Re: BGP and HSRP [7:49807]
Ok, for me it was implicit to configure outbound filtering to upstream in order to not become Transit AS. ""Jason Greenberg"" a icrit dans le message de news: [EMAIL PROTECTED] > No, the filter lists would only be to prevent the default route from > being advertised back out the other upstream link. Note that usually > the BGP AS-path loop avoidance rules will prevent a problem in this > scenario (especially with only the default route being advertised), but > in a more advanced scenario, or if the upstream ISP were using 2 ASNs, > one for each link (who knows, but sometimes it happens), then the ISP > could consider this poor guy's 2 2600's as a short path back to the rest > of their network. > > I think the general rule of thumb is always filter BGP advertisements. > I like to be in complete control of what I'm advertising to other ASs. > > > > > > On Sat, 2002-07-27 at 14:27, Stephane LITKOWSKI wrote: > > > A couple of suggestions: > > > > > > 1) If you run iBGP, be *sure* not to advertize the default route learned > > > from one edge router, through iBGP to the other edge router, and back > > > out the other upstream. You can use a filter list to prevent that. > > > > I agree with you about your technique but : > > Why do you want to prevent 0.0.0.0 to be advertized via the iBGP ? > > I think, if each edge router, advertize his eBGP-learned default route to > > his iBGP peer, each edge router have 2 default routes and so will prefer > the > > EBGP path. And if the EBGP path is lost, iBGP path is used (and so if other > > routers are on the same LAN, ICMP redirect is generated pointing to the > > second edge router). > > NB : I think that HSRP will desactivate ICMP redirects on the configured > > interface. And so if u want to use it, u have to reenable it. > > > > > 2) I would highly recommend running an IGP such as OSPF on all your > > > routers. Remember, that's what routers are there for; routing protocols > > > don't make things more complicated or flakey, but in fact it simplifies > > > things and makes your network more robust. I notice this is a common > > > misconception about using only static routes, and I have much experience > > > on the matter. Static routes break things, especially when you have > > > more than one potential path, like you are suggesting. Don't be afraid > > > to let your firewall learn the correct default route from the > > > redistributed EGP. > > > > I think it's really the best (and easier) solution. > -- > Jason Greenberg, CCNP > Network Administrator > Execulink, Inc. > [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49918&t=49807 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP and HSRP [7:49807]
No, the filter lists would only be to prevent the default route from being advertised back out the other upstream link. Note that usually the BGP AS-path loop avoidance rules will prevent a problem in this scenario (especially with only the default route being advertised), but in a more advanced scenario, or if the upstream ISP were using 2 ASNs, one for each link (who knows, but sometimes it happens), then the ISP could consider this poor guy's 2 2600's as a short path back to the rest of their network. I think the general rule of thumb is always filter BGP advertisements. I like to be in complete control of what I'm advertising to other ASs. On Sat, 2002-07-27 at 14:27, Stephane LITKOWSKI wrote: > > A couple of suggestions: > > > > 1) If you run iBGP, be *sure* not to advertize the default route learned > > from one edge router, through iBGP to the other edge router, and back > > out the other upstream. You can use a filter list to prevent that. > > I agree with you about your technique but : > Why do you want to prevent 0.0.0.0 to be advertized via the iBGP ? > I think, if each edge router, advertize his eBGP-learned default route to > his iBGP peer, each edge router have 2 default routes and so will prefer the > EBGP path. And if the EBGP path is lost, iBGP path is used (and so if other > routers are on the