I have some problems in my BGP multihomed lab with HSRP to the inside network
there are two ISPs with different AS of course. Router R1 is connected to one ISPA (AS 100) and Router R2 is connected to ISPB (AS 200). The routers have an IGBP Connecttion within AS 300. The ISPs advertise some prefixes and the own AS 300 advertise also one prefix (3.3.0.0/16)
In the inside network the routers are connected to one switch with Fa3 and to the ASA firewall and HSRP with specific priorities is working.
OUTSIDE Traffic is no problem due HSRP logic. But INSIDE traffic from the simulated internet is loadbalanced over the two routers. When the INSIDE Interface of one router goes down, then the connected network to the ASA will get lost and then the BGP backhole summary route come in place and the traffic will get lost.
To solve this I think backup static routes to the neighbor (R1/R2) router for the connected network will be the best?
Thanks Gregor
This is a very interesting question. Do you have a diagram you could share here? I’m a little unclear on how R1 and R2 are connected to the southbound switch and ASA and where the INSIDE and OUTSIDE interfaces lie. It’s can help to describe traffic as a Flow from A ==> B rather than say “OUTSIDE Traffic” for clarity.
A couple of observations:
At this stage I cannot see why a backdoor route is required as your entity only has one site; is it correct?
Have you considered not using BGP at all? You might achieve your goals using VRRP/HSRP northbound.
Do you need to load-balance. Simpler, more deterministic solutions are always easier to troubleshoot. Perhaps split 3.3.0.0/16 and advertise part of your prefix to each ISP.
Floating static routes are very powerful and useful but only if they help to simplify your overall solution. If they are a “band-aid” patch then there may be another architecture option available to you.