Cisco dual BGP with Community string (Redundancy)
|
|
[Traffic flow]
Outbound traffic on CPE
Both links are receiving default route thru BGP, but on Shadow link CPE put local-pref 80 to make less prefer. So outbound traffic will go out to ISP_"A" link all the time.
All traffic inbound traffic will be routed thru ISP_"A" link, b/c of sending community with AS-path prepending 3 times when it is announced to Internet. See below sample and testing output.
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CPE
!
ip cef
no ip domain lookup
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/1
ip address 10.20.1.1 255.255.255.252
serial restart-delay 0
!
interface Serial1/2
ip address 10.30.1.1 255.255.255.252
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
interface FastEthernet2/0
ip address 100.100.100.1 255.255.255.0
duplex auto
speed auto
!
router bgp 10
no synchronization
bgp log-neighbor-changes
network 100.100.100.0 mask 255.255.255.0
redistribute connected
neighbor 10.20.1.2 remote-as 20 <—————— BGP neighbor to ISP_"A"
neighbor 10.20.1.2 send-community <————– Must configure to send community string
neighbor 10.20.1.2 prefix-list to-ISP out <——— Allow only IP block need to be advertised to IS
neighbor 10.30.1.2 remote-as 30 <—————— BGP neighbor to ISP_"B"
neighbor 10.30.1.2 send-community <————– Must configure to send community string
neighbor 10.30.1.2 prefix-list to-ISP out <——— Allow only IP block need to be advertised to IS
neighbor 10.30.1.2 route-map shadow-in in <——— To control outbound traffic
neighbor 10.30.1.2 route-map shadow-out out <—- To control inbound traffic
no auto-summary
!
ip http server
no ip http secure-server
ip forward-protocol nd
!
ip bgp-community new-format <————– For new BGP community format
!
ip prefix-list to-ISP seq 5 permit 100.100.100.0/24
!
route-map shadow-in permit 10
set local-preference 80
!
route-map shadow-out permit 10
set community 30:3
!
control-plane
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
login
!
end
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ISP_A
!
ip cef
no ip domain lookup
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
ip address 10.20.1.2 255.255.255.252
serial restart-delay 0
!
interface Serial1/1
ip address 20.20.1.1 255.255.255.252
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
router bgp 20
no synchronization
bgp log-neighbor-changes
redistribute connected
neighbor 10.20.1.1 remote-as 10 <—————— BGP neighbor to Customer
neighbor 10.20.1.1 default-originate <————– Sending default route thru BGP
neighbor 10.20.1.1 route-map customer-in in <——- Applying BGP policy for incoming traffic
neighbor 10.20.1.1 route-map no-routes out <——- No BGP routes will be sent to Customer
neighbor 20.20.1.2 remote-as 20
no auto-summary
!
ip http server
no ip http secure-server
ip forward-protocol nd
!
ip bgp-community new-format <————– For new BGP community format
ip community-list 1 permit 20:1
ip community-list 2 permit 20:2
ip community-list 3 permit 20:3
ip community-list 4 permit 20:80
ip community-list 5 permit 20:120
!
route-map no-routes deny 10
!
route-map customer-in permit 10
match community 1
set as-path prepend 20
!
route-map customer-in permit 20
match community 2
set as-path prepend 20 20
!
route-map customer-in permit 30
match community 3
set as-path prepend 20 20 30
!
route-map customer-in permit 40
match community 4
set local-preference 80
!
route-map customer-in permit 50
match community 5
set local-preference 120 <—————- Tagging local-pref 120 to route
!
route-map customer-in permit 60
!
control-plane
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
login
!
end
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ISP_B
!
ip cef
no ip domain lookup
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
ip address 10.30.1.2 255.255.255.252
serial restart-delay 0
!
interface Serial1/1
ip address 30.30.1.1 255.255.255.252
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
router bgp 30
no synchronization
bgp log-neighbor-changes
redistribute connected
neighbor 10.30.1.1 remote-as 10 <—————— BGP neighbor to Customer
neighbor 10.30.1.1 default-originate <————– Sending default route thru BGP
neighbor 10.30.1.1 route-map customer-in in <——- Applying BGP policy for incoming traffic
neighbor 10.30.1.1 route-map no-routes out <——- No BGP routes will be sent to Customer
neighbor 30.30.1.2 remote-as 30
no auto-summary
!
ip http server
no ip http secure-server
ip forward-protocol nd
!
ip bgp-community new-format <————– For new BGP community format
ip community-list 1 permit 30:1
ip community-list 2 permit 30:2
ip community-list 3 permit 30:3
ip community-list 4 permit 30:80
ip community-list 5 permit 30:120
!
route-map no-routes deny 10
!
route-map customer-in permit 10
match community 1
set as-path prepend 30
!
route-map customer-in permit 20
match community 2
set as-path prepend 30 30
!
route-map customer-in permit 30
match community 3
set as-path prepend 30 30 30
!
route-map customer-in permit 40
match community 4
set local-preference 80
!
