Most of us having little struggle on managing & configuring BGP on the core routers with load balancing and active-backup (fail-over) setups. Here is a simple example to accomplish this task.

 Let’s take a customer scenario:

This customer has two networks on his LAN and has Ethernet WAN connection to ISP (Single). Both links have same bandwidth. The customer requirements are as follows: 

1. Link A is the primary link for network A so all the traffic from network A is going through router A (which is the exit point of link A ) and  Link B is the primary link for network B , so all the traffic from network B is going through router B (which is the exit point for link B )
2. If there are any failure  in Link A or router A the traffic from network A is going through router B, same If there are any failure  in Link B or router B the traffic from network A is going through router A.

(In this example I’m using private range of IP address for all configurations )

 Below, is the network diagram illustrates this scenario:

Solution for this scenario:

We select BGP as WAN routing protocol to ISP. The reason for choosing BGP is, both links are Ethernet circuits so most of the time the link failure cannot be detected by routers. For example, even if the ISP end is down, the customer end router will still indicate interface status and protocol is UP. So we couldn’t select static route as the WAN routing protocol.

Follow the steps below.

1. Configuring WAN interface
2. Configuring LAN interface
3. Configuring WAN routing protocol (BGP)
4. Configuring access-list / prefix-list
5. Configuring route-maps

Configuring WAN interface

Since this is a direct and simple task, you need to configure the interface IP address only.

Router A

!

config t

!

interface GigabitEthernet0/1

Description WAN Connection to ISP

Ip address 10.10.10.2 255.255.255.252

Speed 100

Duplex full

No shut

Exit

!

Above IP address (10.10.10.2) is provided by ISP to customer. On the ISP end they have to configure the IP address as 10.10.10.1/30

Router B

!

config t

!

interface GigabitEthernet0/1

Description WAN Connection to ISP

Ip address 10.10.10.10 255.255.255.252

Speed 100

Duplex full

No shut

Exit

!

Above IP address (10.10.10.10) is provided by ISP to customer. On the ISP end they have to configure the IP address as 10.10.10.9/30 . 

Configure the LAN interface

This is a bit tricky task on this example. Because we need to configure 2 ranges of IP address on the LAN interface and also need to add some additional configurations for fail-over.

1. Configure the primary IP address
2. Configure the  secondary IP address
3. Configure the HSRP for failover

Router A

interface GigabitEthernet0/0

description connection to LAN

ip address 192.168.1.1 255.255.255.224

ip address 192.168.2.3 255.255.255.224 secondary

standby 1 ip 192.168.1.2

standby 1 preempt

standby 1 name NETWORK-A

standby 1 priority 110

standby 1 timers 2 6

standby 1 track GigabitEthernet0/1 50

standby 2 ip 192.168.2.2

standby 2 preempt

standby 2 timers 2 6

standby 2 name NETWORK-B

exit

!

Router B

interface GigabitEthernet0/0

description connection to LAN

ip address 192.168.2.1 255.255.255.224

ip address 192.168.1.3 255.255.255.224 secondary

standby 1 ip 192.168.1.2

standby 1 preempt

standby 1 name NETWORK-A

standby 1 timers 2 6

standby 2 ip 192.168.2.2

standby 2 preempt

standby 2 timers 2 6

standby 2 priority 110

standby 2 track GigabitEthernet0/1 50

standby 2 name NETWORK-B

exit

!

This interface GigabitEthernet0/0 acting as primary gateway for network A (192.168.1.0/27)  and secondary gateway to network B (192.168.2.0/27). We need to configure the primary IP address from ‘Network A’ . Also here the LAN gateway should be 192.168.1.2 for network A and 192.168.2.2 for network B. These IP addresses will be configured as HSRP VIP .

On Router A, “standby Group 1” is in active state and “standby Group 2” is in standby state. LAN interface on Router A has been configured to 192.168.1.1  as primary and 192.168.2.3 as secondary. It will be reverse on Router B, such as Primary IP address 192.168.2.1 , secondary IP address 192.168.1.3, ‘Standby Group 2’ is “active” and ‘Standby Group 1’ is in “standby” state. Router A’s LAN interface been configured to 192.168.2.1 as primary and 192.168.1.3 as secondary. But there is no change in HSRP VIP (standby IP).

Here, Router A is the active Router for Network A, but standby router for network B, because of the highest standby priority configured  (standby GROUP# priority 110) to standby Group 1 on  Router A so its functioning as active  router to that standby ‘Group 1’ (default standby priority value, is set to 100). So all the traffic from network A (gateway is 192.168.1.2)  will go through Router A .

Note : Normally in BGP  Local Preference influenced in  out going  route selection. Here we using HSRP as path selector. In HSRP outgoing path will be always selected via “active” router.

Standby ‘Group 2’ have default standby priority which is 100. It’s a small value than the standby priority configured in Router B for standby group 2. Then the Router A will be functioning as a standby router for standby group 2 (or network B). So when the standby group 2 in active state on Router B, then the traffic originating from network B will not go through Router A.  

