Cisco dual BGP with Origin Value (Redundancy)
|
|
[Traffic flow]
Outbound traffic on CPE
All outbound traffic will go out thru both links. It is controlled by simple default route statement in this scenario. Outbound traffic won’t be divided in exact 50/50. Because traffic will route to the link per destination(default) based, but not per packet. Don’t worry, overall it make a balancing traffic. Most of ISPs are not supporting per packet option due to it is CPU intensive command(they said).
Inbound traffic on CPE
In this case we assumed that LAN side IP blocks are fully used(/24). We will announce both /24 IP blocks thru WAN1 and WAN 2 with Origin code on only one side of IP block. For example, 100.100.100.0/24 IP block will be tagged with Origin IGP, when it is announcing thru WAN1. Both IP blocks are learned thru ‘redistribute connected’ so, Origin value would be ‘incomplete’ until we manaully change it. Orign IGP is more prefer than incomplete, so 100.100.100.0/24 traffic will be preferred take WAN 1 insteads of WAN2.
Inbound traffic for 100.100.100.0/24 will take WAN 1 and inbound traffic 200.200.200.0/24 will take WAN 2. Failover will be taken place, if one of link is failed.
[CPE/Customer Cisco Router]
Current configuration:
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CPE
!
boot-start-marker
boot-end-marker
!
no aaa new-model
memory-size iomem 5
!
ip cef
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/1
ip address 10.20.1.2 255.255.255.252
serial restart-delay 0
!
interface Serial1/2
ip address 10.20.2.2 255.255.255.252
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
interface FastEthernet2/0
ip address 100.100.100.1 255.255.255.0 secondary
ip address 200.200.200.1 255.255.255.0
duplex auto
speed auto
!
router bgp 20 <———— Customer ASN
no synchronization
bgp log-neighbor-changes
redistribute connected
neighbor 10.20.1.1 remote-as 10 <———— BGP neighbor with GW1
neighbor 10.20.1.1 route-map traffic-1 out <———— route-map for traffic shape
neighbor 10.20.2.1 remote-as 10 <———— BGP neighbor with GW2
neighbor 10.20.2.1 route-map traffic-2 out <———— route-map for traffic shape
no auto-summary
!
ip http server
no ip http secure-server
ip forward-protocol nd
!
access-list 1 permit 100.100.100.0 0.0.0.255
access-list 2 permit 200.200.200.0 0.0.0.255
!
route-map traffic-1 permit 10
match ip address 1 <———— match with ACL 1 / permit 100.100.100.0/24
set origin igp <———— Change origin value to ‘IGP’
!
route-map traffic-1 permit 20
match ip address 2
!
route-map traffic-2 permit 10
match ip address 2 <———— match with ACL 2 / permit 200.200.200.0/24
set origin igp <———— Change origin value to ‘IGP’
!
route-map traffic-2 permit 20
match ip address 1
!
control-plane
!
line con 0
line aux 0
line vty 0 4
login
!
end
[GW1 / ISP Cisco Router]
Current configuration:
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname GW1
!
boot-start-marker
boot-end-marker
!
no aaa new-model
memory-size iomem 5
!
ip cef
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
ip address 10.20.1.1 255.255.255.252
serial restart-delay 0
!
interface Serial1/1
ip address 1.3.1.1 255.255.255.252
serial restart-delay 0
!
interface Serial1/2
ip address 1.4.1.1 255.255.255.252
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
router bgp 10 <———— ISP ASN
no synchronization
bgp log-neighbor-changes
redistribute connected
neighbor 1.3.1.2 remote-as 10
neighbor 1.4.1.2 remote-as 10
neighbor 10.20.1.2 remote-as 20 <————- BGP neighbor with CPE
neighbor 10.20.1.2 default-originate
no auto-summary
!
ip http server
no ip http secure-server
ip forward-protocol nd
!
control-plane
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
login
!
end[GW2 / ISP Cisco Router]
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname GW2
!
boot-start-marker
boot-end-marker
!
ip cef
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
ip address 10.20.2.1 255.255.255.252
serial restart-delay 0
!
interface Serial1/1
ip address 2.4.1.1 255.255.255.252
serial restart-delay 0
!
interface Serial1/2
ip address 2.3.1.1 255.255.255.252
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
router bgp 10 <———— ISP ASN
no synchronization
bgp log-neighbor-changes
redistribute connected
neighbor 2.3.1.2 remote-as 10
neighbor 2.4.1.2 remote-as 10
neighbor 10.20.2.2 remote-as 20 <————- BGP neighbor with CPE
neighbor 10.20.2.2 default-originate
no auto-summary
!
ip http server
no ip http secure-server
ip forward-protocol nd
!
control-plane
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
login
!
end
[Dynamips testing]
Download and test it yourself with below Dynamips configuration files.
Dynamips NET file
[Verifing output]
‘!’ means Origin IGP and ‘?’ means Origin incomplete.
Traffic destined to 100.100.100.x/24 is preferred to WAN1(GW1 and CPE) and traffic destined to 200.200.200.x/24 is preferred to WAN2(GW2 and CPE) by Origin value.
If you have any questions, feel free to send email us at [email protected]. If you are looking for professional grade service, you might want to try our "BGP experts service". What is "BGP Experts service"? Click "BGP Experts" from the top menu option. You will find out what the "BGP Experts" and what we are doing here for.
Recent Comments