Single/Dual Homed and Multi-homed Designs

HI,
2 upstream is connected to my single cisco ASR router
I am receiving default route from all up stream
I have /21 prefix
Here incoming traffics are ok as i configured /21 is devided by /22 /22
Now i want to send packet /22 to upstream 1 and other /22 for upstream 2
If any one upstream down then all are go to other live upstream and viseversa.
What BGP Attributes will i use here?
Please help.

Hello Habibur

You have two /22 networks, network A and network B. And you have an ASR that is connected to two different upstream connections, possibly via two different ISPs. So this is a Dual Homed or Single Multihomed situation depending on if you have one or two ISPs.

In both cases, you have incoming traffic being routed correctly, and under normal circumstances, you want network A to go via one uplink and network B to go via the other. And if one of the two fails, for all traffic to go via the active link.

In order to achieve this, you can use various BGP features such as next hop tracking as well as additional paths. You can find out more about these at the following lessons:

I hope this has been helpful!

Laz

Dear Sir,

1. I have 2 ISP those are giving default route and same time another connection which is giving me bgp route
   (all route not default route) All are connected are deferent sources to my Cisco router

2. I have 2 deferent IP block (like xxx.xxx.x10.0/24 and xxx.xxx.x.14.0/24)

IP block xxx.xxx.x10.0/24 for ISP-1 and xxx.xxx.x.14.0/24 for ISP-2. if ISP-1 is down then ISP-2 is working well and vice versa.

3. But when all BGP connections are properly working then all uploads are going through ISP-1 ,
   but I need IP block xxx.xxx.x10.0/24 for ISP-1 upload/download and
   xxx.xxx.x.14.0/24 upload/download for ISP-2 and another BGP (where not default route) should be upload/download ok.

Please help me to give the solution.

Hello habibkst77

If I have understood correctly, It looks like what you’re trying to do is some load balancing using BGP. You have two ISPs both of which use a default route, but under normal circumstances, all of your traffic is going through ISP1. But you want half your network to use one ISP, and the other half to use the other ISP. I’m not sure where the third “not default route” connection comes in.

In any case, some very helpful lessons that can give you insight on how to configure something like this, include the single/dual-homed and multi-homed designs described in this lesson:

I hope this has been helpful!

Laz

I think this is a simple question but I’ve worked through all the BGP lessons and can’t seem to find a clear answer.

I have a router running BGP that has two ISP’s (A and B) as neighbors.

We want all of our incoming traffic to go through ISP A, but if ISP A goes down, ONLY THEN use ISP B.

So my first thought is to use AS prepending on the routes we advertise to ISP B, I added our own AS 5 times, and it seemed like everywhere would prefer to use ISP A as the best/preferred route.

However, this didn’t work as I intended as when I checked ISP B’s looking glass, they were using the direct route prepended with our AS.

So my question is how do I set up the scenario where I want all incoming traffic to flow through the neighbor corresponding to ISP A unless ISP A is down?

Hello Arjun

The rule of thumb is that you have ultimate control of the routing of outgoing traffic, but your ISPs have ultimate control of the routing of incoming traffic. Take a look at this post:

Remember that your ISPs are able to change any prepending or other attributes that you use to try to influence incoming traffic, so the best thing to do is talk to both ISPs, let them know what you want to achieve, and they can help you to achieve it.

I hope this has been helpful!

Laz

Well, that makes sense but I’m after something a little different. What I want is something like a true failover, meaning that we don’t advertise any routes to ISP A unless ISP B is down. And when ISP B comes back up, we stop advertising to ISP A and start advertising to ISP B. Is that possible?

Hello Arjun

Yes, it would be possible to advertise networks to ISP A and when ISP A fails, you can advertise them via ISP B. You can achieve this using route maps and various BGP filtering techniques. However this would not be considered best practice.

Remember that BGP, unlike IGPs, takes very long to converge. So if you were to apply such a configuration, if ISPA fails, it could take several minutes or longer before your BGP routes are successfully propagated via ISP B to the internet at large. Depending on many factors it may even take hours. This is especially the case because you are using two different ISPs. If both links were from the same ISP, then a faster convergence could be achieved, but it would still be on the order of several minutes.

A true failover requires that both potential paths are already informed of all the routing information necessary so that time-consuming reconvergence and recalculation of paths is not necessary. This ensures that in the event of a failure, the backup path will operate almost instantaneously, ensuring that users have little or no disruption to users’ connections.

I hope this has been helpful!