route-map customer-in permit 50
match community 5
set local-preference 120 <—————- Tagging local-pref 120 to route
!
route-map customer-in permit 60
!
control-plane
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
login
!
end
[Verifing output]
CPE#sh ip bgp 0.0.0.0
BGP routing table entry for 0.0.0.0/0, version 2
Paths: (2 available, best #1, table Default-IP-Routing-Table)
Not advertised to any peer
20
10.20.1.2 from 10.20.1.2 (20.20.1.1)
Origin IGP, metric 0, localpref 100, valid, external, best
30
10.30.1.2 from 10.30.1.2 (30.30.1.1)
Origin IGP, metric 0, localpref 80, valid, external
CPE#
ISP_A#sh ip bgp nei 10.20.1.1 ro
BGP table version is 22, local router ID is 20.20.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
r RIB-failure, S Stale
Origin codes: i – IGP, e – EGP, ? – incompleteNetwork Next Hop Metric LocPrf Weight Path
*> 100.100.100.0/24 10.20.1.1 0 0 10 iTotal number of prefixes 1
ISP_A#sh ip bgp 100.100.100.0
BGP routing table entry for 100.100.100.0/24, version 22
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Advertised to update-groups:
1
10
10.20.1.1 from 10.20.1.1 (100.100.100.1)
Origin IGP, metric 0, localpref 100, valid, external, best
ISP_A#ISP_B#sh ip bgp nei 10.30.1.1 ro
BGP table version is 22, local router ID is 30.30.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
r RIB-failure, S Stale
Origin codes: i – IGP, e – EGP, ? – incompleteNetwork Next Hop Metric LocPrf Weight Path
* 100.100.100.0/24 10.30.1.1 0 0 30 30 30 10 iTotal number of prefixes 1
ISP_B#sh ip bgp 100.100.100.0
BGP routing table entry for 100.100.100.0/24, version 22
Paths: (2 available, best #1, table Default-IP-Routing-Table)
Not advertised to any peer
20 10
20.30.1.1 from 30.30.1.2 (30.50.1.1)
Origin IGP, metric 0, localpref 100, valid, internal, best
30 30 30 10
10.30.1.1 from 10.30.1.1 (100.100.100.1)
Origin IGP, metric 0, localpref 100, valid, external
Community: 30:3
ISP_B#TR_A#sh ip bgp 100.100.100.0
BGP routing table entry for 100.100.100.0/24, version 21
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Advertised to update-groups:
1
10
10.20.1.1 from 20.20.1.1 (20.20.1.1)
Origin IGP, metric 0, localpref 100, valid, internal, best
TR_A#TR_A#tr 100.100.100.2
Type escape sequence to abort.
Tracing the route to 100.100.100.21 20.20.1.1 48 msec 56 msec 32 msec
2 10.20.1.1 16 msec 40 msec 36 msec
3 100.100.100.2 [AS 10] 20 msec 64 msec *
TR_A#TR_B#sh ip bgp 100.100.100.0
BGP routing table entry for 100.100.100.0/24, version 20
Paths: (2 available, best #2, table Default-IP-Routing-Table)
Advertised to update-groups:
1 2
50 20 10
30.50.1.2 from 30.50.1.2 (30.50.1.2)
Origin IGP, localpref 100, valid, external
20 10
20.30.1.1 from 20.30.1.1 (20.50.1.1)
Origin IGP, localpref 100, valid, external, best
TR_B#
TR_B#tr 100.100.100.2
Type escape sequence to abort.
Tracing the route to 100.100.100.21 20.30.1.1 24 msec 64 msec 16 msec
2 20.20.1.1 [AS 20] 20 msec 36 msec 40 msec
3 10.20.1.1 [AS 20] 20 msec 52 msec 72 msec
4 100.100.100.2 [AS 10] 24 msec 64 msec *
TR_B#Internet#sh ip bgp 100.100.100.0
BGP routing table entry for 100.100.100.0/24, version 21
Paths: (2 available, best #2, table Default-IP-Routing-Table)
Advertised to update-groups:
1
30 20 10
30.50.1.1 from 30.50.1.1 (30.50.1.1)
Origin IGP, localpref 100, valid, external
20 10
20.50.1.1 from 20.50.1.1 (20.50.1.1)
Origin IGP, localpref 100, valid, external, best
Internet#Internet#tr 100.100.100.2
Type escape sequence to abort.
Tracing the route to 100.100.100.21 20.50.1.1 52 msec 40 msec 52 msec
2 20.20.1.1 [AS 20] 20 msec 40 msec 40 msec
3 10.20.1.1 [AS 20] 24 msec 44 msec 48 msec
4 100.100.100.2 [AS 10] 48 msec 112 msec *
Internet#
[Dynamips testing]
Download and test it yourself with below Dynamips configuration files.
Dynamips NET file
If you have any questions, feel free to send email us at [email protected]. If you are looking for professional grade service, you might want to try our "BGP experts service". What is "BGP Experts service"? Click "BGP Experts" from the top menu option. You will find out what the "BGP Experts" and what we are doing here for.
Recent Comments