5-2-2. Cisco dual BGP with Community string-iBGP (Load-sharing)

   April 9, 2008
BGP sample configuration 5-1-1

Cisco dual BGP with Community string-iBGP (Load-sharing)

   
  • ISPs : 1
  • WAN links : 2
  • CPE : 2
  • PE : 2
  • Device : Cisco router with LAN/WAN ports.
  • WAN1 / Serial IP : 10.20.1.0/30 (mask 255.255.255.252)
  • WAN2 / Serial IP : 10.20.2.0/30 (mask 255.255.255.252)
  • LAN / Ethernet IP : 100.100.100.0/24 and 200.200.200.0/24
  • Receiving Route : Default route only from ISP
  • Memory : Full route(recommend 512M), partial route
    (recommend 128-256M), default route only in this sample.
  • LAN : ISP_A (AS20), ISP_B(AS30), Customer (AS10) and other ISP (AS50)

 

BGP sample configuration 5-1-1

 [Traffic flow]

Outbound traffic on CPE

In this sample, customer is receiving default route from ISP and iBGP router(less preferred path). By the default route, outbound traffic of IP block 100.100.100.0/24 will be routed to WAN link on CPE_1 and traffic of IP block 200.200.200.0/24 will be routed to WAN link on CPE_2. When either one of serial link is down, outbound traffic will be routed thru iBGP peer.

Inbound traffic  on CPE

As you can see below sample BGP configuration, CPE_1 is announcing 100.100.100.0/24 and 200.200.200.0/24 with BGP community string 20:3 which is as-path prepending three times in ISP. Also CPE_2 is announcing 200.200.200.0/24 and 100.100.100.0/24 with BGP community string 20:3 which is as-path prepending three times in ISP for less preferred path. So alll inbound traffic associated with 100.100.100.0/24 will be routed thru WAN link of CPE_1 and 200.200.200.0/24 will be routed thru the WAN link of CPE_2. This configuration will cover failover situation and achieve load-sharing plan. One of serial link is failed, other serial link will take both traffic by BGP routing policy. See below example and testing output.

topology_BGP5

 

[CPE_1/Customer Cisco Router]

version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CPE_1
!
ip cef
no ip domain lookup
!
interface FastEthernet0/0
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial1/0
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial1/1
 ip address 10.20.1.1 255.255.255.252
 load-interval 30
 serial restart-delay 0
!
interface Serial1/2
 no ip address
 load-interval 30
 shutdown
 serial restart-delay 0
!
interface Serial1/3
 no ip address
 shutdown
 serial restart-delay 0
!
interface FastEthernet2/0
 ip address 200.200.200.2 255.255.255.0 secondary
 ip address 100.100.100.1 255.255.255.0
 duplex auto
 speed auto
!
router bgp 10
 no synchronization
 bgp log-neighbor-changes
 network 100.100.100.0 mask 255.255.255.0
 network 200.200.200.0
 redistribute connected
 neighbor 10.20.1.2 remote-as 20 <—————— BGP neighbor to ISP
 neighbor 10.20.1.2 send-community <————– Must configure to send community string
 neighbor 10.20.1.2 prefix-list to-ISP out <——— Allow only IP block need to be advertised to ISP
 neighbor 10.20.1.2 route-map route-to-ISP out <—- To control inbound traffic
 neighbor 100.100.100.2 remote-as 10 <———– iBGP neighbor to CPE_2
 neighbor 100.100.100.2 default-originate <——- Send default route
 neighbor 100.100.100.2 route-map route-to-ibgp in <—- To control inbound traffic from CPE_2
 no auto-summary
!
ip http server
no ip http secure-server
ip forward-protocol nd
!
ip bgp-community new-format
!
ip prefix-list prefix-1 seq 5 permit 100.100.100.0/24
!
ip prefix-list prefix-2 seq 5 permit 200.200.200.0/24
!
ip prefix-list to-ISP seq 5 permit 100.100.100.0/24
ip prefix-list to-ISP seq 10 permit 200.200.200.0/24
!
route-map route-to-ISP permit 10 <——– To control inbound traffic
 match ip address prefix-list prefix-2
 set community 20:3
!
route-map route-to-ISP permit 20
!
route-map route-to-ibgp permit 10 <——- Make less prefer to route path thru iBGP
 set local-preference 80
!
control-plane
!
line con 0
 exec-timeout 0 0
 logging synchronous
line aux 0
line vty 0 4
 login
!
end

