Wednesday, August 10, 2011

Configuring BGP - Dual Homed Design (Part 1)

In this blogtorial we will discuss how to implement a Dual Homed BGP design. So let's begin by defining what is a Dual Homed BGP design? Dual Homed BGP means you have 2 local routers (in the same ASN) connected to the 2 different routers from the same ISP. A Dual Homed setup will give you fault tolerant at the router level but not at the ISP level. Consider a Single Multihomed or Dual Multihomed setup for fault tolerant at the ISP level. These are fairly advanced topics so I suggest you familiarize yourself with BGP, BGP path selection, route-maps, prefix-lists, OSPF, route-distribution before continuing. 


Objectives: 
  • Configure OSPF as IGP for R1, R2, R3
  • Configure iBGP between R1 and R2
  • Configure iBGP between R4 and R5
  • Configure eBGP between R1 and R4 
  • Configure eBGP between R2 and R5
See below for the network diagram to better understand a Dual Homed BGP Design.



Relevant configurations are posted below so let's get started.
First let's get R1, R2, R3 configured with OSPF as its IGP and let R1 and R2 originate default into the OSPF domain. Relevant configurations are below.

R1#sh run int fast1/0
interface FastEthernet1/0
 description Connected to LAN
 ip address 10.0.0.1 255.255.255.0
 duplex auto
 speed auto
end


** Get the subnet 10.0.0.0/24 in the OSPF Area 0 and originate a default** 

R1#sh run | sec ospf
router ospf 1
 log-adjacency-changes
 network 10.0.0.0 0.0.0.255 area 0
 default-information originate

R2#sh run int fast1/0
interface FastEthernet1/0
 description Connected to LAN
 ip address 10.0.0.2 255.255.255.0
 duplex auto
 speed auto
end


** Get the subnet 10.0.0.0/24 in the OSPF Area 0 and originate a default** 

R2#sh run | sec ospf
router ospf 1
 log-adjacency-changes
 network 10.0.0.0 0.0.0.255 area 0
 default-information originate

R3#sh run int fast1/0
interface FastEthernet1/0
 description Connected to LAN
 ip address 10.0.0.3 255.255.255.0
 duplex auto
 speed auto
end

** Get the subnet 10.0.0.0/24 in the OSPF Area 0 ** 

R3#sh run | sec ospf
router ospf 1
 log-adjacency-changes
 network 10.0.0.0 0.0.0.255 area 0

Let's verify OSPF neighbor relationships. 

Notice R3 is neighbored with R1 and R2 as configured.

Now let's get R1 and R2 configured with iBGP, eBGP, and advertise 22.22.22.0/24 to our upstream ISP (R4 and R5). 
**Create a prefix-list to match only the default route. We will be using this prefix-list for a couple of route-maps **

R1#sh run | sec ip prefix
ip prefix-list DEFONLY seq 10 permit 0.0.0.0/0

** Create a route-map which we will later use to set the local preference for routes coming in from eBGP neighbors. If we do not set the local preference iBGP routes will be installed into the routing table and we will create a routing loop. **


R1#sh run | sec route-map
route-map SETEBGPLOCALPREF permit 10
 set local-preference 100


** Create a route-map which we will later use to set the local preference for the default route learned via iBGP. **


R1#sh run | sec route-map
route-map SETIBGPDEFLOCALPREF permit 10
 match ip address prefix-list DEFONLY
 set local-preference 50 ** Set iBGP learned default to be a lower preference than eBGP learned default.**
route-map SETIBGPDEFLOCALPREF permit 20

R1#sh run int fast1/1
interface FastEthernet1/1
 description Connected to R2
 ip address 22.22.22.1 255.255.255.0
 duplex auto
 speed auto
end

R1#sh run int gi2/0
interface GigabitEthernet2/0
 description Connected to ISP - R4
 ip address 11.11.11.1 255.255.255.0
 negotiation auto
end

R1#sh run | sec bgp
router bgp 22222
 no synchronization
 bgp log-neighbor-changes
 network 22.22.22.0 mask 255.255.255.0
 network 11.11.11.0 mask 255.255.255.0
 neighbor 11.11.11.4 remote-as 11111
 neighbor 11.11.11.4 route-map SETEBGPLOCALPREF in ** Anything coming in from this neighbor will have a local preference of 100 ** 
 neighbor 22.22.22.2 remote-as 22222
 neighbor 22.22.22.2 next-hop-self
 neighbor 22.22.22.2 route-map SETIBGPDEFLOCALPREF in ** Default route coming in from this neighbor will have a local preference of 50 **
 no auto-summary

**Create a prefix-list to match only the default route **

R2#sh run | sec ip prefix
ip prefix-list DEFONLY seq 10 permit 0.0.0.0/0

** Create a route-map which we will later use to set the local preference for routes coming in from eBGP neighbors. If we do not set the local preference iBGP routes will be installed into the routing table and we will create a routing loop. **


R2#sh run | sec route-map
route-map SETEBGPLOCALPREF permit 10
 set local-preference 100


** Create a route-map which we will later use to set the local preference for the default route learned via iBGP. **


R2#sh run | sec route-map
route-map SETIBGPDEFLOCALPREF permit 10
 match ip address prefix-list DEFONLY
 set local-preference 50
route-map SETIBGPDEFLOCALPREF permit 20

R2#sh run int fast1/1
interface FastEthernet1/1
 description Connected to R1
 ip address 22.22.22.2 255.255.255.0
 duplex auto
 speed auto
end

R2#sh run int g2/0
interface GigabitEthernet2/0
 description Connected to ISP - R5
 ip address 12.12.12.2 255.255.255.0
 negotiation auto
end

R2#sh run | sec bgp
router bgp 22222
 no synchronization
 bgp log-neighbor-changes
 network 22.22.22.0 mask 255.255.255.0
 network 12.12.12.0 mask 255.255.255.0
 neighbor 12.12.12.5 remote-as 11111
 neighbor 12.12.12.5 route-map SETEBGPLOCALPREF in ** Anything coming in from this neighbor will have a local preference of 100 ** 
 neighbor 22.22.22.1 remote-as 22222
 neighbor 22.22.22.1 next-hop-self
 neighbor 22.22.22.1 route-map SETIBGPDEFLOCALPREF in ** Default route coming in from this neighbor will have a local preference of 50 **
 no auto-summary

Let's verify iBGP relationship. 

