Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.
Solved
BGP with 2 ISP's on Same Cisco Router
Posted on 2016-09-03
Hello:
I have a situation where I have 2 different ISP's both providing GigE service to a single Cisco 7206vXR router. I have BGP configured, but when I look at the traffic flows almost all traffic is using single link, not both. In this case, What would be best config to have the traffic load balance between the 2?
In essence, ISP1 - 1.1.1.1/30, ISP2, 2.2.2.1/30 7206vXR G1/0 1.1.1.2/30 G12.2.2.2/30, Port-channel 1 3.3.3.1/28 to internal network. I have a /20 from ISP 1 and a /20 from Arin as a direct allocation. All traffic except web and email server is on Arin allocation which is announced via my ARIN obtained AS#. web and email server are on /20 from ISP1. Thoughts? Help please? I am trying to endure that I have 2 gig worth of bandwidth for end users to use (not at same time. Most bandwidth provided to end user is about 100 Meg.)
I have a situation where I have 2 different ISP's both providing GigE service to a single Cisco 7206vXR router. I have BGP configured, but when I look at the traffic flows almost all traffic is using single link, not both. In this case, What would be best config to have the traffic load balance between the 2?
In essence, ISP1 - 1.1.1.1/30, ISP2, 2.2.2.1/30 7206vXR G1/0 1.1.1.2/30 G12.2.2.2/30, Port-channel 1 3.3.3.1/28 to internal network. I have a /20 from ISP 1 and a /20 from Arin as a direct allocation. All traffic except web and email server is on Arin allocation which is announced via my ARIN obtained AS#. web and email server are on /20 from ISP1. Thoughts? Help please? I am trying to endure that I have 2 gig worth of bandwidth for end users to use (not at same time. Most bandwidth provided to end user is about 100 Meg.)
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
8
6
15 Comments
Active 3 days ago
Have you verified that you are advertising to both providers and that they are both accepting your advertisements?
Have you checked any route views tables to see if one provider carries a longer path than the other?
Are you doing any traffic engineering?
Have you checked any route views tables to see if one provider carries a longer path than the other?
Are you doing any traffic engineering?
Active 3 days ago
telnet route-views.oregon-ix.net
(login is rviews)
if, for example, your prefix is 192.168.0.0/22 and your ASN is 65535 then
sh ip bgp 192.168.0.0/22 | i 65535
Look at the paths available as known from this device. Unless both providers are middle to small and they connect upstream to the same set of providers, then I would expect to see both provider ASNs in the path. Count the number of ASNs in the path. Everything else being equal, the shortest path wins (fewer ASNs).
(login is rviews)
if, for example, your prefix is 192.168.0.0/22 and your ASN is 65535 then
sh ip bgp 192.168.0.0/22 | i 65535
Look at the paths available as known from this device. Unless both providers are middle to small and they connect upstream to the same set of providers, then I would expect to see both provider ASNs in the path. Count the number of ASNs in the path. Everything else being equal, the shortest path wins (fewer ASNs).
Active 3 days ago
So as I read this...
route-views>sh ip bgp xx.xx.xx.0/20 | i 3950XX
3303 174 3950XX <-- The second AS is one ISP and the third is mine.
6539 577 6939 53828 3950XX <--The 4th AS in the second ISP and the fifth is mine.
1351 10578 6939 53828 3950XX
6079 6939 53828 3950XX
24441 3491 3491 174 3950XX
2497 3257 53828 3950XX
19214 174 3950XX
3277 39710 8359 53828 3950XX
6453 174 3950XX
4826 53828 3950XX
58901 51167 1299 53828 3950XX
4901 174 3950XX
1239 174 3950XX
20912 6939 53828 3950XX
1221 4637 174 3950XX
3549 3356 174 3950XX
7660 2516 6939 53828 3950XX
3267 6939 53828 3950XX
3257 53828 3950XX
58443 45177 53828 3950XX
2914 174 3950XX
6079 6939 53828 3950XX
46450 174 3950XX
852 53828 3950XX
202018 6939 53828 3950XX
286 174 3950XX
200130 6939 53828 3950XX
20771 6939 53828 3950XX
101 101 53828 3950XX
393406 53828 3950XX
3561 209 174 3950XX
6939 53828 3950XX
53364 3257 53828 3950XX
1668 174 3950XX
3356 174 3950XX
62567 6939 53828 3950XX
58511 53828 3950XX
7018 174 3950XX
3333 1273 174 3950XX
route-views>
Since AS174 is shorter I should be preferring that, but I am not. Thoughts?
