ISP Redundancy in multihomed BGP scenario

Hi all,
We have setup the WAN network multihomed with dual ISP. The requirement is that if the primary ISP fail then all the traffic should automatically divert to the secondary ISP. How can we achieve it?  If you know that we can use keepalive then could you provide me the configuration with the scenario. In normal working setup, all the traffic for the internal network comes through ISP 1 but if ISP 1 failed then without manual attribute manipulation BGP automatically route the traffic to ISP 2.
Thanks

Hi,
what exactly does not work during the switchover to the second ISP?
Your router is not getting prefixes from the second ISP or the second ISP is not getting proper prefixes from you?
I believe the second case is happenning?
As I see in the config
ip access-list extended Range-2
permit ip 7.17.24.0 0.0.0.255 any
ip access-list extended Range-3
permit ip 7.17.24.0 0.0.0.255 any
i.e., both ranges are identical, which is not correct, I guess?
And generally, I don't think using extended ACLs in a BGP route-map is a good idea, see
http://blog.ipspace.net/2008/03/use-extended-access-lists-to-filter-bgp.html
It's much easier to understand the config when ip prefix-lists are used instead, I can't follow your current config idea to be honest.
Best regards,
Milan

Similar Messages

  • ISP Redundancy no work

    Hello, I have TMG Array(NLB) with 4 servers, I try configure ISP Redundancy(load balancing): add second network adapter for my vitrual servers, configure using article
    http://www.isaserver.org/tutorials/Exploring-ISP-Redundancy-Forefront-Threat-Management-Gateway-TMG-2010.html but my balance is not an array or a general or throwing packets at random. Perhaps the problem in the routing table Windows 2008 R2. On all
    servers in the table are two routes
    0.0.0.0 0.0.0.0 IP_ISP1 metric 2
    0.0.0.0 0.0.0.0 IP_ISP2 metric 3
    Help please, why does not work balancing?

    Hi,
    Thank you for the update.
    “Your answer only applies to published applications? I have not balanced outbound.” - ISP Redundancy is used to balance outbound traffic between two links. NLB is used to load balance inbound traffic across the TMG array. And
    for configure ISP-R, you may read the following articles:
    http://blogs.technet.com/b/isablog/archive/2009/02/16/keeping-high-availability-with-forefront-tmg-s-isp-redundancy-feature.aspx
    http://blogs.technet.com/b/isablog/archive/2009/10/14/the-isp-redundancy-feature-of-forefront-tmg.aspx
    Regards,
    Nick Gu - MSFT

  • ISP redundancy and reverse proxy

    Greetings, community!
    We have two EDGE TMG servers and two INTERNAL TMG servers.
    We have two providers with two dedicated external IP addresses each.
    I configure ISP Redundancy for each EDGE TMG servers with parameters:
    Each EDGE TMG server has two External NIC and one Internal NIC. 
    EDGE 1: Provider1_IP1 and Provider2_IP1
    EDGE 2: Provider1_IP2 and Provider2_IP2
    ISP Connections:
    Provider1 and Provider2
    So, the trouble:
    We have some published Web-Services, like OWA, ActiveSync, TerminalGatewayServers and others.
    Also we made 4 external DNS records for each Web-Service.
    For example:
    mail.domain.com Provider1_IP1
    mail.domain.com Provider1_IP2
    mail.domain.com Provider2_IP1
    mail.domain.com Provider2_IP2
    If we try to connect from external to any published Web-Services, we have big delay (~ 30 sec), and then it connected.
    After some tests we find that ONLY ONE EDGE TMG server is used for reverce proxy. IP Addresses from EDGE 1 is unavailable from external access. But it still works as Web-Proxy from Internal connections. Reverse-Proxy works only for EDGE 2 IP Addresses.
    If we shutdown EDGE 2 TMG server, then Reverse-Proxy for EDGE 1 IP addresses are works correctly.
    Why all 4 my external IP addresses are not works for reverse-proxy? Only 2 from one of my EDGE servers.

