Re: [Skunkworks] Automatic Failover Config but over junos
Hi , I have this scenario i have 2 ISP's . I do eBGP with both of them. ISP 1 -send /24 subnets ISP 2 - send /23 subnets what we want to achieve is automatic failover .Such that if ISP1 fails traffic goes to ISP 2 automaticaly. But when testing this live ...something strange happens traffic goes out through ISP 1 which is wat we want .BUt incoming traffic uses ISP 2. For cisco there are good examples on the net but for juniper Mx series or just any junos we cant find examples. something about AS-PREPEND and playing with metrics.We want to keep it as simple as possible.THat why we opted to use the more specific subnet method. Anyone who's worked on a similar scenario please help. Regards, On Thu, Dec 9, 2010 at 4:35 PM, Thuo Wilson <lixton@gmail.com> wrote:
On 9 December 2010 16:32, Thuo Wilson <lixton@gmail.com> wrote:
On 9 December 2010 16:14, Thuo Wilson <lixton@gmail.com> wrote:
On 9 December 2010 16:12, Thuo Wilson <lixton@gmail.com> wrote:
On 8 December 2010 18:24, <tonnie@swiftkenya.com> wrote:
Hi Skunks
I?m trying to configure auto-failover between KDN and Safcom links, with KDN being the primary. My router config is as below
Interfaces
interface GigabitEthernet0/0 description LAN ip address 192.168.7.1 255.255.255.0 duplex auto speed auto ! interface GigabitEthernet0/1 Description KDN Link ip address 172.220.70.34 255.255.255.252 duplex auto speed auto ! interface FastEthernet0/0/0 description Link to Safaricom ip address 172.30.6.182 255.255.255.252 duplex auto speed auto !
BGP Config
router bgp 65200 no synchronization bgp log-neighbor-changes network 132.147.160.0 mask 255.255.255.0 network 172.16.0.0 mask 255.255.255.0 network 192.168.7.0 timers bgp 30 45 neighbor 172.30.6.181 remote-as 37061 neighbor 172.30.6.181 ebgp-multihop 3 neighbor 172.30.6.181 update-source FastEthernet0/0/0 neighbor 172.30.6.181 weight 100 neighbor 172.30.6.181 prefix-list INSECTA-ROUTE out neighbor 172.220.70.33 remote-as 65160 neighbor 172.220.70.33 ebgp-multihop 3 neighbor 172.220.70.33 update-source GigabitEthernet0/1 neighbor 172.220.70.33 weight 1000 neighbor 172.220.70.33 prefix-list INSECTA-ROUTE out no auto-summary !
mix, route-maps, AS-PATH and IP SLA ().
OOPPS - PREPEND AS not AS-PATH !
E&OE .
Further, see a sample to suit your need.
If you want to monitor P2P links only using SLA try monitor a providers DNS/KNOWN IP on their network eg, since KDN is primary. Do as follows;
(btw depending on IOS the command interpretation varies)
ip sla monitor 10 type echo protocol ipIcmpEcho 172.220.70.33 source-ipaddr 172.220.70.34 === icmp echo with src address timeout 500 ====== delay b4 timeout frequency 3 ===== (if host doesnt respond in 1.5 seconds, jipange na backup) ip sla monitor schedule 10 start-time now === self explanatory
Then: TELL the router to check this
ip route 41.220.238.4 255.255.255.255 172.220.70.33 track 10 ====note track! (SLA ID?)
route 0.0.0.0 0.0.0.0 172.220.70.33 route 0.0.0.0 0.0.0.0 172.30.6.181 100 ==== Note the distance, means if primary has been detected to go down, insert this as primary on routing table.
router bgp XXXX
neighbor 172.30.6.181 weight 1000 <PREFERED>
neighbor 172.30.6.181 route-map KDN-PRIMARY out
neighbor 172.220.70.33 weight 100 <BACKUP>
neighbor 172.220.70.33 route-map SAFCOM-BACKUP out
ip prefix-list KDN seq 5 permit 132.147.160.0/24
ip prefix-list KDN seq 500 deny 0.0.0.0/0
ip prefix-list SAFCOM seq 5 permit 132.147.160.0/24
ip prefix-list SAFCOM seq 500 deny 0.0.0.0/0
route-map KDN-PRIMARY permit 20
match ip address prefix-list SAFCOM
set as-path prepend xxxx xxxx xxxx (3 or more times)
route-map SAFCOM-BACKUP permit 10
match ip address prefix-list KDN
set as-path prepend xxx (or more but not exceeding the above)
(The above takes care of BGP route only if uplink is responding)
E&OE.
Wilson.
Wilson.
When I shut down KDN interface, Safcom link picks up traffic, but when I bring up the KDN interface, it doesn?t come as primary until I shut down Safaricom. I have given KDN link the required weight.
Could there be a syntax I have missed out?
Regards Anthony
---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program.
