There are many ways to learn to code these days. From coding bootcamps like Flatiron School to online courses to totally free beginner resources. The best way to learn to code depends on many factors, but the most important one is you. See what course is best for you.
BGP with 2 ISP's on Same Cisco Router
Hello:
I have a situation where I have 2 different ISP's both providing GigE service to a single Cisco 7206vXR router. I have BGP configured, but when I look at the traffic flows almost all traffic is using single link, not both. In this case, What would be best config to have the traffic load balance between the 2?
In essence, ISP1 - 1.1.1.1/30, ISP2, 2.2.2.1/30 7206vXR G1/0 1.1.1.2/30 G12.2.2.2/30, Port-channel 1 3.3.3.1/28 to internal network. I have a /20 from ISP 1 and a /20 from Arin as a direct allocation. All traffic except web and email server is on Arin allocation which is announced via my ARIN obtained AS#. web and email server are on /20 from ISP1. Thoughts? Help please? I am trying to endure that I have 2 gig worth of bandwidth for end users to use (not at same time. Most bandwidth provided to end user is about 100 Meg.)
I have a situation where I have 2 different ISP's both providing GigE service to a single Cisco 7206vXR router. I have BGP configured, but when I look at the traffic flows almost all traffic is using single link, not both. In this case, What would be best config to have the traffic load balance between the 2?
In essence, ISP1 - 1.1.1.1/30, ISP2, 2.2.2.1/30 7206vXR G1/0 1.1.1.2/30 G12.2.2.2/30, Port-channel 1 3.3.3.1/28 to internal network. I have a /20 from ISP 1 and a /20 from Arin as a direct allocation. All traffic except web and email server is on Arin allocation which is announced via my ARIN obtained AS#. web and email server are on /20 from ISP1. Thoughts? Help please? I am trying to endure that I have 2 gig worth of bandwidth for end users to use (not at same time. Most bandwidth provided to end user is about 100 Meg.)
Asked:
-
8
6
1 Solution
telnet route-views.oregon-ix.net
(login is rviews)
if, for example, your prefix is 192.168.0.0/22 and your ASN is 65535 then
sh ip bgp 192.168.0.0/22 | i 65535
Look at the paths available as known from this device. Unless both providers are middle to small and they connect upstream to the same set of providers, then I would expect to see both provider ASNs in the path. Count the number of ASNs in the path. Everything else being equal, the shortest path wins (fewer ASNs).
(login is rviews)
if, for example, your prefix is 192.168.0.0/22 and your ASN is 65535 then
sh ip bgp 192.168.0.0/22 | i 65535
Look at the paths available as known from this device. Unless both providers are middle to small and they connect upstream to the same set of providers, then I would expect to see both provider ASNs in the path. Count the number of ASNs in the path. Everything else being equal, the shortest path wins (fewer ASNs).
So as I read this...
route-views>sh ip bgp xx.xx.xx.0/20 | i 3950XX
3303 174 3950XX <-- The second AS is one ISP and the third is mine.
6539 577 6939 53828 3950XX <--The 4th AS in the second ISP and the fifth is mine.
1351 10578 6939 53828 3950XX
6079 6939 53828 3950XX
24441 3491 3491 174 3950XX
2497 3257 53828 3950XX
19214 174 3950XX
3277 39710 8359 53828 3950XX
6453 174 3950XX
4826 53828 3950XX
58901 51167 1299 53828 3950XX
4901 174 3950XX
1239 174 3950XX
20912 6939 53828 3950XX
1221 4637 174 3950XX
3549 3356 174 3950XX
7660 2516 6939 53828 3950XX
3267 6939 53828 3950XX
3257 53828 3950XX
58443 45177 53828 3950XX
2914 174 3950XX
6079 6939 53828 3950XX
46450 174 3950XX
852 53828 3950XX
202018 6939 53828 3950XX
286 174 3950XX
200130 6939 53828 3950XX
20771 6939 53828 3950XX
101 101 53828 3950XX
393406 53828 3950XX
3561 209 174 3950XX
6939 53828 3950XX
53364 3257 53828 3950XX
1668 174 3950XX
3356 174 3950XX
62567 6939 53828 3950XX
58511 53828 3950XX
7018 174 3950XX
3333 1273 174 3950XX
route-views>
Since AS174 is shorter I should be preferring that, but I am not. Thoughts?