-Thanks!
route-views>sh ip bgp xx.xx.xx.0/20 | i 3950XX
3303 174 3950XX <-- The second AS is one ISP and the third is mine.
6539 577 6939 53828 3950XX <--The 4th AS in the second ISP and the fifth is mine.
1351 10578 6939 53828 3950XX
6079 6939 53828 3950XX
24441 3491 3491 174 3950XX
2497 3257 53828 3950XX
19214 174 3950XX
3277 39710 8359 53828 3950XX
6453 174 3950XX
4826 53828 3950XX
58901 51167 1299 53828 3950XX
4901 174 3950XX
1239 174 3950XX
20912 6939 53828 3950XX
1221 4637 174 3950XX
3549 3356 174 3950XX
7660 2516 6939 53828 3950XX
3267 6939 53828 3950XX
3257 53828 3950XX
58443 45177 53828 3950XX
2914 174 3950XX
6079 6939 53828 3950XX
46450 174 3950XX
852 53828 3950XX
202018 6939 53828 3950XX
286 174 3950XX
200130 6939 53828 3950XX
20771 6939 53828 3950XX
101 101 53828 3950XX
393406 53828 3950XX
3561 209 174 3950XX
6939 53828 3950XX
53364 3257 53828 3950XX
1668 174 3950XX
3356 174 3950XX
62567 6939 53828 3950XX
58511 53828 3950XX
7018 174 3950XX
3333 1273 174 3950XX
route-views>
Since AS174 is shorter I should be preferring that, but I am not. Thoughts?
-Thanks!
Active 3 days ago
You are correct.
Both providers are seeing your advertisement.
There are two equal paths between both providers. I would except *some* traffic via 174. Are you seeing none?
I would try updating your advertisements to announce the /20 to both, one /21 to one provider and the other /21 to the other provider. Make sure that both providers will accept /20 le 24.
Both providers are seeing your advertisement.
There are two equal paths between both providers. I would except *some* traffic via 174. Are you seeing none?
I would try updating your advertisements to announce the /20 to both, one /21 to one provider and the other /21 to the other provider. Make sure that both providers will accept /20 le 24.
Active 3 days ago
Hi Jan.
Trying to make sure I get this right...
(names changed to protect the not so innocent)
ip prefix-list Cogent seq 5 permit 38.XX.XX.0/22
ip prefix-list Cogent seq 10 permit 38.XX.YY.0/22
ip prefix-list Cogent seq 20 permit 45.XX.XX.0/20
!
ip prefix-list InternetDefault seq 5 permit 0.0.0.0/0
!
ip prefix-list Arin seq 5 permit 45.XX.XX.0/20
route-map Cogent-Nitel-Out permit 10
match ip address prefix-list Arin
!
route-map Cogent-Nitel permit 10
match ip address prefix-list InternetDefault
!
route-map Cogent-Out permit 10
match ip address prefix-list Cogent
router bgp 3950XX
bgp log-neighbor-changes
bgp scan-time 10
network 38.XX.XX.0 mask 255.255.252.0 <--ISP-1 Assigned Block
network 38.XX.YY.0 mask 255.255.252.0 <--ISP-1 Assigned Block #2
network 38.XX.YY.ZZ mask 255.255.255.240 <--ISP 1 Assigned Block #3 - Internal equipment
network 45.XX.XX.0 mask 255.255.240.0 <--Arin Direct Assignement
timers bgp 20 90
neighbor 38.104.XX.XX remote-as 174
neighbor 38.104.XX.XX soft-reconfiguration inbound
neighbor 38.104.XX.XX route-map Cogent-Nitel in
neighbor 38.104.XX.XX route-map Cogent-Out out
neighbor 64.191.XX.XX remote-as 53828
neighbor 64.191.XX.XX soft-reconfiguration inbound
neighbor 64.191.XX.XX route-map Cogent-Nitel in
neighbor 64.191.XX.XX route-map Cogent-Nitel-Out out
What would you recommend?