[CPE_2/Customer Cisco Router]

version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CPE_2
!
ip cef
no ip domain lookup
!
interface FastEthernet0/0
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial1/0
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial1/1
 ip address 10.20.2.1 255.255.255.252
 load-interval 30
 serial restart-delay 0
!
interface Serial1/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial1/3
 no ip address
 shutdown
 serial restart-delay 0
!
interface FastEthernet2/0
 ip address 100.100.100.2 255.255.255.0 secondary
 ip address 200.200.200.1 255.255.255.0
 duplex auto
 speed auto
!
router bgp 10
 no synchronization
 bgp log-neighbor-changes
 network 100.100.100.0 mask 255.255.255.0
 network 200.200.200.0
 redistribute connected
 neighbor 10.20.2.2 remote-as 20 <—————— BGP neighbor to ISP
 neighbor 10.20.2.2 send-community <————– Must configure to send community string
 neighbor 10.20.2.2 prefix-list to-ISP out <——— Allow only IP block need to be advertised to ISP
 neighbor 10.20.2.2 route-map route-to-ISP out <—- To control inbound traffic
 neighbor 100.100.100.1 remote-as 10 <———– iBGP neighbor to CPE_1
 neighbor 100.100.100.1 default-originate <——- Send default route
 neighbor 100.100.100.1 route-map route-to-ibgp in <—- To control inbound traffic from CPE_1
no auto-summary
!
ip http server
no ip http secure-server
ip forward-protocol nd
!
ip bgp-community new-format
!
ip prefix-list prefix-1 seq 5 permit 100.100.100.0/24
!
ip prefix-list prefix-2 seq 5 permit 200.200.200.0/24
!
ip prefix-list to-ISP seq 5 permit 100.100.100.0/24
ip prefix-list to-ISP seq 10 permit 200.200.200.0/24
!
route-map route-to-ISP permit 10 <——– To control inbound traffic
 match ip address prefix-list prefix-1
 set community 20:3
!
route-map route-to-ISP permit 20
!
route-map route-to-ibgp permit 10 <——- Make less prefer to route path thru iBGP
 set local-preference 80
!
control-plane
!
line con 0
 exec-timeout 0 0
 logging synchronous
line aux 0
line vty 0 4
 login
!
end

 

[PE_1 / ISP Cisco Router]

