I'm not sure what you mean.  Generally, HSRP is just used for *your*
router redundancy, not the upstream ISP.  One feature, however, is that
you can change priorities based on the status of an interface, which you
know, but that doesn't apply here because your interface will likely
never go down if there is a problem upstream of you.  

Your indication of a problem will be the absence of the BGP default
route, sent from either side of the ISP.  If one disappears, your
routers and hosts need to know which of your gateway routers to use.  If
you have the hosts' default gateways set statically, then that's ok
because if your 2 edge routers are running iBGP between each other, they
will redirect any traffic to the wherever the default is coming from.  
(Usually from the upstream router, but upon failure, it will be known
via iBGP from your other edge router)

A couple of suggestions:

1) If you run iBGP, be *sure* not to advertize the default route learned
from one edge router, through iBGP to the other edge router, and back
out the other upstream.  You can use a filter list to prevent that.

2) I would highly recommend running an IGP such as OSPF on all your
routers.  Remember, that's what routers are there for; routing protocols
don't make things more complicated or flakey, but in fact it simplifies
things and makes your network more robust.  I notice this is a common
misconception about using only static routes, and I have much experience
on the matter.  Static routes break things, especially when you have
more than one potential path, like you are suggesting.  Don't be afraid
to let your firewall learn the correct default route from the
redistributed EGP.