-Thank you
Trying to make sure I get this right...
(names changed to protect the not so innocent)
ip prefix-list Cogent seq 5 permit 38.XX.XX.0/22
ip prefix-list Cogent seq 10 permit 38.XX.YY.0/22
ip prefix-list Cogent seq 20 permit 45.XX.XX.0/20
!
ip prefix-list InternetDefault seq 5 permit 0.0.0.0/0
!
ip prefix-list Arin seq 5 permit 45.XX.XX.0/20
route-map Cogent-Nitel-Out permit 10
match ip address prefix-list Arin
!
route-map Cogent-Nitel permit 10
match ip address prefix-list InternetDefault
!
route-map Cogent-Out permit 10
match ip address prefix-list Cogent
router bgp 3950XX
bgp log-neighbor-changes
bgp scan-time 10
network 38.XX.XX.0 mask 255.255.252.0 <--ISP-1 Assigned Block
network 38.XX.YY.0 mask 255.255.252.0 <--ISP-1 Assigned Block #2
network 38.XX.YY.ZZ mask 255.255.255.240 <--ISP 1 Assigned Block #3 - Internal equipment
network 45.XX.XX.0 mask 255.255.240.0 <--Arin Direct Assignement
timers bgp 20 90
neighbor 38.104.XX.XX remote-as 174
neighbor 38.104.XX.XX soft-reconfiguration inbound
neighbor 38.104.XX.XX route-map Cogent-Nitel in
neighbor 38.104.XX.XX route-map Cogent-Out out
neighbor 64.191.XX.XX remote-as 53828
neighbor 64.191.XX.XX soft-reconfiguration inbound
neighbor 64.191.XX.XX route-map Cogent-Nitel in
neighbor 64.191.XX.XX route-map Cogent-Nitel-Out out
What would you recommend?
-Thank you
Active 3 days ago
This is an example of splitting your inbound traffic between two providers. Your router will pick one default route. So, some incoming from both, all outgoing to one.
! insert the routes into the routing table
ip route 38.XX.XX.0/22 null0 250
ip route 38.XX.YY.0/22 null0 250
ip route 45.XX.XX.0/21 null0 250
ip route 45.XX.YY.0/21 null0 250
ip route 45.XX.XX.0/20 null0 250
! prefixes that you want to announce to Cogent
ip prefix-list Cogent seq 5 permit 38.XX.XX.0/22 le 24
ip prefix-list Cogent seq 10 permit 38.XX.YY.0/22 le 24
ip prefix-list Cogent seq 20 permit 45.XX.XX.0/20 le 24
ip prefix-list Cogent seq 30 permit 45.XX.XX.0/21 le 24
! prefixes that you want to announce to Nitel
ip prefix-list Nitel seq 5 permit 38.XX.XX.0/22 le 24
ip prefix-list Nitel seq 10 permit 38.XX.YY.0/22 le 24
ip prefix-list Nitel seq 20 permit 45.XX.XX.0/20 le 24
ip prefix-list Nitel seq 30 permit 45.XX.YY.0/21 le 24
! what you're willing to accept from either provider
ip prefix-list InternetDefault seq 5 permit 0.0.0.0/0
router bgp 3950NN
! networks that you want to advertise
network 38.XX.XX.0 mask 255.255.252.0
network 38.XX.YY.0 mask 255.255.252.0
network 45.XX.XX.0 mask 255.255.240.0
network 45.XX.XX.0 mask 255.255.248.0
network 45.XX.YY.0 mask 255.255.248.0
! for simple announces without other traffic engineering
! just use prefix-lists
neighbor 38.104.XX.XX remote-as 174
neighbor 38.104.XX.XX soft-reconfiguration inbound
neighbor 38.104.XX.XX prefix-list InternetDefault in
neighbor 38.104.XX.XX prefix-list Cogent out
neighbor 64.191.XX.XX remote-as 53828
neighbor 64.191.XX.XX soft-reconfiguration inbound
neighbor 64.191.XX.XX prefix-list InternetDefault in
neighbor 64.191.XX.XX prefix-list Nitel out
The null routes combined with the network statements and prefix lists will determine what you send to your provider. If you send 45.xx.xx.0/20 and 45.xx.xx.0/21, you should see both of those being advertised. Most specific (/21) will win.