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
On 14 December 2010 13:42, ibtisam jamal <ibty.jamal@gmail.com> wrote:
Hi ,
I have this scenario i have 2 ISP's . I do eBGP with both of them. ISP 1 -send /24 subnets ISP 2 - send /23 subnets
what we want to achieve is automatic failover .Such that if ISP1 fails traffic goes to ISP 2 automaticaly.
But when testing this live ...something strange happens traffic goes out through ISP 1 which is wat we want .BUt incoming traffic uses ISP 2.
How was the test simulated? Was ur BGP session taken down during the test? If your purely doing BGP with your provider, your routes should have disappeared from their side during the test.
For cisco there are good examples on the net but for juniper Mx series or just any junos we cant find examples.
Juniper's site has pretty good detailed examples, just like Cisco if not better.
something about AS-PREPEND and playing with metrics.We want to keep it as simple as possible.THat why we opted to use the more specific subnet method.
Theres nothing complex about AS-PREPEND, if you have two providers, your advertisments should be consistent across both, then use prepends to select which subnet should go through which provider. -- *./ TJ*
Hi Jamal, On 12/14/10 12:42 PM, ibtisam jamal wrote:
Hi ,
I have this scenario i have 2 ISP's . I do eBGP with both of them. ISP 1 -send /24 subnets ISP 2 - send /23 subnets
Ok. Could you confirm if you are the one originating the prefix (with your own ASN) or its your upstream provider?
what we want to achieve is automatic failover .Such that if ISP1 fails traffic goes to ISP 2 automaticaly.
Ok.
But when testing this live ...something strange happens traffic goes out through ISP 1 which is wat we want .BUt incoming traffic uses ISP 2.
How it works is simple Routing information flows in opposite direction of traffic flow. That means if you were receiving traffic flow through ISP2 - it means your BGP announcements via ISP1 were not being advertised to the rest of the Internet as they should be. Please log on onto any looking glass outside your network and review what the routing table looks like with your prefixes. An example of a looking glass is route-views.oregon-ix.net (use telnet).
For cisco there are good examples on the net but for juniper Mx series or just any junos we cant find examples.
The concept is the same only the command line is different but should achieve the same.
something about AS-PREPEND and playing with metrics.We want to keep it as simple as possible.THat why we opted to use the more specific subnet method.
Well AS-Path Prepend cannot do anything better than longer prefix match will do. Already if you are announcing longer prefixes (/24) via ISP1 then that should be your preferred inbound path to your network. The only time in such a configuration that your traffic will come via ISP2 is when the announcements via ISP1 are withdrawn from the routing table. To influence your outbound traffic use local preference where the default route received from ISP1 will have a higher local preference that the one from ISP2. Thats basically as simple as it can get. There are instances to use AS-Path Prepend but its not the place to start. Regards, Michuki. |* * END * *|
On Tue, Dec 14, 2010 at 6:03 PM, Michuki Mwangi <michuki@swiftkenya.com> wrote:
Hi Jamal,
On 12/14/10 12:42 PM, ibtisam jamal wrote:
Hi ,
I have this scenario i have 2 ISP's . I do eBGP with both of them. ISP 1 -send /24 subnets ISP 2 - send /23 subnets
Ok.
Could you confirm if you are the one originating the prefix (with your own ASN) or its your upstream provider? We are originating the prefix with own ASN
what we want to achieve is automatic failover .Such that if ISP1 fails traffic goes to ISP 2 automaticaly.
Ok.
But when testing this live ...something strange happens traffic goes out through ISP 1 which is wat we want .BUt incoming traffic uses ISP 2.
How it works is simple Routing information flows in opposite direction of traffic flow. That means if you were receiving traffic flow through ISP2 - it means your BGP announcements via ISP1 were not being advertised to the rest of the Internet as they should be.
Please log on onto any looking glass outside your network and review what the routing table looks like with your prefixes. An example of a looking glass is route-views.oregon-ix.net (use telnet).
For cisco there are good examples on the net but for juniper Mx series or just any junos we cant find examples.
The concept is the same only the command line is different but should achieve the same.
something about AS-PREPEND and playing with metrics.We want to keep it as simple as possible.THat why we opted to use the more specific subnet method.
Well AS-Path Prepend cannot do anything better than longer prefix match will do. Already if you are announcing longer prefixes (/24) via ISP1 then that should be your preferred inbound path to your network.
The only time in such a configuration that your traffic will come via ISP2 is when the announcements via ISP1 are withdrawn from the routing table.
To influence your outbound traffic use local preference where the default route received from ISP1 will have a higher local preference that the one from ISP2.
Thats basically as simple as it can get. There are instances to use AS-Path Prepend but its not the place to start.
Regards,
Michuki. |* * END * *|
Thanks Will do a test tonight and check the looking glass routes.
participants (3)
-
ibtisam jamal -
Michuki Mwangi -
TJ