same LAN, ICMP redirect is generated pointing to the > second edge router). > NB : I think that HSRP will desactivate ICMP redirects on the configured > interface. And so if u want to use it, u have to reenable it. > > > 2) I would highly recommend running an IGP such as OSPF on all your > > routers. Remember, that's what routers are there for; routing protocols > > don't make things more complicated or flakey, but in fact it simplifies > > things and makes your network more robust. I notice this is a common > > misconception about using only static routes, and I have much experience > > on the matter. Static routes break things, especially when you have > > more than one potential path, like you are suggesting. Don't be afraid > > to let your firewall learn the correct default route from the > > redistributed EGP. > > I think it's really the best (and easier) solution. -- Jason Greenberg, CCNP Network Administrator Execulink, Inc. [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49901&t=49807 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP and HSRP [7:49807]
> A couple of suggestions: > > 1) If you run iBGP, be *sure* not to advertize the default route learned > from one edge router, through iBGP to the other edge router, and back > out the other upstream. You can use a filter list to prevent that. I agree with you about your technique but : Why do you want to prevent 0.0.0.0 to be advertized via the iBGP ? I think, if each edge router, advertize his eBGP-learned default route to his iBGP peer, each edge router have 2 default routes and so will prefer the EBGP path. And if the EBGP path is lost, iBGP path is used (and so if other routers are on the same LAN, ICMP redirect is generated pointing to the second edge router). NB : I think that HSRP will desactivate ICMP redirects on the configured interface. And so if u want to use it, u have to reenable it. > 2) I would highly recommend running an IGP such as OSPF on all your > routers. Remember, that's what routers are there for; routing protocols > don't make things more complicated or flakey, but in fact it simplifies > things and makes your network more robust. I notice this is a common > misconception about using only static routes, and I have much experience > on the matter. Static routes break things, especially when you have > more than one potential path, like you are suggesting. Don't be afraid > to let your firewall learn the correct default route from the > redistributed EGP. I think it's really the best (and easier) solution. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49893&t=49807 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP and HSRP [7:49807]
How does bgp conditional apply here? On Sat, 2002-07-27 at 10:52, Scott wrote: > Check out BGP conditional advertisement. > > HTH, > Scott > > ""sam sneed"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > I have a pair of 2621's and 2 reduandant ethernet handoffs to my ISP. 1 is > a > > primary and the other is a backup which should only be used if the primary > > fails. On my side i am running HSRP for fault tolerance RA is configured > > asprimary in my HSRP group. I will be doing BGP peering with my provider. > I > > only want to receive default routes. I almost have the full config but am > > confused on 1point. If ISPA goes loses connectivity a couple hops upstream > > HSRP will not fail over becasue my link is physically up so all my > internal > > hosts will still go through RA eth0. How do I get them to go through RA > eth0 > > then to RB eth0 and then eventually through the backup ISP link, ISP B. > Keep > > in mind its the same ISP, AS#, just a different connection. Its a huge > ISP. > > Is there some kind of peering needed between RA and RB, maybe some special > > commands? > > Am I at least on the right track? > > My configs are posted below. > > > > If the ascii art gets confusing I have posted good a diagram as a gif at : > > > > http://sbnet.freeservers.com/bgp.gif > > > > virtual router > > All routers use AS100 > > > > __ > > 