! insert the routes into the routing table
ip route 38.XX.XX.0/22 null0 250
ip route 38.XX.YY.0/22 null0 250
ip route 45.XX.XX.0/21 null0 250
ip route 45.XX.YY.0/21 null0 250
ip route 45.XX.XX.0/20 null0 250
! prefixes that you want to announce to Cogent
ip prefix-list Cogent seq 5 permit 38.XX.XX.0/22 le 24
ip prefix-list Cogent seq 10 permit 38.XX.YY.0/22 le 24
ip prefix-list Cogent seq 20 permit 45.XX.XX.0/20 le 24
ip prefix-list Cogent seq 30 permit 45.XX.XX.0/21 le 24
! prefixes that you want to announce to Nitel
ip prefix-list Nitel seq 5 permit 38.XX.XX.0/22 le 24
ip prefix-list Nitel seq 10 permit 38.XX.YY.0/22 le 24
ip prefix-list Nitel seq 20 permit 45.XX.XX.0/20 le 24
ip prefix-list Nitel seq 30 permit 45.XX.YY.0/21 le 24
! what you're willing to accept from either provider
ip prefix-list InternetDefault seq 5 permit 0.0.0.0/0
router bgp 3950NN
! networks that you want to advertise
network 38.XX.XX.0 mask 255.255.252.0
network 38.XX.YY.0 mask 255.255.252.0
network 45.XX.XX.0 mask 255.255.240.0
network 45.XX.XX.0 mask 255.255.248.0
network 45.XX.YY.0 mask 255.255.248.0
! for simple announces without other traffic engineering
! just use prefix-lists
neighbor 38.104.XX.XX remote-as 174
neighbor 38.104.XX.XX soft-reconfiguration inbound
neighbor 38.104.XX.XX prefix-list InternetDefault in
neighbor 38.104.XX.XX prefix-list Cogent out
neighbor 64.191.XX.XX remote-as 53828
neighbor 64.191.XX.XX soft-reconfiguration inbound
neighbor 64.191.XX.XX prefix-list InternetDefault in
neighbor 64.191.XX.XX prefix-list Nitel out
The null routes combined with the network statements and prefix lists will determine what you send to your provider. If you send 45.xx.xx.0/20 and 45.xx.xx.0/21, you should see both of those being advertised. Most specific (/21) will win.
Active 3 days ago
Sorry for the long delay. The changes recommended have not helped. I am seeing significant packet loss. I am on with one of the providers now.
Active 3 days ago
When I setup your recommended solution, I cannot do the null 0 250. Here is the setup:
7206vXR
g0/1 --> Cogent ISP x.x.x.x/30
g0/3 --> Nitel ISP y.y.y.y/30
g0/2 --> Port Channel 1 to 2960 switch (Cat 6 copper) to G0/21
g4/0 --> Port Channel 1 to 2960 switch (Cat 6 copper) to G0/22
Port Channel 1 38.69.x.x/28
Router BGP statements ref'd above.
ip route 38.69.x.x/28 Cogent ISP
ip route 45.x.x.x/20 38.69.x.y/28 --> Without this traffic to uBR and from Customer segment stops. No routing protocol between internal devices.