version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname PE_1
!
ip cef
no ip domain lookup
!
interface FastEthernet0/0
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial1/0
 ip address 10.20.1.2 255.255.255.252
 serial restart-delay 0
!
interface Serial1/1
 ip address 20.1.3.1 255.255.255.252
 serial restart-delay 0
!
interface Serial1/2
 ip address 20.1.4.1 255.255.255.252
 serial restart-delay 0
!
interface Serial1/3
 no ip address
 shutdown
 serial restart-delay 0
!
router bgp 20
 no synchronization
 bgp log-neighbor-changes
 redistribute connected
 neighbor 10.20.1.1 remote-as 10 <—————— BGP neighbor to Customer
 neighbor 10.20.1.1 default-originate <——- Send default route
 neighbor 10.20.1.1 route-map customer-in in <—— To apply BGP community policy on customer’s routes
 neighbor 10.20.1.1 route-map no-routes out <——- No BGP routes will be sent to Customer
 neighbor 20.1.3.2 remote-as 20
 neighbor 20.1.4.2 remote-as 20
 no auto-summary
!
ip http server
no ip http secure-server
ip forward-protocol nd
!
ip bgp-community new-format <————– For new BGP community format
ip community-list 1 permit 20:1 <————- BGP community policy below
ip community-list 2 permit 20:2
ip community-list 3 permit 20:3
ip community-list 4 permit 20:80
ip community-list 5 permit 20:120
!
route-map no-routes deny 10
!
route-map customer-in permit 10
 match community 1
 set as-path prepend 20
!
route-map customer-in permit 20
 match community 2
 set as-path prepend 20 20
!
route-map customer-in permit 30
 match community 3
 set as-path prepend 20 20 20
!
route-map customer-in permit 40
 match community 4
 set local-preference 80
!
route-map customer-in permit 50
 match community 5
 set local-preference 120
!
route-map customer-in permit 60
!
control-plane
!
line con 0
 exec-timeout 0 0
 logging synchronous
line aux 0
line vty 0 4
 login
!
end

[PE_2 / ISP Cisco Router]

version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname PE_2
!
ip cef
no ip domain lookup
!
interface FastEthernet0/0
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial1/0
 ip address 10.20.2.2 255.255.255.252
 serial restart-delay 0
!
interface Serial1/1
 ip address 20.2.4.1 255.255.255.252
 serial restart-delay 0
!
interface Serial1/2
 ip address 20.2.3.1 255.255.255.252
 serial restart-delay 0
!
interface Serial1/3
 no ip address
 shutdown
 serial restart-delay 0
!
router bgp 20
 no synchronization
 bgp log-neighbor-changes
 redistribute connected
 neighbor 10.20.2.1 remote-as 10 <—————— BGP neighbor to Customer
 neighbor 10.20.2.1 default-originate <——- Send default route
 neighbor 10.20.2.1 route-map customer-in in <—— To apply BGP community policy on customer’s routes
 neighbor 10.20.2.1 route-map no-routes out <——- No BGP routes will be sent to Customer
 neighbor 20.2.3.2 remote-as 20
 neighbor 20.2.4.2 remote-as 20
 no auto-summary
!
ip http server
no ip http secure-server
ip forward-protocol nd
!
ip bgp-community new-format <————– For new BGP community format
ip community-list 1 permit 20:1 <————- BGP community policy below
ip community-list 2 permit 20:2
ip community-list 3 permit 20:3
ip community-list 4 permit 20:80
ip community-list 5 permit 20:120
!
route-map no-routes deny 10
!
route-map customer-in permit 10
 match community 1
 set as-path prepend 20
!
route-map customer-in permit 20
 match community 2
 set as-path prepend 20 20
!
route-map customer-in permit 30
 match community 3
 set as-path prepend 20 20 20
!
route-map customer-in permit 40
 match community 4
 set local-preference 80
!
route-map customer-in permit 50
 match community 5
 set local-preference 120
!
route-map customer-in permit 60
!
control-plane
!
line con 0
 exec-timeout 0 0
 logging synchronous
line aux 0
line vty 0 4
 login
!
end

 [Verifing output]

CPE_1#sh ip bgp 0.0.0.0
BGP routing table entry for 0.0.0.0/0, version 529
Paths: (2 available, best #1, table Default-IP-Routing-Table)
  Not advertised to any peer
  20
    10.20.1.2 from 10.20.1.2 (20.1.4.1)
      Origin IGP, metric 0, localpref 100, valid, external, best
  Local
    100.100.100.2 from 100.100.100.2 (100.100.100.3)
      Origin IGP, metric 0, localpref 80, valid, internal

CPE_1#sh ip bgp nei 10.20.1.2 ro
BGP table version is 531, local router ID is 100.100.100.2
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
              r RIB-failure, S Stale
Origin codes: i – IGP, e – EGP, ? – incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 0.0.0.0          10.20.1.2                0             0 20 i