172.16.20.0 --->| 172.16.10.2--->RA| > > 192.168.133.1--->|ISPA 192.168.133.2 | ->internet > > 172.16.30.0 --> | | (RA eth1) > > |__| > > 172..16.10.0 ---> | 172.16.10.1-->HSRP | > > | --- | > > |172.16.10.3>RB | > > _ > > |___| > > 192.168.100.1->|ISPB 192.168.100.2|-->internet > > > > (RB eth1)|| > > > > > > Router A > > --- > > > > interface FastEthernet0/0 > > ip address 172.16.10.2 255.255.255.0 > > standby priority 105 > > standby 244 ip 172.16.10.1 > > standby 244 preempt > > standby 244 track FastEthernet0/1 > > ! > > interface FastEthernet0/1 > > ip address ip address 192.168.100.1 255.255.255.252 > > > > > > router bgp 100 > > no synchronization > > network 172.16.10.0 > > network 172.16.20.0 > > network 172.16.30.0 > > neighbor 192.168.133.2 remote-as 100 > > neighbor 192.168.133.2 prefix-list ABC in > > neighbor 172.16.10.3 remote-as 100 > > no auto-summary > > ! > > > > ip prefix-list ABC seq 5 permit 0.0.0.0/0 > > > > end > > > > > > > > > > Router B > > > > interface FastEthernet0/0 > > ip address 172.16.10.3 255.255.255.0 > > standby priority 100 > > standby 244 ip 172.16.10.1 > > standby 244 preempt > > standby 244 track FastEthernet0/1 > > ! > > interface FastEthernet0/1 > > ip address ip address 192.168.100.1 255.255.255.252 > > > > router bgp 100 > > no synchronization > > network 172.16.10.0 > > network 172.16.20.0 > > network 172.16.30.0 > > neighbor 192.168.100.2 remote-as 100 > > neighbor 192.168.100.2 prefix-list ABC in > > neighbor 172.16.10.2 remote-as 100 > > no auto-summary > > ! > > ip prefix-list ABC seq 5 permit 0.0.0.0/0 > > > > end -- Jason Greenberg, CCNP Network Administrator Execulink, Inc. [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49883&t=49807 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP and HSRP [7:49807]
Check out BGP conditional advertisement. HTH, Scott ""sam sneed"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I have a pair of 2621's and 2 reduandant ethernet handoffs to my ISP. 1 is a > primary and the other is a backup which should only be used if the primary > fails. On my side i am running HSRP for fault tolerance RA is configured > asprimary in my HSRP group. I will be doing BGP peering with my provider. I > only want to receive default routes. I almost have the full config but am > confused on 1point. If ISPA goes loses connectivity a couple hops upstream > HSRP will not fail over becasue my link is physically up so all my internal > hosts will still go through RA eth0. How do I get them to go through RA eth0 > then to RB eth0 and then eventually through the backup ISP link, ISP B. Keep > in mind its the same ISP, AS#, just a different connection. Its a huge ISP. > Is there some kind of peering needed between RA and RB, maybe some special > commands? > Am I at least on the right track? > My configs are posted below. > > If the ascii art gets confusing I have posted good a diagram as a gif at : > > http://sbnet.freeservers.com/bgp.gif > > virtual router > All routers use AS100 > > __ > 172.16.20.0 --->| 172.16.10.2--->RA| > 192.168.133.1--->|ISPA 192.168.133.2 | ->internet > 172.16.30.0 --> | | (RA eth1) > |__| > 172..16.10.0 ---> | 172.16.10.1-->HSRP | > | --- | > |172.16.10.3>RB | > _ > |___| > 192.168.100.1->|ISPB 192.168.100.2|-->internet > > (RB eth1)|| > > > Router A > --- > > interface FastEthernet0/0 > ip address 172.16.10.2 255.255.255.0 > standby priority 105 > standby 244 ip 172.16.10.1 > standby 244 preempt > standby 244 track FastEthernet0/1 > ! > interface FastEthernet0/1 > ip address ip address 192.168.100.1 255.255.255.252 > > > router bgp 100 > no synchronization > network 172.16.10.0 > network 172.16.20.0 > network 172.16.30.0 > neighbor 192.168.133.2 remote-as 100 > neighbor 192.168.133.2 prefix-list ABC in > neighbor 172.16.10.3 remote-as 100 > no auto-summary > ! > > ip prefix-list ABC seq 5 permit 0.0.0.0/0 > > end > > > > > Router B > > interface FastEthernet0/0 > ip address 172.16.10.3 255.255.255.0 > standby priority 100 > standby 244 ip 172.16.10.1 > standby 244 preempt > standby 244 track FastEthernet0/1 > ! > interface FastEthernet0/1 > ip address ip address 192.168.100.1 255.255.255.252 > > router bgp 100 > no synchronization > network 172.16.10.0 > network 172.16.20.0 > network 172.16.30.0 > neighbor 192.168.100.2 remote-as 100 > neighbor 192.168.100.2 prefix-list ABC in > neighbor 172.16.10.2 remote-as 100 > no auto-summary > ! > ip prefix-list ABC seq 5 permit 0.0.0.0/0 > > end Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49873&t=49807 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP and HSRP [7:49807]
