174 3950XX
62567 6939 53828 3950XX
58511 53828 3950XX
7018 174 3950XX
3333 1273 174 3950XX
route-views>
Since AS174 is shorter I should be preferring that, but I am not. Thoughts?
-Thanks!
You are correct.
Both providers are seeing your advertisement.
There are two equal paths between both providers. I would except *some* traffic via 174. Are you seeing none?
I would try updating your advertisements to announce the /20 to both, one /21 to one provider and the other /21 to the other provider. Make sure that both providers will accept /20 le 24.
Both providers are seeing your advertisement.
There are two equal paths between both providers. I would except *some* traffic via 174. Are you seeing none?
I would try updating your advertisements to announce the /20 to both, one /21 to one provider and the other /21 to the other provider. Make sure that both providers will accept /20 le 24.
ASKER
Hi Jan.
Trying to make sure I get this right...
(names changed to protect the not so innocent)
ip prefix-list Cogent seq 5 permit 38.XX.XX.0/22
ip prefix-list Cogent seq 10 permit 38.XX.YY.0/22
ip prefix-list Cogent seq 20 permit 45.XX.XX.0/20
!
ip prefix-list InternetDefault seq 5 permit 0.0.0.0/0
!
ip prefix-list Arin seq 5 permit 45.XX.XX.0/20
route-map Cogent-Nitel-Out permit 10
match ip address prefix-list Arin
!
route-map Cogent-Nitel permit 10
match ip address prefix-list InternetDefault
!
route-map Cogent-Out permit 10
match ip address prefix-list Cogent
router bgp 3950XX
bgp log-neighbor-changes
bgp scan-time 10
network 38.XX.XX.0 mask 255.255.252.0 <--ISP-1 Assigned Block
network 38.XX.YY.0 mask 255.255.252.0 <--ISP-1 Assigned Block #2
network 38.XX.YY.ZZ mask 255.255.255.240 <--ISP 1 Assigned Block #3 - Internal equipment
network 45.XX.XX.0 mask 255.255.240.0 <--Arin Direct Assignement
timers bgp 20 90
neighbor 38.104.XX.XX remote-as 174
neighbor 38.104.XX.XX soft-reconfiguration inbound
neighbor 38.104.XX.XX route-map Cogent-Nitel in
neighbor 38.104.XX.XX route-map Cogent-Out out
neighbor 64.191.XX.XX remote-as 53828
neighbor 64.191.XX.XX soft-reconfiguration inbound
neighbor 64.191.XX.XX route-map Cogent-Nitel in
neighbor 64.191.XX.XX route-map Cogent-Nitel-Out out
What would you recommend?
-Thank you
Trying to make sure I get this right...
(names changed to protect the not so innocent)
ip prefix-list Cogent seq 5 permit 38.XX.XX.0/22
ip prefix-list Cogent seq 10 permit 38.XX.YY.0/22
ip prefix-list Cogent seq 20 permit 45.XX.XX.0/20
!
ip prefix-list InternetDefault seq 5 permit 0.0.0.0/0
!
ip prefix-list Arin seq 5 permit 45.XX.XX.0/20
route-map Cogent-Nitel-Out permit 10
match ip address prefix-list Arin
!
route-map Cogent-Nitel permit 10
match ip address prefix-list InternetDefault
!
route-map Cogent-Out permit 10
match ip address prefix-list Cogent
router bgp 3950XX
bgp log-neighbor-changes
bgp scan-time 10
network 38.XX.XX.0 mask 255.255.252.0 <--ISP-1 Assigned Block
network 38.XX.YY.0 mask 255.255.252.0 <--ISP-1 Assigned Block #2
network 38.XX.YY.ZZ mask 255.255.255.240 <--ISP 1 Assigned Block #3 - Internal equipment
network 45.XX.XX.0 mask 255.255.240.0 <--Arin Direct Assignement
timers bgp 20 90
neighbor 38.104.XX.XX remote-as 174
neighbor 38.104.XX.XX soft-reconfiguration inbound
neighbor 38.104.XX.XX route-map Cogent-Nitel in
neighbor 38.104.XX.XX route-map Cogent-Out out
neighbor 64.191.XX.XX remote-as 53828
neighbor 64.191.XX.XX soft-reconfiguration inbound
neighbor 64.191.XX.XX route-map Cogent-Nitel in
neighbor 64.191.XX.XX route-map Cogent-Nitel-Out out
What would you recommend?
-Thank you
Are you only accepting a default route? How much memory does the 7206 have?
ASKER
Yes, only default route. 7206 has 1 Gig.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Sorry for the long delay. The changes recommended have not helped. I am seeing significant packet loss. I am on with one of the providers now.
