2-3-2. Cisco BGP with Multi-hop (load-balancing) on Ethernet using Maximum path

   April 9, 2008
BGP sample configuration 2-1-1

Cisco BGP with Multi-hop (load-balancing) on Ethernet using Maximum path

   
  • ISPs : 1
  • WAN links : 2
  • CPE : 1
  • GW : 1
  • Device : Cisco router with LAN ports.
  • WAN(LAN1) IP : 1.1.1.0/30 (mask 255.255.255.252)
  • WAN(LAN2) IP : 2.2.2.0/30 (mask 255.255.255.252)
  • WAN(LAN3) IP : 3.3.3.0/30 (mask 255.255.255.252)
  • Tunnel1 IP : 10.20.1.0/30 (mask 255.255.255.252)
  • Tunnel2 IP : 10.20.2.0/30 (mask 255.255.255.252)
  • Tunnel3 IP : 10.20.3.0/30 (mask 255.255.255.252)
  • Loopback 0 : 10.10.10.10/32 and 20.20.20.20/32
  • LAN / Ethernet IP : 200.1200.1.0/24 (mask 255.255.255.0)
    and 200.200.2.0/24 (mask 255.255.255.0)
  • Receiving Route : Default route + full route from ISP
  • Memory : Full route(recommend 512M), partial route
    (recommend 128-256M)
  • LAN : ISP (AS10) and Customer (AS20)

BGP sample configuration 2-1-1

[Argument]

Traffic load-sharing and failover with multi-hop eBGP configuration has been failed in market. Most ISP provides Ethernet based connection services in cost affective way. However, due to characteristic of the Ethernet technology architecture; router/BGP couldn’t find a link is being down. How? Long distance Ethernet service uses transport network in the middle of the path and if the link is down any reason, each end Ethernet segment wouldn’t detect the outage. BGP will keep on sending packet to the dead link. See below solution to cover the issue. In this example, we will use Maximum path command. 

Key idea: Maximum path command will make multiple paths and it will allow traffic load sharing.
BGP with Multi-hop (load-balancing) on Ethernet using GRE Tunnel
 

[Traffic flow]

Outbound traffic on CPE perspective
Both circuits will share outbound traffic. It wouldn’t be exact 50/50% of traffic due to traffic will be routed per destination, but not per packets. However, if you want to share links by packet, you can apply command "ip load-sharing" on participant interfaces.
Inbound traffic  on CPE perspective
Same concept as outbound traffic flow

[CPE/Customer Cisco Router]

version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CPE
!
no aaa new-model
memory-size iomem 5
!
ip cef
no ip domain lookup
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
interface FastEthernet0/0
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet1/0
 ip address 1.1.1.2 255.255.255.0
 load-interval 30
 duplex auto
 speed auto
!
interface FastEthernet2/0
 ip address 2.2.2.2 255.255.255.0
 load-interval 30
 duplex auto
 speed auto
!
interface FastEthernet3/0
 ip address 3.3.3.2 255.255.255.0
 load-interval 30
 duplex auto
 speed auto
!
interface FastEthernet5/0
 ip address 200.200.1.1 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet6/0
 ip address 200.200.2.1 255.255.255.0
 duplex auto
 speed auto
!
router bgp 20 <————– Customer BGP ASN
 no synchronization
 bgp log-neighbor-changes
 network 200.200.1.0
 network 200.200.2.0
 neighbor 1.1.1.1 remote-as 10 <——— BGP neighbor to ISP link1
 neighbor 1.1.1.1 timers 7 21 <———– BGP Keepalive 10 sec and hold time 30 sec
 neighbor 2.2.2.1 remote-as 10 <——— BGP neighbor to ISP link2
 neighbor 2.2.2.1 timers 7 21 <———– BGP Keepalive 10 sec and hold time 30 sec
 neighbor 3.3.3.1 remote-as 10 <——— BGP neighbor to ISP link3
 neighbor 3.3.3.1 timers 7 21 <———– BGP Keepalive 10 sec and hold time 30 sec
 maximum-paths 3 <————– It allows maximum 3 best paths
 no auto-summary
!
ip forward-protocol nd
!
ip prefix-list 200 seq 5 permit 200.200.0.0/16 le 32
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
line vty 0 4
 privilege level 15
 password cisco
 login
!
end    