ip route 38.12.x.x/21 38.69.x.y/28 -->See statement above
ip route 10.x.x.x/21 38.69.x.y/28 --> See statement above
2960 (no vlan 1, vlan 38 - 38.69.x.z/28. IP Default gateway Port-channel 1 on 7206 IP)
G0/1-4 -->Port Channel 3 to Windows server.(Web, email, etc)
G0/21-22 -->Port Channel 1 to 7206
G0/23-24 --> Port Channel 2 to uBR10K (MM Fiber)
uBR10K
G1/2/0-1 --> Port Channel 2 to 2960 38.69.x.y/28
Bundle 1
10.x.x.x CM
45.X.X.X/20 CPE
38.X.X.X CPE
static route 0 0 38.69.x.x/28 (Port channel 1 on router)
What am I missing?
7206vXR
g0/1 --> Cogent ISP x.x.x.x/30
g0/3 --> Nitel ISP y.y.y.y/30
g0/2 --> Port Channel 1 to 2960 switch (Cat 6 copper) to G0/21
g4/0 --> Port Channel 1 to 2960 switch (Cat 6 copper) to G0/22
Port Channel 1 38.69.x.x/28
Router BGP statements ref'd above.
ip route 38.69.x.x/28 Cogent ISP
ip route 45.x.x.x/20 38.69.x.y/28 --> Without this traffic to uBR and from Customer segment stops. No routing protocol between internal devices.
ip route 38.12.x.x/21 38.69.x.y/28 -->See statement above
ip route 10.x.x.x/21 38.69.x.y/28 --> See statement above
2960 (no vlan 1, vlan 38 - 38.69.x.z/28. IP Default gateway Port-channel 1 on 7206 IP)
G0/1-4 -->Port Channel 3 to Windows server.(Web, email, etc)
G0/21-22 -->Port Channel 1 to 7206
G0/23-24 --> Port Channel 2 to uBR10K (MM Fiber)
uBR10K
G1/2/0-1 --> Port Channel 2 to 2960 38.69.x.y/28
Bundle 1
10.x.x.x CM
45.X.X.X/20 CPE
38.X.X.X CPE
static route 0 0 38.69.x.x/28 (Port channel 1 on router)
What am I missing?
Active 3 days ago
These are not valid routing statements on a 7206.
ip route 38.69.x.x/28 Cogent ISP
ip route 45.x.x.x/20 38.69.x.y/28
So, if you have a downstream device to which you need to route all subnets (for example),
ip route 38.XX.XX.0/22 38.69.x.x
ip route 38.XX.YY.0/22 38.69.x.x
ip route 45.XX.XX.0/21 38.69.x.x
ip route 45.XX.YY.0/21 38.69.x.x
ip route 45.XX.XX.0/20 38.69.x.x
If you want to send just the routing information from the 7206 (ip route, prefix-list, all bgp, etc) to my EE inbox, I can give you exact information back and then generically comment what was done here.
ip route 38.69.x.x/28 Cogent ISP
ip route 45.x.x.x/20 38.69.x.y/28
So, if you have a downstream device to which you need to route all subnets (for example),
ip route 38.XX.XX.0/22 38.69.x.x
ip route 38.XX.YY.0/22 38.69.x.x
ip route 45.XX.XX.0/21 38.69.x.x
ip route 45.XX.YY.0/21 38.69.x.x
ip route 45.XX.XX.0/20 38.69.x.x
If you want to send just the routing information from the 7206 (ip route, prefix-list, all bgp, etc) to my EE inbox, I can give you exact information back and then generically comment what was done here.
Active today
The easiest way to load balance traffic is to use Weight attribute.
You have configuration details in Cisco article - Load Sharing When Multihomed to Two ISPs Through a Single Local Router
You have configuration details in Cisco article - Load Sharing When Multihomed to Two ISPs Through a Single Local Router
Featured Post
Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.
One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty.
Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:
• Key questions to ask when considering a partnership to accelerate your business into the cloud
• Pitfalls and mistakes other partners…
Suggested Courses
Course of the Month9 days, 2 hours left to enroll
604 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.