-Thanks!
route-views>sh ip bgp xx.xx.xx.0/20 | i 3950XX
3303 174 3950XX <-- The second AS is one ISP and the third is mine.
6539 577 6939 53828 3950XX <--The 4th AS in the second ISP and the fifth is mine.
1351 10578 6939 53828 3950XX
6079 6939 53828 3950XX
24441 3491 3491 174 3950XX
2497 3257 53828 3950XX
19214 174 3950XX
3277 39710 8359 53828 3950XX
6453 174 3950XX
4826 53828 3950XX
58901 51167 1299 53828 3950XX
4901 174 3950XX
1239 174 3950XX
20912 6939 53828 3950XX
1221 4637 174 3950XX
3549 3356 174 3950XX
7660 2516 6939 53828 3950XX
3267 6939 53828 3950XX
3257 53828 3950XX
58443 45177 53828 3950XX
2914 174 3950XX
6079 6939 53828 3950XX
46450 174 3950XX
852 53828 3950XX
202018 6939 53828 3950XX
286 174 3950XX
200130 6939 53828 3950XX
20771 6939 53828 3950XX
101 101 53828 3950XX
393406 53828 3950XX
3561 209 174 3950XX
6939 53828 3950XX
53364 3257 53828 3950XX
1668 174 3950XX
3356 174 3950XX
62567 6939 53828 3950XX
58511 53828 3950XX
7018 174 3950XX
3333 1273 174 3950XX
route-views>
Since AS174 is shorter I should be preferring that, but I am not. Thoughts?
-Thanks!
You are correct.
Both providers are seeing your advertisement.
There are two equal paths between both providers. I would except *some* traffic via 174. Are you seeing none?
I would try updating your advertisements to announce the /20 to both, one /21 to one provider and the other /21 to the other provider. Make sure that both providers will accept /20 le 24.
Both providers are seeing your advertisement.
There are two equal paths between both providers. I would except *some* traffic via 174. Are you seeing none?
I would try updating your advertisements to announce the /20 to both, one /21 to one provider and the other /21 to the other provider. Make sure that both providers will accept /20 le 24.
Hi Jan.
Trying to make sure I get this right...
(names changed to protect the not so innocent)
ip prefix-list Cogent seq 5 permit 38.XX.XX.0/22
ip prefix-list Cogent seq 10 permit 38.XX.YY.0/22
ip prefix-list Cogent seq 20 permit 45.XX.XX.0/20
!
ip prefix-list InternetDefault seq 5 permit 0.0.0.0/0
!
ip prefix-list Arin seq 5 permit 45.XX.XX.0/20
route-map Cogent-Nitel-Out permit 10
match ip address prefix-list Arin
!
route-map Cogent-Nitel permit 10
match ip address prefix-list InternetDefault
!
route-map Cogent-Out permit 10
match ip address prefix-list Cogent
router bgp 3950XX
bgp log-neighbor-changes
bgp scan-time 10
network 38.XX.XX.0 mask 255.255.252.0 <--ISP-1 Assigned Block
network 38.XX.YY.0 mask 255.255.252.0 <--ISP-1 Assigned Block #2
network 38.XX.YY.ZZ mask 255.255.255.240 <--ISP 1 Assigned Block #3 - Internal equipment
network 45.XX.XX.0 mask 255.255.240.0 <--Arin Direct Assignement
timers bgp 20 90
neighbor 38.104.XX.XX remote-as 174
neighbor 38.104.XX.XX soft-reconfiguration inbound
neighbor 38.104.XX.XX route-map Cogent-Nitel in
neighbor 38.104.XX.XX route-map Cogent-Out out
neighbor 64.191.XX.XX remote-as 53828
neighbor 64.191.XX.XX soft-reconfiguration inbound
neighbor 64.191.XX.XX route-map Cogent-Nitel in
neighbor 64.191.XX.XX route-map Cogent-Nitel-Out out
What would you recommend?
