BGP for Enterprise Networks
Resources.
1. They had two routers for redundancy. One router should work as a Primary and another router should work as a Secondary for fail-over.
2. They had /23 Subnets which is provided by IANA. For Confidentiality I’m going to use 193.168.0.0/23 Subnet in this blog instead of real Subnet they are currently using.
3. They were planning to connect with two ISP for BGP upstream.
4. Because of router incapability global routing table cannot be received from ISP so we had to plan accordingly.
Scenario.
1. I had to configure one Router as a Primary and another Router as a Secondary. For that I can use Multi Exit Discriminator Attribute of BGP but I had decided to use HSRP.
2. I had to Subnet to /23 network in two different /24 network because I decided to use both ISP. I decided to configure router in such a way to achieve the below mentioned goal.
Let’s say I have 193.168.0.0/23 network. I did Subnet it to 193.168.0.0/24 and 193.168.1.0/24.
Traffic generated from 193.168.0.0/24 network should go from ISP A and traffic destined to 193.168.0.0/24 network should come from ISP A.
Traffic generated from 193.168.1.0/24 network should go from ISP B and traffic destined to 193.168.1.0/24 network should come from ISP B.
Let’s elaborate it in clear English.
If someone from Bank's network try to browse / download something from internet using 193.168.0.0/24 IP it should go from the ISP A.
Likewise if someone from Bank's network try to browse / download something from internet using 193.168.1.0/24 IP it should go from the ISP B.
If some one try to use the services hosted on 193.168.0.0/24 network from the internet it should come from the ISP A.
Likewise if someone try to use the services hosted on 193.168.1.0/24 network from the internet it should come from the ISP B.
If any one of the ISP link goes down both traffic should come/go from another ISP.
3. Because of router incapability I unable to configure router in a such a way to receive the global route from the upstream ISP. So I have decided to configure router as below.
I planned to receive local prefix of both ISP and default route. And configured our router as below.
Traffic destined to 193.168.0.0/23 network from ISP A prefix should come from ISP A and traffic destined to ISP A prefix from 193.168.0.0/23 network should go towards ISP A.
Traffic destined to 193.168.0.0/23 network from ISP B prefix should come from ISP B and traffic destined to ISP B prefix from 193.168.0.0/23 network should go towards ISP B.
If any on of the ISP link goes down both traffic should come/go from another ISP.
Configuration Starts from here !
To achieve the above goal we have to configure HSRP, BGP, Policy Based Routing.
Let's start with HSRP.
We have to configure three different HSRP process. Process 1 for ISP A. Process 2 for ISP B and Process 3 for LAN.
HSRP Configuration on Primary Router for ISP A.
interface GigabitEthernet0/0
description ***ISP-A***
ip address 193.168.0.1 255.255.255.248
standby 1 ip 193.168.0.4
standby 1 priority 250
standby 1 preempt
standby 1 preempt delay minimum 60
interface GigabitEthernet0/0
description ***ISP-A***
ip address 193.168.0.2 255.255.255.248
standby 1 ip 193.168.0.4
HSRP Configuration on Primary Router for ISP B.
interface GigabitEthernet0/1
description ***ISP-B***
ip address 193.168.1.1 255.255.255.248
standby 2 ip 193.168.1.4
standby 2 priority 250
standby 2 preempt
standby 2 preempt delay minimum 60
interface GigabitEthernet0/1
description ***ISP-B***
ip address 193.168.1.2 255.255.255.248
standby 2 ip 193.168.1.4
interface GigabitEthernet0/2
description ***ISP-A***
ip address 193.168.0.9 255.255.255.248
standby 3 ip 193.168.0.12
standby 3 priority 250
standby 3 preempt
standby 3 preempt delay minimum 60
interface GigabitEthernet0/1
description ***ISP-B***
ip address 193.168.0.10 255.255.255.248
standby 3 ip 193.168.0.12
router bgp 30
bgp log-neighbor-changes
network 193.168.0.0 mask 255.255.254.0
network 193.168.0.0 mask 255.255.255.0
network 193.168.1.0 mask 255.255.255.0
neighbor 193.168.0.3 remote-as 10
neighbor 193.168.0.3 soft-reconfiguration inbound
neighbor 193.168.0.3 prefix-list ISP-A out
neighbor 193.168.0.3 route-map ISP-A in
neighbor 193.168.0.3 weight 500
neighbor 193.168.1.3 remote-as 20
neighbor 193.168.1.3 soft-reconfiguration inbound
neighbor 193.168.1.3 prefix-list ISP-B out
neighbor 193.168.1.3 route-map ISP-B in
router bgp 30
bgp log-neighbor-changes
network 193.168.0.0 mask 255.255.254.0
network 193.168.0.0 mask 255.255.255.0
network 193.168.1.0 mask 255.255.255.0
neighbor 193.168.0.3 remote-as 10
neighbor 193.168.0.3 soft-reconfiguration inbound
neighbor 193.168.0.3 prefix-list ISP-A out
neighbor 193.168.0.3 route-map ISP-A in
neighbor 193.168.0.3 weight 500
neighbor 193.168.0.3 transport connection-mode passive
neighbor 193.168.1.3 remote-as 20
neighbor 193.168.1.3 soft-reconfiguration inbound
neighbor 193.168.1.3 prefix-list ISP-B out
neighbor 193.168.1.3 route-map ISP-B in
neighbor 193.168.1.3 transport connection-mode passive
ip prefix-list ISP-A seq 5 permit 193.168.0.0/24
ip prefix-list ISP-A seq 10 permit 192.168.1.0/24
ip prefix-list ISP-A seq 15 permit 193.168.0.0/23
!
ip prefix-list ISP-B seq 5 permit 193.168.0.0/23
ip prefix-list ISP-B seq 10 permit 193.168.0.0/24
ip prefix-list ISP-B seq 15 permit 193.168.1.0/24
!
ip prefix-list ISP-A-PREFIX seq 5 permit 10.10.10.0/24
!
ip prefix-list ISP-B-PREFIX seq 5 permit 20.20.20.0/24
!
ip prefix-list DEFAULT-ROUTE seq 5 permit 0.0.0.0/0
!
!
route-map ISP-A permit 10
match ip address prefix-list DEFAULT-ROUTE
match ip address prefix-list ISP-A-PREFIX
!
route-map ISP-B permit 10
match ip address prefix-list DEFAULT-ROUTE
match ip address prefix-list ISP-B-PREFIX
!
!
ip access-list extended PBR-242
permit ip 193.168.0.0 0.0.0.255 any
ip access-list extended PBR-243
permit ip 193.168.1.0 0.0.0.255 any
!
!
route-map PBR permit 242
match ip address PBR-242
set ip default next-hop 193.168.0.3
!
route-map PBR permit 243
match ip address PBR-243
set ip default next-hop 193.168.1.3
!
interface GigabitEthernet0/2
ip policy route-map PBR
!
Comments
Post a Comment