I'm not sure what you mean. Generally, HSRP is just used for *your* router redundancy, not the upstream ISP. One feature, however, is that you can change priorities based on the status of an interface, which you know, but that doesn't apply here because your interface will likely never go down if there is a problem upstream of you. Your indication of a problem will be the absence of the BGP default route, sent from either side of the ISP. If one disappears, your routers and hosts need to know which of your gateway routers to use. If you have the hosts' default gateways set statically, then that's ok because if your 2 edge routers are running iBGP between each other, they will redirect any traffic to the wherever the default is coming from. (Usually from the upstream router, but upon failure, it will be known via iBGP from your other edge router) A couple of suggestions: 1) If you run iBGP, be *sure* not to advertize the default route learned from one edge router, through iBGP to the other edge router, and back out the other upstream. You can use a filter list to prevent that. 2) I would highly recommend running an IGP such as OSPF on all your routers. Remember, that's what routers are there for; routing protocols don't make things more complicated or flakey, but in fact it simplifies things and makes your network more robust. I notice this is a common misconception about using only static routes, and I have much experience on the matter. Static routes break things, especially when you have more than one potential path, like you are suggesting. Don't be afraid to let your firewall learn the correct default route from the redistributed EGP. On Sat, 2002-07-27 at 01:19, Jason Viera wrote: > It seems to me the ISP would have some degree of redundancy built into > itself. Am I missing something? > Jason > - Original Message - > From: ""Jay Greenberg"" > Newsgroups: groupstudy.cisco > Sent: Friday, July 26, 2002 2:52 PM > Subject: Re: BGP and HSRP [7:49807] > > > > If you don't want the run the IGP on the firewall, then just run > > something between the 2 gateway routers. iBGP would do the trick, and > > you are running BGP anyway. You could still use HSRP for your own extra > > router redundancy, but not for upstream selection. > > > > On Fri, 2002-07-26 at 16:28, sam sneed wrote: > > > I have a very small network, only 3 networks so i really don;t want to > run > > > an IGP. I especially don't want to run it on my firewall. The ISP > suggested > > > the HSRP solution since we are using static route between our firewall > and > > > these 2 routers. I know there has to be way to do this and am trying to > > > figure it out. I don't have enough routers to set up a lab so I can't > test > > > it before i put it in production. > > > > > > Thanks. > > > > > > ""Jay Greenberg"" wrote in message > > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > If I understand you correctly, I don't think that HRSP is what you > > > > need. HRSP is good if upstream serial interfaces go down, or > something > > > > like that, or for router redundancy, but in your situation I would > > > > suggest letting your IGP determine which upstream is active, based on > > > > who is still advertising the default BGP prefix. If you are using > OSPF, > > > > you could use #default-information originate. If the BGP default > prefix > > > > is the only default route on your edge routers, the OSPF default will > > > > disappear if the BGP default disappears. If you don't use OSPF, just > > > > redistribute the BGP default into your IGP. > > > > > > > > I am assuming that when your ISP goes "down", they stop sending the > BGP > > > > default. > > > > > > > > This will allow 1 of 2 things to happen. If your downstream devices > are > > > > IGP routers, they will already know the best to the good BGP upstream. > > > > If they are hosts with static default routes, then their default > gateway > > > > could always relay the packet, or suggest an ICMP redirect to the > host. > > > > > > > > Let me know if this helps! > > > > > > > > Jay Greenberg > > > > > > > > On Fri, 2002-07-26 at 14:50, sam sneed wrote: > > > > > I have a pair of 2621's and 2 reduandant ethernet handoffs to my > ISP. 1 > > > is > > > > a > > > > > primary and the other is a backup which shou
Re: BGP and HSRP [7:49807]
I have a very small network, only 3 networks so i really don;t want to run an IGP. I especially don't want to run it on my firewall. The ISP suggested the HSRP solution since we are using static route between our firewall and these 2 routers. I know there has to be way to do this and am trying to figure it out. I don't have enough routers to set up a lab so I can't test it before i put it in production. Thanks. ""Jay Greenberg"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > If I understand you correctly, I don't think that HRSP is what you > need. HRSP is good if upstream serial interfaces go down, or something > like that, or for router redundancy, but in your situation I would > suggest letting your IGP determine which upstream is active, based on > who is still advertising the default BGP prefix. If you are using OSPF, > you could use #default-information originate. If the BGP default prefix > is the only default route on your edge routers, the OSPF default will > disappear if the BGP default disappears. If you don't use OSPF, just > redistribute the BGP default into your IGP. > > I am assuming that when your ISP goes "down", they stop sending the BGP > default. > > This will allow 1 of 2 things to happen. If your downstream devices are > IGP routers, they will already know the best to the good BGP upstream. > If they are hosts with static default routes, then their default gateway > could always relay the packet, or suggest an ICMP redirect to the host. > > Let me know if this helps! > > Jay Greenberg > > On Fri, 2002-07-26 at 14:50, sam sneed wrote: > > I have a pair of 2621's and 2 reduandant ethernet handoffs to my ISP. 1 is > a > > primary and the other is a backup which should only be used if the primary > > fails. On my side i am running HSRP for fault tolerance RA is configured > > asprimary in my HSRP group. I will be doing BGP peering with my provider. I > > only want to receive default routes. I almost have the full config but am > > confused on 1point. If ISPA goes loses connectivity a couple hops upstream > > HSRP will not fail over becasue my link is physically up so all my internal > > hosts will still go through RA eth0. How do I get them to go through RA > eth0 > > then to RB eth0 and then eventually through the backup ISP link, ISP B. > Keep > > in mind its the same ISP, AS#, just a different connection. Its a huge ISP. > > Is there some kind of peering needed between RA and RB, maybe some special > > commands? > > Am I at least on the right track? > > My configs are posted below. > > > > If the ascii art gets confusing I have posted good a diagram as a gif at : > > > > http://sbnet.freeservers.com/bgp.gif > > > > virtual router > > All routers use AS100 > > > > __ > > 172.16.20.0 --->| 172.16.10.2--->RA| > > 192.168.133.1--->|ISPA 192.168.133.2 | ->internet > > 172.16.30.0 --> | | (RA eth1) > > |__| > > 172..16.10.0 ---> | 172.16.10.1-->HSRP | > > | --- | > > |172.16.10.3>RB | > > _ > > |___| > > 192.168.100.1->|ISPB 192.168.100.2|-->internet > > > > (RB eth1)|| > > > > > > Router A > > --- > > > > interface FastEthernet0/0 > > ip address 172.16.10.2 255.255.255.0 > > standby priority 105 > > standby 244 ip 172.16.10.1 > > standby 244 preempt > > standby 244 