-Thank you
Trying to make sure I get this right...
(names changed to protect the not so innocent)
ip prefix-list Cogent seq 5 permit 38.XX.XX.0/22
ip prefix-list Cogent seq 10 permit 38.XX.YY.0/22
ip prefix-list Cogent seq 20 permit 45.XX.XX.0/20
!
ip prefix-list InternetDefault seq 5 permit 0.0.0.0/0
!
ip prefix-list Arin seq 5 permit 45.XX.XX.0/20
route-map Cogent-Nitel-Out permit 10
match ip address prefix-list Arin
!
route-map Cogent-Nitel permit 10
match ip address prefix-list InternetDefault
!
route-map Cogent-Out permit 10
match ip address prefix-list Cogent
router bgp 3950XX
bgp log-neighbor-changes
bgp scan-time 10
network 38.XX.XX.0 mask 255.255.252.0 <--ISP-1 Assigned Block
network 38.XX.YY.0 mask 255.255.252.0 <--ISP-1 Assigned Block #2
network 38.XX.YY.ZZ mask 255.255.255.240 <--ISP 1 Assigned Block #3 - Internal equipment
network 45.XX.XX.0 mask 255.255.240.0 <--Arin Direct Assignement
timers bgp 20 90
neighbor 38.104.XX.XX remote-as 174
neighbor 38.104.XX.XX soft-reconfiguration inbound
neighbor 38.104.XX.XX route-map Cogent-Nitel in
neighbor 38.104.XX.XX route-map Cogent-Out out
neighbor 64.191.XX.XX remote-as 53828
neighbor 64.191.XX.XX soft-reconfiguration inbound
neighbor 64.191.XX.XX route-map Cogent-Nitel in
neighbor 64.191.XX.XX route-map Cogent-Nitel-Out out
What would you recommend?
-Thank you
This is an example of splitting your inbound traffic between two providers. Your router will pick one default route. So, some incoming from both, all outgoing to one.
! insert the routes into the routing table
ip route 38.XX.XX.0/22 null0 250
ip route 38.XX.YY.0/22 null0 250
ip route 45.XX.XX.0/21 null0 250
ip route 45.XX.YY.0/21 null0 250
ip route 45.XX.XX.0/20 null0 250
! prefixes that you want to announce to Cogent
ip prefix-list Cogent seq 5 permit 38.XX.XX.0/22 le 24
ip prefix-list Cogent seq 10 permit 38.XX.YY.0/22 le 24
ip prefix-list Cogent seq 20 permit 45.XX.XX.0/20 le 24
ip prefix-list Cogent seq 30 permit 45.XX.XX.0/21 le 24
! prefixes that you want to announce to Nitel
ip prefix-list Nitel seq 5 permit 38.XX.XX.0/22 le 24
ip prefix-list Nitel seq 10 permit 38.XX.YY.0/22 le 24
ip prefix-list Nitel seq 20 permit 45.XX.XX.0/20 le 24
ip prefix-list Nitel seq 30 permit 45.XX.YY.0/21 le 24
! what you're willing to accept from either provider
ip prefix-list InternetDefault seq 5 permit 0.0.0.0/0
router bgp 3950NN
! networks that you want to advertise
network 38.XX.XX.0 mask 255.255.252.0
network 38.XX.YY.0 mask 255.255.252.0
network 45.XX.XX.0 mask 255.255.240.0
network 45.XX.XX.0 mask 255.255.248.0
network 45.XX.YY.0 mask 255.255.248.0
! for simple announces without other traffic engineering
! just use prefix-lists
neighbor 38.104.XX.XX remote-as 174
neighbor 38.104.XX.XX soft-reconfiguration inbound
neighbor 38.104.XX.XX prefix-list InternetDefault in
neighbor 38.104.XX.XX prefix-list Cogent out
neighbor 64.191.XX.XX remote-as 53828
neighbor 64.191.XX.XX soft-reconfiguration inbound
neighbor 64.191.XX.XX prefix-list InternetDefault in
neighbor 64.191.XX.XX prefix-list Nitel out
The null routes combined with the network statements and prefix lists will determine what you send to your provider. If you send 45.xx.xx.0/20 and 45.xx.xx.0/21, you should see both of those being advertised. Most specific (/21) will win.