ASKER
When I setup your recommended solution, I cannot do the null 0 250. Here is the setup:
7206vXR
g0/1 --> Cogent ISP x.x.x.x/30
g0/3 --> Nitel ISP y.y.y.y/30
g0/2 --> Port Channel 1 to 2960 switch (Cat 6 copper) to G0/21
g4/0 --> Port Channel 1 to 2960 switch (Cat 6 copper) to G0/22
Port Channel 1 38.69.x.x/28
Router BGP statements ref'd above.
ip route 38.69.x.x/28 Cogent ISP
ip route 45.x.x.x/20 38.69.x.y/28 --> Without this traffic to uBR and from Customer segment stops. No routing protocol between internal devices.
ip route 38.12.x.x/21 38.69.x.y/28 -->See statement above
ip route 10.x.x.x/21 38.69.x.y/28 --> See statement above
2960 (no vlan 1, vlan 38 - 38.69.x.z/28. IP Default gateway Port-channel 1 on 7206 IP)
G0/1-4 -->Port Channel 3 to Windows server.(Web, email, etc)
G0/21-22 -->Port Channel 1 to 7206
G0/23-24 --> Port Channel 2 to uBR10K (MM Fiber)
uBR10K
G1/2/0-1 --> Port Channel 2 to 2960 38.69.x.y/28
Bundle 1
10.x.x.x CM
45.X.X.X/20 CPE
38.X.X.X CPE
static route 0 0 38.69.x.x/28 (Port channel 1 on router)
What am I missing?
7206vXR
g0/1 --> Cogent ISP x.x.x.x/30
g0/3 --> Nitel ISP y.y.y.y/30
g0/2 --> Port Channel 1 to 2960 switch (Cat 6 copper) to G0/21
g4/0 --> Port Channel 1 to 2960 switch (Cat 6 copper) to G0/22
Port Channel 1 38.69.x.x/28
Router BGP statements ref'd above.
ip route 38.69.x.x/28 Cogent ISP
ip route 45.x.x.x/20 38.69.x.y/28 --> Without this traffic to uBR and from Customer segment stops. No routing protocol between internal devices.
ip route 38.12.x.x/21 38.69.x.y/28 -->See statement above
ip route 10.x.x.x/21 38.69.x.y/28 --> See statement above
2960 (no vlan 1, vlan 38 - 38.69.x.z/28. IP Default gateway Port-channel 1 on 7206 IP)
G0/1-4 -->Port Channel 3 to Windows server.(Web, email, etc)
G0/21-22 -->Port Channel 1 to 7206
G0/23-24 --> Port Channel 2 to uBR10K (MM Fiber)
uBR10K
G1/2/0-1 --> Port Channel 2 to 2960 38.69.x.y/28
Bundle 1
10.x.x.x CM
45.X.X.X/20 CPE
38.X.X.X CPE
static route 0 0 38.69.x.x/28 (Port channel 1 on router)
What am I missing?
These are not valid routing statements on a 7206.
ip route 38.69.x.x/28 Cogent ISP
ip route 45.x.x.x/20 38.69.x.y/28
So, if you have a downstream device to which you need to route all subnets (for example),
ip route 38.XX.XX.0/22 38.69.x.x
ip route 38.XX.YY.0/22 38.69.x.x
ip route 45.XX.XX.0/21 38.69.x.x
ip route 45.XX.YY.0/21 38.69.x.x
ip route 45.XX.XX.0/20 38.69.x.x
If you want to send just the routing information from the 7206 (ip route, prefix-list, all bgp, etc) to my EE inbox, I can give you exact information back and then generically comment what was done here.
ip route 38.69.x.x/28 Cogent ISP
ip route 45.x.x.x/20 38.69.x.y/28
So, if you have a downstream device to which you need to route all subnets (for example),
ip route 38.XX.XX.0/22 38.69.x.x
ip route 38.XX.YY.0/22 38.69.x.x
ip route 45.XX.XX.0/21 38.69.x.x
ip route 45.XX.YY.0/21 38.69.x.x
ip route 45.XX.XX.0/20 38.69.x.x
If you want to send just the routing information from the 7206 (ip route, prefix-list, all bgp, etc) to my EE inbox, I can give you exact information back and then generically comment what was done here.
ASKER
Done. I was trying to be vague..... :)
The easiest way to load balance traffic is to use Weight attribute.
You have configuration details in Cisco article - Load Sharing When Multihomed to Two ISPs Through a Single Local Router
You have configuration details in Cisco article - Load Sharing When Multihomed to Two ISPs Through a Single Local Router
ASKER
I still have a few issues, but they are related to the ISP's. I have tickets in with them.
Have you checked any route views tables to see if one provider carries a longer path than the other?
Are you doing any traffic engineering?