Verifying iBGP relationship between R1 and R2. 
Let's get R4 and R5 configured with ip address, static routes, eBGP and iBGP. 

R4#sh run | incl ip route
ip route 0.0.0.0 0.0.0.0 Null0

R4#sh run int gig1/0
interface GigabitEthernet1/0
 description Connected to R1
 ip address 11.11.11.4 255.255.255.0
 negotiation auto
end

R4#sh run int fast2/0
interface FastEthernet2/0
 description Connected to R5
 ip address 10.4.4.4 255.255.255.0
 duplex auto
 speed auto
end

R4#sh run | sec bgp
router bgp 11111
 no synchronization
 bgp log-neighbor-changes
 network 10.4.4.0 mask 255.255.255.0
 network 11.11.11.0 mask 255.255.255.0
 neighbor 10.4.4.5 remote-as 11111
 neighbor 10.4.4.5 default-originate
 neighbor 11.11.11.1 remote-as 22222
 neighbor 11.11.11.1 default-originate
 no auto-summary

R5#sh run | incl ip route
ip route 0.0.0.0 0.0.0.0 Null0

R5#sh run int g1/0
interface GigabitEthernet1/0
 description Connected to R2
 ip address 12.12.12.5 255.255.255.0
 negotiation auto
end

R5#sh run int fast2/0
interface FastEthernet2/0
 description Connected to R4
 ip address 10.4.4.5 255.255.255.0
 duplex auto
 speed auto
end

R5#sh run | sec bgp
router bgp 11111
 no synchronization
 bgp log-neighbor-changes
 network 10.4.4.0 mask 255.255.255.0
 network 12.12.12.0 mask 255.255.255.0
 neighbor 10.4.4.4 remote-as 11111
 neighbor 10.4.4.4 default-originate
 neighbor 12.12.12.2 remote-as 22222
 neighbor 12.12.12.2 default-originate
 no auto-summary

Let's verify everything works as it should. I would probably do a clear ip bgp on R1 and R2 to get everything back to where it should be. Remember BGP is SLOW!! so it may take a while to populate everything after clear ip bgp. 

R1 and R2 are neighbored with R4 and R5
Notice there are 2 routes for 0.0.0.0 and the eBGP route has been selected as the best route. Why? Because it has a higher local preference. Thanks to our route-map.
Notice the default route installed into the routing table is the eBGP learned default and not the iBGP learned default.
At this point R1 and R2 are configured and ready to go. They are getting the right default routes installed in the routing table. If R1 internet goes down R1 will then use R2's link and get out to the internet. Everything is working fine EXCEPT R3 is not ready yet.


Notice that R3 has 2 default routes as it should so it can load balance. However pinging anything outside of R1 and R2 fails. See below. 


For example, pinging R5 (12.12.12.5) fails even though we have 2 default routes. Why? 


It is failing because R4 and R5 does not know about 10.0.0.0/24. We need to configure NATting on R1 and R2. Read part 2 for details on: Dual NAT for R3 and some failover scenarios. 


Many more articles to come so stay tuned. As usual, if you like my posts please subscribe by clicking 'Join this site' on the right.

5 comments:

  1. Hello,

    I would like to thank you for this Great post, I've learned a lot.

    Some questions :

    What IP address do we have to use on the PCs ?

    Do we have to use HSRP/VRRP between R1 & R2 to represent a default GW for the entreprise Core ? in case R1 is down

    ReplyDelete
  2. Hello,

    I would like to thank you for this Great post, I've learned a lot.

    Some questions :

    What IP address do we have to use on the PCs ?

    Do we have to use HSRP/VRRP between R1 & R2 to represent a default GW for the entreprise Core ? in case R1 is down

    ReplyDelete
    Replies
    1. On the PC's you would normally use the R3 (enterprise core router) as your default gateway. Towards R3 from R1/R2 you wouldn't have to use HSRP/VRRP because R1 and R2 are connected directly to R3 (via L2 switch) so OSPF should take care of default route origination. You could do ECMP (Equal Cost multipathing if you want to use both internet) or you could make R1 primary and R2 secondary.

      Delete
  3. Thanks for the reply, I work for an ISP and when we provide Dual Home Internet Connection, we usually configure HSRP on R1&R2, so that if one goes down the other one would take over, and usually the R3 would be a Firewall, which the LAN PCs/Servers would use as there G/W.

    Would you not think, R1&R2 should have HSRP configured.

    ReplyDelete
    Replies
    1. R1 and R2 should have HSRP configured if you are not doing any routing protocols between R1, R2, and R3. So in your case if R3 is a firewall and you need to have a static routed pointed as the default gateway then you would run HSRP or some other FHRP (first hop redundancy protocol) between R1 and R2 and use that HSRP address as the next-hop default gateway on R3/firewall.

      Delete