! insert the routes into the routing table
ip route 38.XX.XX.0/22 null0 250
ip route 38.XX.YY.0/22 null0 250
ip route 45.XX.XX.0/21 null0 250
ip route 45.XX.YY.0/21 null0 250
ip route 45.XX.XX.0/20 null0 250
! prefixes that you want to announce to Cogent
ip prefix-list Cogent seq 5 permit 38.XX.XX.0/22 le 24
ip prefix-list Cogent seq 10 permit 38.XX.YY.0/22 le 24
ip prefix-list Cogent seq 20 permit 45.XX.XX.0/20 le 24
ip prefix-list Cogent seq 30 permit 45.XX.XX.0/21 le 24
! prefixes that you want to announce to Nitel
ip prefix-list Nitel seq 5 permit 38.XX.XX.0/22 le 24
ip prefix-list Nitel seq 10 permit 38.XX.YY.0/22 le 24
ip prefix-list Nitel seq 20 permit 45.XX.XX.0/20 le 24
ip prefix-list Nitel seq 30 permit 45.XX.YY.0/21 le 24
! what you're willing to accept from either provider
ip prefix-list InternetDefault seq 5 permit 0.0.0.0/0
router bgp 3950NN
! networks that you want to advertise
network 38.XX.XX.0 mask 255.255.252.0
network 38.XX.YY.0 mask 255.255.252.0
network 45.XX.XX.0 mask 255.255.240.0
network 45.XX.XX.0 mask 255.255.248.0
network 45.XX.YY.0 mask 255.255.248.0
! for simple announces without other traffic engineering
! just use prefix-lists
neighbor 38.104.XX.XX remote-as 174
neighbor 38.104.XX.XX soft-reconfiguration inbound
neighbor 38.104.XX.XX prefix-list InternetDefault in
neighbor 38.104.XX.XX prefix-list Cogent out
neighbor 64.191.XX.XX remote-as 53828
neighbor 64.191.XX.XX soft-reconfiguration inbound
neighbor 64.191.XX.XX prefix-list InternetDefault in
neighbor 64.191.XX.XX prefix-list Nitel out
The null routes combined with the network statements and prefix lists will determine what you send to your provider. If you send 45.xx.xx.0/20 and 45.xx.xx.0/21, you should see both of those being advertised. Most specific (/21) will win.
Sorry for the long delay. The changes recommended have not helped. I am seeing significant packet loss. I am on with one of the providers now.
When I setup your recommended solution, I cannot do the null 0 250. Here is the setup:
7206vXR
g0/1 --> Cogent ISP x.x.x.x/30
g0/3 --> Nitel ISP y.y.y.y/30
g0/2 --> Port Channel 1 to 2960 switch (Cat 6 copper) to G0/21
g4/0 --> Port Channel 1 to 2960 switch (Cat 6 copper) to G0/22
Port Channel 1 38.69.x.x/28
Router BGP statements ref'd above.
ip route 38.69.x.x/28 Cogent ISP
ip route 45.x.x.x/20 38.69.x.y/28 --> Without this traffic to uBR and from Customer segment stops. No routing protocol between internal devices.
ip route 38.12.x.x/21 38.69.x.y/28 -->See statement above
ip route 10.x.x.x/21 38.69.x.y/28 --> See statement above
2960 (no vlan 1, vlan 38 - 38.69.x.z/28. IP Default gateway Port-channel 1 on 7206 IP)
G0/1-4 -->Port Channel 3 to Windows server.(Web, email, etc)
G0/21-22 -->Port Channel 1 to 7206
G0/23-24 --> Port Channel 2 to uBR10K (MM Fiber)
uBR10K
G1/2/0-1 --> Port Channel 2 to 2960 38.69.x.y/28
Bundle 1
10.x.x.x CM
45.X.X.X/20 CPE
38.X.X.X CPE
static route 0 0 38.69.x.x/28 (Port channel 1 on router)
What am I missing?
