If I understood the configuration correctly, then the 4500 VSS devices are customer devices which connect to each individual ISP, correct? If this is the case, then the configuration that you are looking at is Single Multihomed:
Even though you are using two devices, they are still viewed as one. The limitation here is that the VSS as a whole cannot belong to two ASs. Each router can only be assigned to a single AS. So if these VSS configured switches must belong to both local ASs at the same time, it cannot be done. You will need two physically separate devices.
It is possible however, to connect the single devcie to multiple ASs. This configuration is detailed in this Cisco support community thread.
I have a current set tup which looks odd.
2 routers connecte to 2 seperate ISPs running HSRP. Here is my issue.
1.ISP 2 has a default route to ISP 1. Should it not be better to have ISP2 default route to ISP2 actual own gateway, thus keeping them both seperate?
2. would it not be better to place a floating static route on ISP2 pointing to ISP 1, so if BGP peer between ISP2 and the ISP provider goes down there is a new path???
Typical edge router scenarios with dual ISPs and dual internal edge routers should have outgoing traffic balanced between them. So if you’re running HSRP, and internal devices see the two routers as a single virtual router, you can one edge router be primary HSRP router for half of the VLANs while you have the other be primary for the other half. The result is that the traffic (directed to the default gateway) is shared equally.
Once you do that, then as you state in statement 1, it’s a good idea to have each edge router have their default route point to the ISP to which it is connected. This is similar to a Single Multihomed scenario as shown below:
Now all of the above has to do with outgoing traffic, or traffic that was initiated from the inside. For traffic that is initiated from the outside, such as when you want to access a web server on the Enterprise from the Internet at large, then that is where BGP comes in. In that case, you will have to use various BGP attributes to inform both ISPs of your internal IP addresses, and you can adjust these parameters in order to influence incoming traffic to take either the path of one ISP or another. More information on how you can do this both technically and in cooperation with your ISPs can be found at this post:
I am preparing for CCNP, can someone please tell me how can I manipulate my BGP traffic to go out from specific ISP and how can get get traffic from some other ISP.
Please provide all possible ways
There are two issues involved here. The first has to do with outgoing traffic. If your network is connected to multiple ISPs, then you have full control over which ISP will be used for outgoing traffic. This can be accomplished in several ways including IGP dynamic routing protocols such as OSPF or EIGRP, as well as gateway redundancy protocols such as HSRP. If you have BGP running on a portion of the edge of your network, you can accomplish this by adjusting BGP attributes to favour one ISP as well.
Now the technical details of how you can do this depends on the method you are using. If you are using a routing protocol, you can change the metrics to prefer one ISP over the other. If you’re using HSRP, you can change the active router to the one connecting to the ISP of your choice. You can also do equal or unequal load balancing. Here are some lessons that will help you in these configurations:
The other issue is incoming traffic, for traffic that is initiated from the outside, such as when you want to access a web server on the Enterprise from the Internet at large. This can only be achieved using BGP. You will have to use various BGP attributes to inform both ISPs of your internal IP addresses, and you can adjust these parameters in order to influence incoming traffic to take either the path of one ISP or another. More information on how you can do this both technically and in cooperation with your ISPs can be found at this post:
Thank you for response. you mentioned “f you have BGP running on a portion of the edge of your network, you can accomplish this by adjusting BGP attributes to favour one ISP as well.” My question is which attributes I can use and how can I use.
For outgoing traffic, you can use any of the BGP attributes to affect the path that is to be taken. Remember, for outgoing traffic you have complete control as to how to route it, whether you are using BGP, or an IGP. For routing traffic using BGP, you can find out more about the attributes here:
If you are using all Cisco equipment, one of the simplest ways to direct traffic is using the Weight attribute. You can find out more about it here:
But there are additional more complex methods which allow you to have more granularity and control. You will need to go over the relevant labs in order to understand those more fully.
For incoming traffic, the BGP attributes that can be used to influence routing are leaking more specific routes, MED, AS-PATH prepending and Community/Local pref agreement. You can find out more about each of these in Unit 3 of the BGP lessons.
What would be the benefit of using BGP in a Dual Multihomed design? \
Two enterprise routers peering with two different ISPs.
Receive only a default route from each ISPs.
Advertise some networks.
We will receive two default routes, one from ISP A and another from ISP B.
We can influence the outbound traffic flow by selecting a prefer ISP default route, if necessary. By default and without any route policy, only one default route will be installed into the RIB, right? Is there a way to load sharing between both ISPs?
The general benefits of a dual multihomed design include:
ISP redundancy - this means that if one of the ISP networks fail, you still have the second ISP to service your network. Such a setup will protect you against the rare albeit possible network-wide failures an ISP may encounter. If you have two or more links to the same ISP, both will be compromised in such a case.