track FastEthernet0/1 > > ! > > interface FastEthernet0/1 > > ip address ip address 192.168.100.1 255.255.255.252 > > > > > > router bgp 100 > > no synchronization > > network 172.16.10.0 > > network 172.16.20.0 > > network 172.16.30.0 > > neighbor 192.168.133.2 remote-as 100 > > neighbor 192.168.133.2 prefix-list ABC in > > neighbor 172.16.10.3 remote-as 100 > > no auto-summary > > ! > > > > ip prefix-list ABC seq 5 permit 0.0.0.0/0 > > > > end > > > > > > > > > > Router B > > > > interface FastEthernet0/0 > > ip address 172.16.10.3 255.255.255.0 > > standby priority 100 > > standby 244 ip 172.16.10.1 > > standby 244 preempt > > standby 244 track FastEthernet0/1 > > ! > > interface FastEthernet0/1 > > ip address ip address 192.168.100.1 255.255.255.252 > > > > router bgp 100 > > no synchronization > > network 172.16.10.0 > > network 172.16.20.0 > > network 172.16.30.0 > > neighbor 192.168.100.2 remote-as 100 > > neighbor 192.168.100.2 prefix-list ABC in > > neighbor 172.16.10.2 remote-as 100 > > no auto-summary > > ! > > ip prefix-list ABC seq 5 permit 0.0.0.0/0 > > > > end Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i
Re: BGP and HSRP [7:49807]
If I understand you correctly, I don't think that HRSP is what you need. HRSP is good if upstream serial interfaces go down, or something like that, or for router redundancy, but in your situation I would suggest letting your IGP determine which upstream is active, based on who is still advertising the default BGP prefix. If you are using OSPF, you could use #default-information originate. If the BGP default prefix is the only default route on your edge routers, the OSPF default will disappear if the BGP default disappears. If you don't use OSPF, just redistribute the BGP default into your IGP. I am assuming that when your ISP goes "down", they stop sending the BGP default. This will allow 1 of 2 things to happen. If your downstream devices are IGP routers, they will already know the best to the good BGP upstream. If they are hosts with static default routes, then their default gateway could always relay the packet, or suggest an ICMP redirect to the host. Let me know if this helps! Jay Greenberg On Fri, 2002-07-26 at 14:50, sam sneed wrote: > I have a pair of 2621's and 2 reduandant ethernet handoffs to my ISP. 1 is a > primary and the other is a backup which should only be used if the primary > fails. On my side i am running HSRP for fault tolerance RA is configured > asprimary in my HSRP group. I will be doing BGP peering with my provider. I > only want to receive default routes. I almost have the full config but am > confused on 1point. If ISPA goes loses connectivity a couple hops upstream > HSRP will not fail over becasue my link is physically up so all my internal > hosts will still go through RA eth0. How do I get them to go through RA eth0 > then to RB eth0 and then eventually through the backup ISP link, ISP B. Keep > in mind its the same ISP, AS#, just a different connection. Its a huge ISP. > Is there some kind of peering needed between RA and RB, maybe some special > commands? > Am I at least on the right track? > My configs are posted below. > > If the ascii art gets confusing I have posted good a diagram as a gif at : > > http://sbnet.freeservers.com/bgp.gif > > virtual router > All routers use AS100 > > __ > 172.16.20.0 --->| 172.16.10.2--->RA| > 192.168.133.1--->|ISPA 192.168.133.2 | ->internet > 172.16.30.0 --> | | (RA eth1) > |__| > 172..16.10.0 ---> | 172.16.10.1-->HSRP | > | --- | > |172.16.10.3>RB | > _ > |___| > 192.168.100.1->|ISPB 192.168.100.2|-->internet > > (RB eth1)|| > > > Router A > --- > > interface FastEthernet0/0 > ip address 172.16.10.2 255.255.255.0 > standby priority 105 > standby 244 ip 172.16.10.1 > standby 244 preempt > standby 244 track FastEthernet0/1 > ! > interface FastEthernet0/1 > ip address ip address 192.168.100.1 255.255.255.252 > > > router bgp 100 > no synchronization > network 172.16.10.0 > network 172.16.20.0 > network 172.16.30.0 > neighbor 192.168.133.2 remote-as 100 > neighbor 