7206vXR
g0/1 --> Cogent ISP x.x.x.x/30
g0/3 --> Nitel ISP y.y.y.y/30
g0/2 --> Port Channel 1 to 2960 switch (Cat 6 copper) to G0/21
g4/0 --> Port Channel 1 to 2960 switch (Cat 6 copper) to G0/22
Port Channel 1 38.69.x.x/28
Router BGP statements ref'd above.
ip route 38.69.x.x/28 Cogent ISP
ip route 45.x.x.x/20 38.69.x.y/28 --> Without this traffic to uBR and from Customer segment stops. No routing protocol between internal devices.
ip route 38.12.x.x/21 38.69.x.y/28 -->See statement above
ip route 10.x.x.x/21 38.69.x.y/28 --> See statement above
2960 (no vlan 1, vlan 38 - 38.69.x.z/28. IP Default gateway Port-channel 1 on 7206 IP)
G0/1-4 -->Port Channel 3 to Windows server.(Web, email, etc)
G0/21-22 -->Port Channel 1 to 7206
G0/23-24 --> Port Channel 2 to uBR10K (MM Fiber)
uBR10K
G1/2/0-1 --> Port Channel 2 to 2960 38.69.x.y/28
Bundle 1
10.x.x.x CM
45.X.X.X/20 CPE
38.X.X.X CPE
static route 0 0 38.69.x.x/28 (Port channel 1 on router)
What am I missing?
These are not valid routing statements on a 7206.
ip route 38.69.x.x/28 Cogent ISP
ip route 45.x.x.x/20 38.69.x.y/28
So, if you have a downstream device to which you need to route all subnets (for example),
ip route 38.XX.XX.0/22 38.69.x.x
ip route 38.XX.YY.0/22 38.69.x.x
ip route 45.XX.XX.0/21 38.69.x.x
ip route 45.XX.YY.0/21 38.69.x.x
ip route 45.XX.XX.0/20 38.69.x.x
If you want to send just the routing information from the 7206 (ip route, prefix-list, all bgp, etc) to my EE inbox, I can give you exact information back and then generically comment what was done here.
ip route 38.69.x.x/28 Cogent ISP
ip route 45.x.x.x/20 38.69.x.y/28
So, if you have a downstream device to which you need to route all subnets (for example),
ip route 38.XX.XX.0/22 38.69.x.x
ip route 38.XX.YY.0/22 38.69.x.x
ip route 45.XX.XX.0/21 38.69.x.x
ip route 45.XX.YY.0/21 38.69.x.x
ip route 45.XX.XX.0/20 38.69.x.x
If you want to send just the routing information from the 7206 (ip route, prefix-list, all bgp, etc) to my EE inbox, I can give you exact information back and then generically comment what was done here.
The easiest way to load balance traffic is to use Weight attribute.
You have configuration details in Cisco article - Load Sharing When Multihomed to Two ISPs Through a Single Local Router
You have configuration details in Cisco article - Load Sharing When Multihomed to Two ISPs Through a Single Local Router
Question has a verified solution.
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
Join & Write a Comment Already a member? Login.
Featured Post
Want an exciting career in an emerging field? Earn your MS in Cybersecurity and get certified in ethical hacking or computer forensic investigation. WGU’s MSCSIA degree program was designed to meet the most recent U.S. Department of Homeland Security (DHS) and NSA guidelines.
Tackle projects and never again get stuck behind a technical roadblock.
Join Now
Have you checked any route views tables to see if one provider carries a longer path than the other?
Are you doing any traffic engineering?