When the interface GigabitEthernet0/1 goes down,  priority value will be decreased by 50 on stand by group 1. Then the Router B have higher priority (100) than ‘Router A’ for standby ‘Group 1’. As a  result, Router A will go to standby state and Router B will be on active state  for standby ‘Group 1’. Router B will act as an active router for ‘Network A’. So finally, traffic from both ‘Network A’ and ‘Network B’ will go through ‘Router B’. This solution satisfies the first customer requirement, which is “Need to have a fail-over system”.

Also the same type of configuration is configured on ‘Router B’ on standby ‘Group 2’. So the Router B will be functioning as active router for standby ‘Group 2’.

If there is any problem occurs on GigabitEthernet0/1 interface on Router B while it is functioning as active then ‘Group 2’ will go to standby mode. So the Router A will function as active router for both ‘Network A’ and ‘Network B’ and all traffic will go through it.

Standby timers is an optional command. You can use it to minimize the standby convergent time for both standby groups. This should be same to both routers. 

Configuring BGP

In this step we will cover steps 3, 4 & 5. Because all these 3 task need to be configured together.

Router A

!

router bgp 65200

no synchronization

bgp log-neighbor-changes

timers bgp 15 45

network 192.168.1.0  mask 255.255.255.224

network 192.168.2.0  mask 255.255.255.224

neighbor 10.10.10.1 remote-as 65000

neighbor 10.10.10.1 description WAN Connection to ISP

neighbor 10.10.10.1 soft-reconfiguration inbound

neighbor 10.10.10.1 route-map PERMITAS out

neighbor 192.168.1.3 remote-as 65200

neighbor 192.168.1.3 description B2B Connection to RouterB

neighbor 192.168.1.3 next-hop-self

neighbor 192.168.1.3 soft-reconfiguration inbound

no auto-summary

exit

!

access-list 10 permit 192.168.2.0  0.0.0.31

!

ip as-path access-list 1 permit ^$|_65200

!

route-map PERMITAS permit 10

match ip address 10

set as-path prepend 65200 65200

exit

!

route-map PERMITAS permit 20

match as-path 1

exit

!

Router B

 !

router bgp 65200

no synchronization

bgp log-neighbor-changes

timers bgp 15 45

network 192.168.1.0  mask 255.255.255.224

network 192.168.2.0  mask 255.255.255.224

neighbor 10.10.10.9 remote-as 65000

neighbor 10.10.10.9 description WAN Connection to ISP

neighbor 10.10.10.9 soft-reconfiguration inbound

neighbor 10.10.10.9 route-map PERMITAS out

neighbor 192.168.1.1 remote-as 65200

neighbor 192.168.1.1 description B2B Connection to RouterA

neighbor 192.168.1.1 next-hop-self

neighbor 192.168.1.1 soft-reconfiguration inbound

no auto-summary

exit

!

access-list 10 permit 192.168.1.0  0.0.0.31

!

ip as-path access-list 1 permit ^$|_65200

!

route-map PERMITAS permit 10

match ip address 10

set as-path prepend 65200 65200

exit

!

route-map PERMITAS permit 20

match as-path 1

exit

!

Here the local BGP AS number configured as 65200 and  eBGP peering  is configured with  ISP (AS6500) ,  iBGP peering is configured with Router B (AS65200).

The local BGP AS advertise ‘Network A’ and ‘Network B’ to its BGP peers.

Now we come to the main picture. on this configuration, access-list 10 permit only 192.168.2.0/27 subnet, which is the primary network for Router B and all other networks will be denied by this access-list. 

Now we focus on route-map PERMITAS, under this route-map the match condition defined by ip address 10. It means match the traffic from access-list 10. So as per this matching statement only network B (192.168.2.0/27) is allowed. So this when the network matching this ACL , the route-map PERMITAS permit 10 prepend the AS path as twice . So the network B will be advertise with additional pre-pending. Also we configured AS path filter , this filter is permit locally originating network (from AS65200 ), so the route-map PERMITAS permit 20 advertise all  other traffic ‘(Network A) as per normal.

When ISP site receives the prefix from Router A, it will get two major networks on the BGP table such as ‘Network A’ (192.168.1.0/27) with one AS path and ‘Network B’ (192.168.2.0/27) with 2 additional AS path (from as pre-pending). 

Same scenario will happen to network A from Router B. So the Router B’s peer router (ISP) will see 2 networks from ‘Router B’. The ‘Network B’ (192.168.2.0/27) with one AS path and network A (192.168.1.0/27) with 2 additional AS path (from as pre-pending) on its BGP table.

If all other characteristics are same, then BGP will take the shortest AS path for routing selection. So the return traffic from ISP will always take the shortest path. If there is any traffic for ‘Network A’, then it will look in to its routing table / BGP table. For the ‘Network A’ there are two routes available to ISP network from ‘Router A’ and ‘Router B’. But the advertisement from Router B has two additional AS path which is longer than AS from Router A. So it will always take the path through ‘Router A’.

 Now, Let’s think what will happen, if the link between ‘Router A’ and ISP failed. Then there will be no BGP advertisement from Router A to ISP. So ISP will get only one route to ‘Network A’, which was advertised from Router B (has 2 additional AS path). Since there is no additional route, it will select ‘Router B’ to reach ‘Network A’.