192.168.133.2 prefix-list ABC in > neighbor 172.16.10.3 remote-as 100 > no auto-summary > ! > > ip prefix-list ABC seq 5 permit 0.0.0.0/0 > > end > > > > > Router B > > interface FastEthernet0/0 > ip address 172.16.10.3 255.255.255.0 > standby priority 100 > standby 244 ip 172.16.10.1 > standby 244 preempt > standby 244 track FastEthernet0/1 > ! > interface FastEthernet0/1 > ip address ip address 192.168.100.1 255.255.255.252 > > router bgp 100 > no synchronization > network 172.16.10.0 > network 172.16.20.0 > network 172.16.30.0 > neighbor 192.168.100.2 remote-as 100 > neighbor 192.168.100.2 prefix-list ABC in > neighbor 172.16.10.2 remote-as 100 > no auto-summary > ! > ip prefix-list ABC seq 5 permit 0.0.0.0/0 > > end Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49820&t=49807 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP and HSRP [7:49807]
did more research, would a "next-hop-self " on RA and RB respectively do the trick? ""sam sneed"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I have a pair of 2621's and 2 reduandant ethernet handoffs to my ISP. 1 is a > primary and the other is a backup which should only be used if the primary > fails. On my side i am running HSRP for fault tolerance RA is configured > asprimary in my HSRP group. I will be doing BGP peering with my provider. I > only want to receive default routes. I almost have the full config but am > confused on 1point. If ISPA goes loses connectivity a couple hops upstream > HSRP will not fail over becasue my link is physically up so all my internal > hosts will still go through RA eth0. How do I get them to go through RA eth0 > then to RB eth0 and then eventually through the backup ISP link, ISP B. Keep > in mind its the same ISP, AS#, just a different connection. Its a huge ISP. > Is there some kind of peering needed between RA and RB, maybe some special > commands? > Am I at least on the right track? > My configs are posted below. > > If the ascii art gets confusing I have posted good a diagram as a gif at : > > http://sbnet.freeservers.com/bgp.gif > > virtual router > All routers use AS100 > > __ > 172.16.20.0 --->| 172.16.10.2--->RA| > 192.168.133.1--->|ISPA 192.168.133.2 | ->internet > 172.16.30.0 --> | | (RA eth1) > |__| > 172..16.10.0 ---> | 172.16.10.1-->HSRP | > | --- | > |172.16.10.3>RB | > _ > |___| > 192.168.100.1->|ISPB 192.168.100.2|-->internet > > (RB eth1)|| > > > Router A > --- > > interface FastEthernet0/0 > ip address 172.16.10.2 255.255.255.0 > standby priority 105 > standby 244 ip 172.16.10.1 > standby 244 preempt > standby 244 track FastEthernet0/1 > ! > interface FastEthernet0/1 > ip address ip address 192.168.100.1 255.255.255.252 > > > router bgp 100 > no synchronization > network 172.16.10.0 > network 172.16.20.0 > network 172.16.30.0 > neighbor 192.168.133.2 remote-as 100 > neighbor 192.168.133.2 prefix-list ABC in > neighbor 172.16.10.3 remote-as 100 > no auto-summary > ! > > ip prefix-list ABC seq 5 permit 0.0.0.0/0 > > end > > > > > Router B > > interface FastEthernet0/0 > ip address 172.16.10.3 255.255.255.0 > standby priority 100 > standby 244 ip 172.16.10.1 > standby 244 preempt > standby 244 track FastEthernet0/1 > ! > interface FastEthernet0/1 > ip address ip address 192.168.100.1 255.255.255.252 > > router bgp 100 > no synchronization > network 172.16.10.0 > network 172.16.20.0 > network 172.16.30.0 > neighbor 192.168.100.2 remote-as 100 > neighbor 192.168.100.2 prefix-list ABC in > neighbor 172.16.10.2 remote-as 100 > no auto-summary > ! > ip prefix-list ABC seq 5 permit 0.0.0.0/0 > > end Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=49819&t=49807 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BGP and HSRP [7:49807]