[GW / ISP Cisco Router]

version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname GW
!
ip cef
no ip domain lookup
!
interface FastEthernet0/0
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet1/0
 description To SW1 F1/1
 ip address 1.1.1.1 255.255.255.0
 load-interval 30
 duplex auto
 speed auto
!
interface FastEthernet2/0
 description To SW2 F1/2
 ip address 2.2.2.1 255.255.255.0
 load-interval 30
 duplex auto
 speed auto
!
interface FastEthernet3/0
 ip address 3.3.3.1 255.255.255.0
 load-interval 30
 duplex auto
 speed auto
!
interface Serial6/0
 no ip address
 serial restart-delay 0
!
interface Serial6/1
 ip address 10.1.1.1 255.255.255.252
 serial restart-delay 0
!
interface Serial6/2
 ip address 10.1.2.1 255.255.255.252
 serial restart-delay 0
!
interface Serial6/3
 ip address 10.1.3.1 255.255.255.252
 serial restart-delay 0
!
router bgp 10 <————– Customer BGP ASN
 no synchronization
 bgp log-neighbor-changes
 neighbor 1.1.1.2 remote-as 20 <——— BGP neighbor to Customer link1
 neighbor 1.1.1.2 timers 7 21 <———– BGP Keepalive 10 sec and hold time 30 sec
 neighbor 2.2.2.2 remote-as 20 <——— BGP neighbor to Customer link1
 neighbor 2.2.2.2 timers 7 21 <———– BGP Keepalive 10 sec and hold time 30 sec
 neighbor 3.3.3.2 remote-as 20 <——— BGP neighbor to Customer link1
 neighbor 3.3.3.2 timers 7 21 <———– BGP Keepalive 10 sec and hold time 30 sec
 neighbor 10.1.1.2 remote-as 10 <——– iBGP neighbor to core router
 neighbor 10.1.2.2 remote-as 10 <——– iBGP neighbor to core router
 neighbor 10.1.3.2 remote-as 10 <——– iBGP neighbor to core router
 maximum-paths 3 <————– It allows maximum 3 best paths
 no auto-summary
!
ip forward-protocol nd
!
ip prefix-list 100 seq 5 permit 100.100.100.0/24 le 32
ip prefix-list 100 seq 10 permit 10.0.0.0/8 le 32
!
control-plane
!
alias exec r copy tftp://10.10.10.1/cpe1 system:running-config
alias exec s copy system:running-config tftp://10.10.10.1/cpe1
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
line vty 0 4
 privilege level 15
 password cisco
 login
!
end

[Dynamips testing]

Download and test it yourself with below Dynamips configuration files.

  Dynamips NET file
  Router configuration files

 

** VLAN 10, 20 and 30 needed to be created on SW1 and SW2 in order to bring Tunnel links between GW and CPE.

[Verifing output]

Currently, sending massive packets from PC1 to XR1, from PC2 to XR3, from XR1 to PC1, from XR2 to PC2 and from XR3 to PC1.

Checking BGP table for 200.200.1.x network on GW ISP router.  It is learning thru each eBGP links, and the route is on multipath.

output_BGP2-3-1-1.png

When one of Ethernet link is failed, traffic will go thru other links(failover) and also, traffic will be load-shared with other alive paths.

topology_BGP2-3-1-fail.png

See below picture. GW router didn’t know middle of Ethernet path is failed, so link is still up/up. However BGP 1.1.1.2 session 1 is down at this time. Routing table is shown only two paths to get 200.200.1.2 since Ethernet 1 path was failed. No traffic is passing on FastEthernet 1/0 link which is shown up/up.

output_BGP2-3-1-2.png

 If you have any questions, feel free to send email us at [email protected]. If you are looking for professional grade service, you might want to try our "BGP experts service". What is "BGP Experts service"? Click "BGP Experts" from the top menu option. You will find out what the "BGP Experts" and what we are doing here for.

Author: admin