Laz

Hi everyone.
I’ll be really appreciate with someone could help me whit this questions.

I have 2 n9k already physically connected with a vpc peerlink and one keepalive link.
This two switches have a Single Dual Homed connection with one ISP (two routers).

What should I do to avoid a lack of connectivity if one of these nexus being unavailable? Because each of those links have a /30 range with the ISP.

How could I set up a convergence between the two ISP routers if one of those ISP links failure?

Today, my L3 is the firewall behind my 2 nexus. I have others ASs on my WAN and my next step would be connect these 2x n9k whit that.

Which kind of situation should I do carefully to avoid problems or L3 looping? I already checked up if the /28 range which this ISP gave me is not being connected through another AS even if this ASN is not used on my WAN.

Thanks in advance.
Take care.

Hello William

Even though you’re using vPC between the nexus devices, you’re still using different /30 subnets to connect to the two ISP routers, as you mention in your post. If one of your Nexus devices goes down, the ISPs must have a BGP configuration that will allow them to quickly detect the failure and reroute traffic to the other nexus device. This can be done using various BGP features such as multipath load sharing, BGP additional paths, and BGP next-hop tracking.

In order to get this working, you will have to come in contact with your ISP and let them know what you want to achieve. They can suggest to you the best way to do this, that corresponds with their own policies as well, as each ISP has different ways in which they choose to achieve these types of redundancies.

I hope this has been helpful!

Laz

Hi,
Is it possible to get configyration samples (BGP)
Multihome
Thanks

Hello Sims

Any topology where you have eBGP running between two different AS where you have more than one link between them is a topology that can belong to one or more of the scenarios in this lesson. You can find such configurations and setups in the following lessons:

All of these scenarios and many more in the BGP lessons can be applied in single or dual-homed and multi-homed designs. You can also find many more such labs at the BGP section of the GNS3vault site:

I hope this has been helpful!

Laz

Hello Team ,

Can you point me to some topic or discussions here where i can learn how a routing protocol like ospf ,eigrp is used between customer end router & ISP i.e. in short used cases .

Regards

Hello Mohammed

Typically, IGPs such as OSPF and EIGRP are used for routing internally within an enterprise network. This of course can include the network all the way to its edge. However, typically, you won’t find that enterprise networks share network information with the ISP via OSPF or EIGRP. This is usually done using BGP.

At the enterprise edge, you usually have one of two things:

1. A default route that is propagated to the rest of the enterprise network using the IGP of choice internally so that hosts can know where to send data that is going outside of the enterprise.
2. BGP may be used at the edge of the network if an enterprise has public addresses that it wishes to share with the rest of the Internet.

For OSPF or EIGRP configuration, either at the network edge or otherwise, take a look at these Cisco design guides:

Or take a look at the EIGRP and OSPF courses on the NetworkLessons site.

I hope this has been helpful!

Laz

Hello,

I have a straight forward question I think that I am having issues answering myself. After reading about all the options for BGP being single and dual homed, I keep asking myself what is the benefit of BGP over OSPF/EIGRP when it comes to backup paths and equal cost load balancing. The confusion got worse after reading this section:

“Your IGP will send all traffic down the primary link and nothing down the backup link unless there is a failure. You could advertise a default route with the same metric but you’d still have something like a 50/50% load share.”

If I have two customer edge routers connected to two different ASN ISP routers and have two default routes with different metrics being used I have effectively created a backup route from my understanding. If I make both default routes out to the ISP’s the same I am creating roughly 50/50 load share. So why would I want to implement BGP in these different configurations when I can create a backup path or load sharing with OSPF/EIGRP?

Thank you,
Alan

Hello Alan

In the Introduction to BGP lesson, from where you got that quote, Rene is expressing one of the benefits of BGP over IGPs, which is load sharing and load balancing.

You are correct that you can achieve similar load-sharing results with OSPF at equal-cost load sharing if the metrics are the same, or even unequal cost load sharing using EIGRP. The benefits that BGP offers in load sharing seem to be few compared to IGPs. But BGP unequal cost load balancing can be configured with a high level of granularity compared to most IGPs.

Now having said that, the most important advantage here is not so much the load balancing capabilities of BGP in general, but the fact that you can achieve load balancing on incoming traffic as well!

BGP at the edge of your network will advertise any public IP address spaces that your enterprise may own. These will be advertised with particular BGP attributes that affect the way those addresses are reached. If you have multiple connections to multiple ISPs, you can advertise them in a way that allows traffic to come in, in a balanced manner taking advantage of all available bandwidth.