Link redundancy - The “Dual” in Dual Multihomed refers to multiple links to each ISP. As shown in the lesson, such a scenario will provide redundancy in the event that a failure is limited to a particular link to the ISP.
As far as BGP routing goes, you have full control of all of the outgoing traffic. Depending on how your routing is configured on the edge of your network, you will receive two default routes, one via each ISP, but you can influence traffic however you like using BGP attributes.
By default, only the best path is advertised, and thus, there will be only one best path injected into your enterprise network. However, it is possible to configure BGP such that load sharing can be achieved. The following lesson describes this in detail:
Now all of the above has to do with outgoing traffic. What about incoming traffic? As administrators of enterprise networks, we must come to terms with the fact that although we can influence incoming traffic, we don’t have ultimate control over incoming traffic.
The BGP attributes that can be used to influence incoming traffic are leaking more specific routes, MED, AS-PATH prepending and Community/Local pref agreement. You can find out more about each of these in Unit 3 of the BGP lessons. The best thing to do for incoming traffic is talk to your ISPs and coordinate your BGP efforts in order to achieve what you need for your network.
I have 2 x ISPs which connected to my edge router R3 with BGP. My public subnet 22.214.171.124/24 is advertised to both ISPs. I’m currently receiving default route from both ISPs and partial internet routes. I have BGP neighbor setup and configured and I’m able to go to the internet from inside of my LAN.
I only have access to my R3 for modification and don’t have access to ISPs’ routers (attachment).
Here are my questions:
1. From inside network, for every outbound traffic to 126.96.36.199/16, I'd like it to go thru ISP #2 and return the same path. How do I set that up?
2. Right now, most of my internet traffic is going thru ISP #2 as well, very little go thru ISP #1, how do I setup my internet traffic to go thru ISP #1 except 188.8.131.52/16?
3. If when one of my 2 ISPs was down, I'd like to have all my outbound traffic (184.108.40.206/16 and other internet traffic) to go to the active ISP. How do I make sure that would happen automatically?
Remember that routing that occurs in each direction is an independent operation. This means that if you want a particular route to be taken by your traffic, you must adjust the routing parameters for each direction. Keep in mind that you have complete control for the BGP routing of all outgoing traffic, but, although you can influence it, you do not have ultimate control over incoming traffic. This control belongs to the ISPs. To cause traffic to 220.127.116.11/16 to go through ISP#2, you simply need to use one of the BGP attributes to do this. The easiest way is to use the weight attribute. For more info about this attribute, take a look at the following lesson:
For incoming traffic, take a look at the following post that will answer your question.
The answer here is similar. To direct all the rest of your outbound traffic out of the ISP you want, you can simply use the weight attribute once again.
Since you are already receiving default routes from both ISPs, if one of the ISPs goes down, traffic should automatically use the other ISP. However, the issue here is that BGP may take a while to converge (on the order of dozens of seconds, to several minutes). In order to speed up convergence, there are several features that can be used including BGP Next Hop Address Tracking, and Additional Paths. The first monitors next hop address changes in the routing table to speed up convergence, while the second allows the advertising of multiple paths for the same prefix. Note the second is not suitable for your topology, since it only works with iBGP.
It’s best to talk to your ISPs beforehand. If you attempt to influence their routing, they may see this as a “hostile” or at the very least a “rude” action on your part, and may be annoyed with you. If you approach them and let them know what you want to achieve, they should be willing to help you out.
In the Dual ISP scenario, I assume that the customer would always need to use his own public ASN to advertise his public IP range to both ISPs?
Or would it be possible for the customer to use a private ASN?
If a customer has their own public ASN (which in general has strict requirements, and is generally difficult and costly to obtain) then yes, they can use that ASN to advertise their public IP addresses. However, it can also be done using a private ASN.
Private ASN numbers for advertised prefixes can be removed and replaced with the ASN of the ISP when advertised into the Internet. More about this can be found at the following lesson:
Thanks Lagapides, I was able to follow your suggestion and setup in my lab. Weight and AS-path prepend work fine. Sorry, It took me few days to setup the lab and get back to you.
I just realized that I forgot to mention earlier. If we have a second edge router and iBGP is configured between these edge router R3 and R4. The R4 is also connected to ISP #2 and ISP #1. With this case, I can’t really use weight?!! Please see attachment.
From inside network, for every outbound traffic to 18.104.22.168/16 that hits R3, I still want it to go thru ISP #2 and return the same path. The rest of outbound internet traffic that hits R3, I’d like it to go to ISP #1. How do we accomplish this? Local pref, MED and as-path prepend?
Since we have R4 now, I’d like to set it as a backup of R3. When those 2 x eBGP links of R3 failed, the traffic would flow to R4 and the R4 would act the same that every outbound traffic to 22.214.171.124/16 would go to ISP #2. And the rest of out bound internet traffic that will go to ISP #1. How do I do it? Thanks.