is it possible to run also VRRP/HSRP with 2 BGP customer Edge Routers to 1 ISP-Router and be like Dual Homed then? Is there a documentation for that?
I mean 1 public IP shared with Failover by 2 Routers.
In Detail i would give a loopback the public IP and do OSPF between ISP and Customer(HSRP)
In order to run a redundancy gateway protocol on two edge routers with a single ISP router, you’d need some infrastructure between the edge routers and the ISP routers like a switch. It is possible, but this would introduce a new single point of failure and this is not desired especially on the edge of the network.
That would also mean that if your edge routers are performing NAT, you would require three public IP addresses, one for each router and one for the virtual IP. The IP of the ISP router would then need to be in the same subnet.
Now you could improve upon this by adding a second switch, but you would then have the problem of needing two connections to the ISP router which complicates things.
So even if you achieve additinoal redundancy with HSRP, in order to avoid single points of failure, you require two switches between the ISP and the edge routers. But, will an ISP give you two links? And will those links be layer 3 links with an IP address for each or layer 2 with the same default gateway for both?
Running OSPF between the HSRP pair and the ISP will not give you any advantages as there is only a single choice for routing here. It would be much more efficient to statically assign routing.
Ultimately, when dual homing etc, the best choice for redundancy is using BGP. It will allow for redundancy in both directions (for outgoing and incoming transmissions to and from the enterprise network) regardless of what kind of single/dual homed or multihomed design you have.
Wow, a great and detailed response. I see my Problem in understanding now.
So any of these are not recommended
So better redundancy with 2 own Routers and 1 Provider Router would be via having a link for each own router to the Provider Router and using AS Path for advertising the backup path via the standby router?
Yes, that’s it exactly. Ideally, if you want to improve redundancy at the edge and completely eliminate single points of failure, you are required to have two ISPs, one for each own router, and have your public addresses advertised via BGP via both ISPs, so if one fails, the other will be able to route traffic from the Internet that is destined to your internal servers.
Would it be possible to go over the configurations for a scenario in which my network is connected to two ISPS which are connected to two VSS 4500 Chassis? Comcast AS is 6233 along with local AS 6223 I’m also connected to Centurylink they have an AS of 6247 and a local AS of 6237. Is there a way to make this work over VRF? I’m having trouble with this because VSS is seens as one router but I have two AS numbers.
If I understood the configuration correctly, then the 4500 VSS devices are customer devices which connect to each individual ISP, correct? If this is the case, then the configuration that you are looking at is Single Multihomed:
Even though you are using two devices, they are still viewed as one. The limitation here is that the VSS as a whole cannot belong to two ASs. Each router can only be assigned to a single AS. So if these VSS configured switches must belong to both local ASs at the same time, it cannot be done. You will need two physically separate devices.
It is possible however, to connect the single devcie to multiple ASs. This configuration is detailed in this Cisco support community thread.
I have a current set tup which looks odd.
2 routers connecte to 2 seperate ISPs running HSRP. Here is my issue.
1.ISP 2 has a default route to ISP 1. Should it not be better to have ISP2 default route to ISP2 actual own gateway, thus keeping them both seperate?
2. would it not be better to place a floating static route on ISP2 pointing to ISP 1, so if BGP peer between ISP2 and the ISP provider goes down there is a new path???
Typical edge router scenarios with dual ISPs and dual internal edge routers should have outgoing traffic balanced between them. So if you’re running HSRP, and internal devices see the two routers as a single virtual router, you can one edge router be primary HSRP router for half of the VLANs while you have the other be primary for the other half. The result is that the traffic (directed to the default gateway) is shared equally.
Once you do that, then as you state in statement 1, it’s a good idea to have each edge router have their default route point to the ISP to which it is connected. This is similar to a Single Multihomed scenario as shown below:
Now all of the above has to do with outgoing traffic, or traffic that was initiated from the inside. For traffic that is initiated from the outside, such as when you want to access a web server on the Enterprise from the Internet at large, then that is where BGP comes in. In that case, you will have to use various BGP attributes to inform both ISPs of your internal IP addresses, and you can adjust these parameters in order to influence incoming traffic to take either the path of one ISP or another. More information on how you can do this both technically and in cooperation with your ISPs can be found at this post:
I am preparing for CCNP, can someone please tell me how can I manipulate my BGP traffic to go out from specific ISP and how can get get traffic from some other ISP.
Please provide all possible ways
There are two issues involved here. The first has to do with outgoing traffic. If your network is connected to multiple ISPs, then you have full control over which ISP will be used for outgoing traffic. This can be accomplished in several ways including IGP dynamic routing protocols such as OSPF or EIGRP, as well as gateway redundancy protocols such as HSRP. If you have BGP running on a portion of the edge of your network, you can accomplish this by adjusting BGP attributes to favour one ISP as well.