With the various Single/Dual homed and multi-homed designs, you can achieve both redundancy and load balancing for both outgoing and incoming traffic.

I hope this has been helpful!

Laz

Laz,

As always thanks for the quick and straight answer.

Alan

reddit1500×726 85 KB

** apologies made a few typos in both my explanation and my diagram
Here’s a scenario I have.

R4 is the hosted primary for 10.10.10.0/30 network and advertises to its peers with 1x prepend , R3 is hosted primary 10.10.10.4 /30 and advertises to its peers with 1x prepend

R4 also advertises 10.10.10.4 /30 with 2x prepends whereas R3 also 10.10.10.0/30 with 2x prepends

Hypothetically speaking customer has a primary site and a secondary site which looks at the two gateways as active-active ,so each router has redundant paths to R3 and R4.

R2 is customer primary which uses 10.10.10.0/30 for production and has redundant path to the secondary site which is advertising 10.10.10.4/30

Both R3 and R4 advertise the same network ; 1.1.1.0/24

R1 prepends 1.1.1.0 1x to its neighbors and R2 prepends 1.1.1.0 2x to its neighbors…

SO far so good, but my question comes about asymmetric routing, how do I ensure that when R1 talks to R4, R4 can route back to R1 while R2 is still up … Because of the prepends it’s using the connection to R2 as it’s next hop ( shortest as-path to 1.11.0) and not R1. So in the event that a connection from R1 uses the path to R4 to get to 10.10.10.0/30 ( because the connection to R3 is down for a whatever reason) I’m thinking PBR would ensure R4 will prefer the path back to R1… but is there way to do this with BGP instead?

I also tried using a BGP community and using local preference to influence outbound routing for return traffic , but then it chose that as best route for all traffic.

I’m prepending for inbound and customer routers are prepending for their inbound as well. So even though they’re favoring one site over the other with prepends and because the “redundant” site still advertises the same route as the primary site, I need a way to have that traffic identified and routed back through the path it came from. This is my conundrum.

Hello Nicolas

First of all, I just wanted to ask about this statement:

I assume you mean the opposite since in the diagram R2 is the primary and prepends 1 time while R1 prepends twice. Correct?

A second issue I wanted to ask about is the ASes that are being used. I see AS 7723 which I assume is the AS for R3 and R4. Are R1 and R2 in a separate AS together? That information is not clear from the diagram.

Now having said all of that, I’m trying to understand why you chose to use the AS_PATH attribute to choose a path. Since you are using eBGP between two ASes, it may be more beneficial, and simpler to use local preference.

So in order for us to help you further, can you please clarify your ASes, and let us know the reason why you are using path pretending as a method of choosing the best path? In the meantime, take a look at the local preference lesson to see if that will more suitably fulfill your requirements.

I hope this has been helpful!

Laz

Hello Lazaros,

Yes , I obviously made a few typos. Let me reiterate here:

• R1 and R2 are two separate company datacenters but using the same AS , 7734 as an example
• R2 = Primary, R1 = Secondary & they advertise the same natted prefixes to each of their bgp peer; 1.1.1.0/24
• R3 and R4 also have the same AS , 7735 for example
• R3 and R4 are two entry points to a backend application hosted in 10.10.10.0/30 and let’s say the backend application is hosted out of R4, it’s DR environment is in R3. So the reason why I’m advertising the same networks out of R4 and R3 respectively is so that you can reach the backend application from either COLO via some interwan connectivity on the backend ( I probably should of put this in the diagram)

10.10.10.0/30 = PROD
10.10.10.4/30 = DR

The reason why I’m using Path prepending is so that by default the traffic is always favored to
talk back to R2 , which is the primary site for AS 7734. In real world scenario, the customer could technically manipulate return traffic depending on what’s going on his network and not have to rely on the company it’s connected too adjust their attributes. In my opinion it is better for them to have the control this since the flows of the application are typically inbound from AS 7734 → AS 7735

My concern here is that an application behind R1 tries to talk to production on R4 while R2 is up and since return traffic is favored towards R2 with path prepending, the flow becomes asymmetric. So is there a way in BGP to to ensure that the return traffic is always egressed out of the ingress interface it received it from ( irrespective of the path attribute that the peer is configured for) Something similar to configuring ECMP with symmetric return that Palo Alto offers in their virtual routers? This applies only for a scenario where the source IP header of the packet is the natted IP 1.1.1.0 … again, if we had different subnets being advertised from both R1 and R2 we would be okay but because they are the same , it’s a little more complicated.