Total number of prefixes 1

CPE_1#sh ip bgp nei 10.20.1.2 ad
BGP table version is 531, local router ID is 100.100.100.2
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
              r RIB-failure, S Stale
Origin codes: i – IGP, e – EGP, ? – incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 100.100.100.0/24 0.0.0.0                  0         32768 i
*> 200.200.200.0    0.0.0.0                  0         32768 i

Total number of prefixes 2
CPE_1#

CPE_2#sh ip bgp 0.0.0.0
BGP routing table entry for 0.0.0.0/0, version 41
Paths: (2 available, best #1, table Default-IP-Routing-Table)
  Not advertised to any peer
  20
    10.20.2.2 from 10.20.2.2 (20.2.4.1)
      Origin IGP, metric 0, localpref 100, valid, external, best
  Local
    100.100.100.1 from 100.100.100.1 (100.100.100.2)
      Origin IGP, metric 0, localpref 80, valid, internal

CPE_2#sh ip bgp nei 10.20.1.2 ro
% No such neighbor or address family
CPE_2#sh ip bgp nei 10.20.2.2 ro
BGP table version is 41, local router ID is 100.100.100.3
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
              r RIB-failure, S Stale
Origin codes: i – IGP, e – EGP, ? – incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 0.0.0.0          10.20.2.2                0             0 20 i

Total number of prefixes 1


CPE_2#sh ip bgp nei 10.20.2.2 ad
BGP table version is 41, local router ID is 100.100.100.3
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
              r RIB-failure, S Stale
Origin codes: i – IGP, e – EGP, ? – incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 100.100.100.0/24 0.0.0.0                  0         32768 i
*> 200.200.200.0    0.0.0.0                  0         32768 i

Total number of prefixes 2
CPE_2#

PE_1#sh ip bgp nei 10.20.1.1 ro
BGP table version is 33, local router ID is 20.1.4.1
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
              r RIB-failure, S Stale
Origin codes: i – IGP, e – EGP, ? – incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 100.100.100.0/24 10.20.1.1                0             0 10 i
*> 200.200.200.0    10.20.1.1                0             0 20 20 20 10 i

Total number of prefixes 2

PE_1#sh ip bgp nei 10.20.1.1 ad
BGP table version is 33, local router ID is 20.1.4.1
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
              r RIB-failure, S Stale
Origin codes: i – IGP, e – EGP, ? – incomplete

Originating default network 0.0.0.0

   Network          Next Hop            Metric LocPrf Weight Path

Total number of prefixes 0
PE_1#

PE_2#    sh ip bgp nei 10.20.2.1 ro
BGP table version is 38, local router ID is 20.2.4.1
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
              r RIB-failure, S Stale
Origin codes: i – IGP, e – EGP, ? – incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 100.100.100.0/24 10.20.2.1                0             0 20 20 20 10 i
*> 200.200.200.0    10.20.2.1                0             0 10 i

Total number of prefixes 2

PE_2#    sh ip bgp nei 10.20.2.1 ad
BGP table version is 38, local router ID is 20.2.4.1
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
              r RIB-failure, S Stale
Origin codes: i – IGP, e – EGP, ? – incomplete

Originating default network 0.0.0.0

   Network          Next Hop            Metric LocPrf Weight Path

Total number of prefixes 0
PE_2#

TR_A#sh ip bgp 100.100.100.0
BGP routing table entry for 100.100.100.0/24, version 43
Paths: (2 available, best #2, table Default-IP-Routing-Table)
  Advertised to update-groups:
     1
  20 20 20 10
    10.20.2.1 from 20.2.3.1 (20.2.4.1)
      Origin IGP, metric 0, localpref 100, valid, internal
  10
    10.20.1.1 from 20.1.3.1 (20.1.4.1)
      Origin IGP, metric 0, localpref 100, valid, internal, best