Now the technical details of how you can do this depends on the method you are using. If you are using a routing protocol, you can change the metrics to prefer one ISP over the other. If you’re using HSRP, you can change the active router to the one connecting to the ISP of your choice. You can also do equal or unequal load balancing. Here are some lessons that will help you in these configurations:
The other issue is incoming traffic, for traffic that is initiated from the outside, such as when you want to access a web server on the Enterprise from the Internet at large. This can only be achieved using BGP. You will have to use various BGP attributes to inform both ISPs of your internal IP addresses, and you can adjust these parameters in order to influence incoming traffic to take either the path of one ISP or another. More information on how you can do this both technically and in cooperation with your ISPs can be found at this post:
Thank you for response. you mentioned “f you have BGP running on a portion of the edge of your network, you can accomplish this by adjusting BGP attributes to favour one ISP as well.” My question is which attributes I can use and how can I use.
For outgoing traffic, you can use any of the BGP attributes to affect the path that is to be taken. Remember, for outgoing traffic you have complete control as to how to route it, whether you are using BGP, or an IGP. For routing traffic using BGP, you can find out more about the attributes here:
If you are using all Cisco equipment, one of the simplest ways to direct traffic is using the Weight attribute. You can find out more about it here:
But there are additional more complex methods which allow you to have more granularity and control. You will need to go over the relevant labs in order to understand those more fully.
For incoming traffic, the BGP attributes that can be used to influence routing are leaking more specific routes, MED, AS-PATH prepending and Community/Local pref agreement. You can find out more about each of these in Unit 3 of the BGP lessons.
What would be the benefit of using BGP in a Dual Multihomed design? \
Two enterprise routers peering with two different ISPs.
Receive only a default route from each ISPs.
Advertise some networks.
We will receive two default routes, one from ISP A and another from ISP B.
We can influence the outbound traffic flow by selecting a prefer ISP default route, if necessary. By default and without any route policy, only one default route will be installed into the RIB, right? Is there a way to load sharing between both ISPs?
The general benefits of a dual multihomed design include:
ISP redundancy - this means that if one of the ISP networks fail, you still have the second ISP to service your network. Such a setup will protect you against the rare albeit possible network-wide failures an ISP may encounter. If you have two or more links to the same ISP, both will be compromised in such a case.
Link redundancy - The “Dual” in Dual Multihomed refers to multiple links to each ISP. As shown in the lesson, such a scenario will provide redundancy in the event that a failure is limited to a particular link to the ISP.
As far as BGP routing goes, you have full control of all of the outgoing traffic. Depending on how your routing is configured on the edge of your network, you will receive two default routes, one via each ISP, but you can influence traffic however you like using BGP attributes.
By default, only the best path is advertised, and thus, there will be only one best path injected into your enterprise network. However, it is possible to configure BGP such that load sharing can be achieved. The following lesson describes this in detail:
Now all of the above has to do with outgoing traffic. What about incoming traffic? As administrators of enterprise networks, we must come to terms with the fact that although we can influence incoming traffic, we don’t have ultimate control over incoming traffic.
The BGP attributes that can be used to influence incoming traffic are leaking more specific routes, MED, AS-PATH prepending and Community/Local pref agreement. You can find out more about each of these in Unit 3 of the BGP lessons. The best thing to do for incoming traffic is talk to your ISPs and coordinate your BGP efforts in order to achieve what you need for your network.
I have 2 x ISPs which connected to my edge router R3 with BGP. My public subnet 126.96.36.199/24 is advertised to both ISPs. I’m currently receiving default route from both ISPs and partial internet routes. I have BGP neighbor setup and configured and I’m able to go to the internet from inside of my LAN.
I only have access to my R3 for modification and don’t have access to ISPs’ routers (attachment).
Here are my questions:
1. From inside network, for every outbound traffic to 188.8.131.52/16, I'd like it to go thru ISP #2 and return the same path. How do I set that up?
2. Right now, most of my internet traffic is going thru ISP #2 as well, very little go thru ISP #1, how do I setup my internet traffic to go thru ISP #1 except 184.108.40.206/16?
3. If when one of my 2 ISPs was down, I'd like to have all my outbound traffic (220.127.116.11/16 and other internet traffic) to go to the active ISP. How do I make sure that would happen automatically?
Remember that routing that occurs in each direction is an independent operation. This means that if you want a particular route to be taken by your traffic, you must adjust the routing parameters for each direction. Keep in mind that you have complete control for the BGP routing of all outgoing traffic, but, although you can influence it, you do not have ultimate control over incoming traffic. This control belongs to the ISPs. To cause traffic to 18.104.22.168/16 to go through ISP#2, you simply need to use one of the BGP attributes to do this. The easiest way is to use the weight attribute. For more info about this attribute, take a look at the following lesson:
For incoming traffic, take a look at the following post that will answer your question.
The answer here is similar. To direct all the rest of your outbound traffic out of the ISP you want, you can simply use the weight attribute once again.
Since you are already receiving default routes from both ISPs, if one of the ISPs goes down, traffic should automatically use the other ISP. However, the issue here is that BGP may take a while to converge (on the order of dozens of seconds, to several minutes). In order to speed up convergence, there are several features that can be used including BGP Next Hop Address Tracking, and Additional Paths. The first monitors next hop address changes in the routing table to speed up convergence, while the second allows the advertising of multiple paths for the same prefix. Note the second is not suitable for your topology, since it only works with iBGP.
It’s best to talk to your ISPs beforehand. If you attempt to influence their routing, they may see this as a “hostile” or at the very least a “rude” action on your part, and may be annoyed with you. If you approach them and let them know what you want to achieve, they should be willing to help you out.