On Sat, 2002-07-27 at 01:19, Jason Viera wrote:
> It seems to me the ISP would have some degree of redundancy built into
> itself. Am I missing something?
> Jason
> ----- Original Message -----
> From: ""Jay Greenberg"" 
> Newsgroups: groupstudy.cisco
> Sent: Friday, July 26, 2002 2:52 PM
> Subject: Re: BGP and HSRP [7:49807]
> 
> 
> > If you don't want the run the IGP on the firewall, then just run
> > something between the 2 gateway routers.  iBGP would do the trick, and
> > you are running BGP anyway.  You could still use HSRP for your own extra
> > router redundancy, but not for upstream selection.
> >
> > On Fri, 2002-07-26 at 16:28, sam sneed wrote:
> > > I have a very small network, only 3 networks so i really don;t want to
> run
> > > an IGP. I especially don't want to run it on my firewall. The ISP
> suggested
> > > the HSRP solution since we are using static route between our firewall
> and
> > > these 2 routers. I know there has to be way to do this and am trying to
> > > figure it out. I don't have enough routers to set up a lab so I can't
> test
> > > it before i put it in production.
> > >
> > > Thanks.
> > >
> > > ""Jay Greenberg""  wrote in message
> > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > > If I understand you correctly, I don't think that HRSP is what you
> > > > need.  HRSP is good if upstream serial interfaces go down, or
> something
> > > > like that, or for router redundancy, but in your situation I would
> > > > suggest letting your IGP determine which upstream is active, based on
> > > > who is still advertising the default BGP prefix.  If you are using
> OSPF,
> > > > you could use #default-information originate.  If the BGP default
> prefix
> > > > is the only default route on your edge routers, the OSPF default will
> > > > disappear if the BGP default disappears.  If you don't use OSPF, just
> > > > redistribute the BGP default into your IGP.
> > > >
> > > > I am assuming that when your ISP goes "down", they stop sending the
> BGP
> > > > default.
> > > >
> > > > This will allow 1 of 2 things to happen.  If your downstream devices
> are
> > > > IGP routers, they will already know the best to the good BGP
upstream.
> > > > If they are hosts with static default routes, then their default
> gateway
> > > > could always relay the packet, or suggest an ICMP redirect to the
> host.
> > > >
> > > > Let me know if this helps!
> > > >
> > > > Jay Greenberg
> > > >
> > > > On Fri, 2002-07-26 at 14:50, sam sneed wrote:
> > > > > I have a pair of 2621's and 2 reduandant ethernet handoffs to my
> ISP. 1
> > > is
> > > > a
> > > > > primary and the other is a backup which should only be used if the
> > > primary
> > > > > fails. On my side i am running HSRP for fault tolerance RA is
> > configured
> > > > > asprimary in my HSRP group. I will be doing BGP peering with my
> > > provider. I
> > > > > only want to receive default routes. I almost have the full config
> but
> > > am
> > > > > confused on 1point. If ISPA goes loses connectivity a couple hops
> > > upstream
> > > > > HSRP will not fail over becasue my link is physically up so all my
> > > internal
> > > > > hosts will still go through RA eth0. How do I get them to go
through
> RA
> > > > eth0
> > > > > then to RB eth0 and then eventually through the backup ISP link,
ISP
> B.
> > > > Keep
> > > > > in mind its the same ISP, AS#, just a different connection. Its a
> huge
> > > ISP.
> > > > > Is there some kind of peering needed between RA and RB, maybe some
> > > special
> > > > > commands?
> > > > > Am I at least on the right track?
> > > > > My configs are posted below.
> > > > >
> > > > > If the ascii art gets confusing I have posted good a diagram as a
> gif
> > at
> > > :
> > > > >
> > > > > http://sbnet.freeservers.com/bgp.gif
> > > > >
> > > > >                                             virtual router
> > > > > All routers use AS100
> > > > >                                         ____________________
> > > > > __________________
> > > > > 172.16.20.0   --->            |   172.16.10.2--->RA    |
> > > > > 192.168.133.1------->|ISPA  192.168.133.2  | ----->internet
> > > > > 172.16.30.0   -->             |  ------------------------|     (RA
> > eth1)
> > > > > |__________________|
> > > > > 172..16.10.0   --->           |   172.16.10.1-->HSRP |
> > > > >                                         |   -----------------------
> |
> > > > >                                         |    172.16.10.3---->RB  |
> > > > > _________________
> > > > >                                         |___________________|
> > > > > 192.168.100.1--------->|ISPB 192.168.100.2|------>internet
> > > > >
> > > > > (RB eth1)                    |________________|
> > > > >
> > > > >
> > > > > Router A
> > > > > -----------------------------------
> > > > > ------------------------------------
> > > > > interface FastEthernet0/0
> > > > >  ip address 172.16.10.2 255.255.255.0
> > > > >  standby priority 105
> > > > >  standby 244 ip 172.16.10.1
> > > > >  standby 244 preempt
> > > > >  standby 244 track FastEthernet0/1
> > > > > !
> > > > > interface FastEthernet0/1
> > > > >  ip address ip address 192.168.100.1 255.255.255.252
> > > > >
> > > > >
> > > > > router bgp 100
> > > > > no synchronization
> > > > > network 172.16.10.0
> > > > > network 172.16.20.0
> > > > > network 172.16.30.0
> > > > > neighbor 192.168.133.2 remote-as 100
> > > > > neighbor 192.168.133.2 prefix-list ABC in
> > > > > neighbor 172.16.10.3 remote-as 100
> > > > > no auto-summary
> > > > > !
> > > > >
> > > > > ip prefix-list ABC seq 5 permit 0.0.0.0/0
> > > > >
> > > > > end
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > Router B
> > > > > ------------------------------------
> > > > > interface FastEthernet0/0
> > > > >  ip address 172.16.10.3 255.255.255.0
> > > > >  standby priority 100
> > > > >  standby 244 ip 172.16.10.1
> > > > >  standby 244 preempt
> > > > >  standby 244 track FastEthernet0/1
> > > > > !
> > > > > interface FastEthernet0/1
> > > > >  ip address ip address 192.168.100.1 255.255.255.252
> > > > >
> > > > > router bgp 100
> > > > > no synchronization
> > > > > network 172.16.10.0
> > > > > network 172.16.20.0
> > > > > network 172.16.30.0
> > > > > neighbor 192.168.100.2 remote-as 100
> > > > > neighbor 192.168.100.2 prefix-list ABC in
> > > > > neighbor 172.16.10.2 remote-as 100
> > > > > no auto-summary
> > > > > !
> > > > > ip prefix-list ABC seq 5 permit 0.0.0.0/0
> > > > >
> > > > > end




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=49871&t=49807
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Reply via email to