If you don't want the run the IGP on the firewall, then just run something between the 2 gateway routers. iBGP would do the trick, and you are running BGP anyway. You could still use HSRP for your own extra router redundancy, but not for upstream selection. On Fri, 2002-07-26 at 16:28, sam sneed wrote: > I have a very small network, only 3 networks so i really don;t want to run > an IGP. I especially don't want to run it on my firewall. The ISP suggested > the HSRP solution since we are using static route between our firewall and > these 2 routers. I know there has to be way to do this and am trying to > figure it out. I don't have enough routers to set up a lab so I can't test > it before i put it in production. > > Thanks. > > ""Jay Greenberg"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > If I understand you correctly, I don't think that HRSP is what you > > need. HRSP is good if upstream serial interfaces go down, or something > > like that, or for router redundancy, but in your situation I would > > suggest letting your IGP determine which upstream is active, based on > > who is still advertising the default BGP prefix. If you are using OSPF, > > you could use #default-information originate. If the BGP default prefix > > is the only default route on your edge routers, the OSPF default will > > disappear if the BGP default disappears. If you don't use OSPF, just > > redistribute the BGP default into your IGP. > > > > I am assuming that when your ISP goes "down", they stop sending the BGP > > default. > > > > This will allow 1 of 2 things to happen. If your downstream devices are > > IGP routers, they will already know the best to the good BGP upstream. > > If they are hosts with static default routes, then their default gateway > > could always relay the packet, or suggest an ICMP redirect to the host. > > > > Let me know if this helps! > > > > Jay Greenberg > > > > On Fri, 2002-07-26 at 14:50, sam sneed wrote: > > > I have a pair of 2621's and 2 reduandant ethernet handoffs to my ISP. 1 > is > > a > > > primary and the other is a backup which should only be used if the > primary > > > fails. On my side i am running HSRP for fault tolerance RA is configured > > > asprimary in my HSRP group. I will be doing BGP peering with my > provider. I > > > only want to receive default routes. I almost have the full config but > am > > > confused on 1point. If ISPA goes loses connectivity a couple hops > upstream > > > HSRP will not fail over becasue my link is physically up so all my > internal > > > hosts will still go through RA eth0. How do I get them to go through RA > > eth0 > > > then to RB eth0 and then eventually through the backup ISP link, ISP B. > > Keep > > > in mind its the same ISP, AS#, just a different connection. Its a huge > ISP. > > > Is there some kind of peering needed between RA and RB, maybe some > special > > > commands? > > > Am I at least on the right track? > > > My configs are posted below. > > > > > > If the ascii art gets confusing I have posted good a diagram as a gif at > : > > > > > > http://sbnet.freeservers.com/bgp.gif > > > > > > virtual router > > > All routers use AS100 > > > > > > __ > > > 172.16.20.0 --->| 172.16.10.2--->RA| > > > 192.168.133.1--->|ISPA 192.168.133.2 | ->internet > > > 172.16.30.0 --> | | (RA eth1) > > > |__| > > > 172..16.10.0 ---> | 172.16.10.1-->HSRP | > > > | --- | > > > |172.16.10.3>RB | > > > _ > > > |___| > > > 192.168.100.1->|ISPB 192.168.100.2|-->internet > > > > > > (RB eth1)|| > > > > > > > > > Router A > > > --- > > > > > > interface FastEthernet0/0 > > > ip address 172.16.10.2 255.255.255.0 > > > standby priority 105 > > > standby 244 ip 172.16.10.1 > > > standby 244 preempt > > > standby 244 track FastEthernet0/1 > > > ! > > > interface FastEthernet0/1 > > > ip address ip address 192.168.100.1 255.255.255.252 > > > > > > > > > router bgp 100 > > > no synchronization > > > network 172.16.10.0 > > > network 172.16.20.0 > > > network 172.16.30.0 > > > neighbor 192.168.133.2 remote-as 100 > > > neighbor 192.168.133.2 prefix-list ABC in > > > neighbor 172.16.10.3 remote-as 100 > > > no auto-summary > > > ! > > > > > > ip prefix-list ABC seq 5 permit 0.0.0.0/0 > > > > > > end > > > > > > > > > > > > > > > Router B > > > > > > interface FastEthernet0/0 > > > ip address 172.16.10.3 255.255.255.0 > > > standby priority 100 > > > standby 244 ip 172.16.10.1 > >