TR_A#sh ip bgp 200.200.200.0
BGP routing table entry for 200.200.200.0/24, version 48
Paths: (2 available, best #1, table Default-IP-Routing-Table)
  Advertised to update-groups:
     1
  10
    10.20.2.1 from 20.2.3.1 (20.2.4.1)
      Origin IGP, metric 0, localpref 100, valid, internal, best
  20 20 20 10
    10.20.1.1 from 20.1.3.1 (20.1.4.1)
      Origin IGP, metric 0, localpref 100, valid, internal
TR_A#

TR_B#sh ip bgp 100.100.100.0
BGP routing table entry for 100.100.100.0/24, version 43
Paths: (2 available, best #2, table Default-IP-Routing-Table)
  Advertised to update-groups:
     1
  20 20 20 10
    10.20.2.1 from 20.2.4.1 (20.2.4.1)
      Origin IGP, metric 0, localpref 100, valid, internal
  10
    10.20.1.1 from 20.1.4.1 (20.1.4.1)
      Origin IGP, metric 0, localpref 100, valid, internal, best

TR_B#sh ip bgp 200.200.200.0
BGP routing table entry for 200.200.200.0/24, version 48
Paths: (2 available, best #1, table Default-IP-Routing-Table)
  Advertised to update-groups:
     1
  10
    10.20.2.1 from 20.2.4.1 (20.2.4.1)
      Origin IGP, metric 0, localpref 100, valid, internal, best
  20 20 20 10
    10.20.1.1 from 20.1.4.1 (20.1.4.1)
      Origin IGP, metric 0, localpref 100, valid, internal
TR_B#

Internet#sh ip bgp 100.100.100.0
BGP routing table entry for 100.100.100.0/24, version 51
Paths: (2 available, best #2, table Default-IP-Routing-Table)
  Advertised to update-groups:
     1
  20 10
    20.50.1.1 from 20.50.1.1 (20.50.1.1)
      Origin IGP, localpref 100, valid, external
  20 10
    20.50.2.1 from 20.50.2.1 (20.50.2.1)
      Origin IGP, localpref 100, valid, external, best

Internet#tr 100.100.100.4
Type escape sequence to abort.
Tracing the route to 100.100.100.4

  1 20.50.2.1 44 msec 60 msec 20 msec
  2 20.1.4.1 [AS 20] 20 msec 56 msec 52 msec
  3 10.20.1.1 [AS 20] 20 msec 36 msec 76 msec
  4 100.100.100.4 [AS 10] 36 msec 112 msec *


Internet#sh ip bgp 200.200.200.0
BGP routing table entry for 200.200.200.0/24, version 56
Paths: (2 available, best #1, table Default-IP-Routing-Table)
  Advertised to update-groups:
     1
  20 10
    20.50.1.1 from 20.50.1.1 (20.50.1.1)
      Origin IGP, localpref 100, valid, external, best
  20 10
    20.50.2.1 from 20.50.2.1 (20.50.2.1)
      Origin IGP, localpref 100, valid, external


Internet#tr 200.200.200.4
Type escape sequence to abort.
Tracing the route to 200.200.200.4

  1 20.50.1.1 44 msec 48 msec 16 msec
  2 20.2.3.1 [AS 20] 20 msec 48 msec 32 msec
  3 10.20.2.1 [AS 20] 16 msec 40 msec 84 msec
  4 200.200.200.4 [AS 10] 40 msec 100 msec *
Internet#

 [Dynamips testing]

Download and test it yourself with below Dynamips configuration files.

  Dynamips NET file

  Router configuration files

 

If you have any questions, feel free to send email us at [email protected]. If you are looking for professional grade service, you might want to try our "BGP experts service". What is "BGP Experts service"? Click "BGP Experts" from the top menu option. You will find out what the "BGP Experts" and what we are doing here for.

Author: Chris Yoon

IT professional