    So, I still try to solve my problem...
    When I try to connect from External to one of my EDGE1 IP addresses, I got these logs:
    LOGS on DMZ server (EDGE1):
    Failed Connection Attempt DMZ-TMG-01 21.07.2014 11:27:40 
    Log type: Firewall service 
    Status: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.  
    Rule: Publish TMGBE HTTP 
    Source: External (77.73.111.194:3427) 
    Destination: Internal (172.16.0.100:80) 
    Protocol: HTTP Server 
    Additional information 
    Number of bytes sent: 0 Number of bytes received: 0
    Processing time: 21000ms Original Client IP: 77.73.111.194 
    LOGS on INTERNAL server:
    Initiated Connection BLK-TMG-02 21.07.2014 11:27:20 
    Log type: Firewall service 
    Status: The operation completed successfully.  
    Source: External (77.73.111.194:3427) 
    Destination: Local Host (172.16.0.100:80) 
    Protocol: HTTP 
    Additional information 
    Number of bytes sent: 0 Number of bytes received: 0
    Processing time: 0ms Original Client IP: 77.73.111.194
    Closed Connection BLK-TMG-02 21.07.2014 11:27:40 
    Log type: Firewall service 
    Status: A connection was abortively closed after one of the peers sent an RST packet.  
    Source: External (77.73.111.194:3427) 
    Destination: Local Host (172.16.0.100:80) 
    Protocol: HTTP 
    Additional information 
    Number of bytes sent: 304 Number of bytes received: 192
    Processing time: 20281ms Original Client IP: 77.73.111.194
    When I try to connect my EDGE2 server external IP addresses, then:
    LOGS on DMZ server (EDGE2):
    Initiated Connection DMZ-TMG-02 21.07.2014 11:57:17 
    Log type: Firewall service 
    Status: The operation completed successfully.  
    Rule: Publish TMGBE HTTP 
    Source: External (77.73.111.194:3429) 
    Destination: Internal (172.16.0.100:80) 
    Protocol: HTTP Server 
    Additional information 
    Number of bytes sent: 0 Number of bytes received: 0
    Processing time: 0ms Original Client IP: 77.73.111.194
    Closed Connection DMZ-TMG-02 21.07.2014 11:57:17 
    Log type: Firewall service 
    Status: A connection was gracefully closed in an orderly shutdown process with a three-way FIN-initiated handshake.  
    Rule: Publish TMGBE HTTP 
    Source: External (77.73.111.194:3429) 
    Destination: Internal (172.16.0.100:80) 
    Protocol: HTTP Server 
    Additional information 
    Number of bytes sent: 534 Number of bytes received: 146
    Processing time: 203ms Original Client IP: 77.73.111.194
    Then traffic was redirected to HTTPS:
    Initiated Connection DMZ-TMG-02 21.07.2014 11:57:17 
    Log type: Firewall service 
    Status: The operation completed successfully.  
    Rule: Publish TMGBE HTTPS 
    Source: External (77.73.111.194:3430) 
    Destination: Internal (172.16.0.100:443) 
    Protocol: HTTPS Server 
    Additional information 
    Number of bytes sent: 0 Number of bytes received: 0
    Processing time: 0ms Original Client IP: 77.73.111.194
    LOGS on INTERNAL server:
    Failed Connection Attempt BLK-TMG-02 21.07.2014 11:57:17 
    Log type: Web Proxy (Reverse) 
    Status: 12311 The page must be viewed over a secure channel (Secure Sockets Layer (SSL)). Contact the server administrator.  
    Rule: Publish OWA 
    Source: External (77.73.111.194:3429) 
    Destination: Local Host (172.16.0.100:80) 
    Request: GET http://mail.domain.com/ 
    Filter information: Req ID: 0a314138; Compression: client=Yes, server=No, compress rate=0% decompress rate=0% 
    Protocol: http 
    User: anonymous 
    Additional information 
    Client agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET4.0C; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
    Object source: (No source information is available.)
    Cache info: 0x0
    Processing time: 1 MIME type:  
    It's OK, because IIS require SSL. Then:
    Initiated Connection BLK-TMG-02 21.07.2014 11:57:18 
    Log type: Firewall service 
    Status: The operation completed successfully.  
    Source: External (77.73.111.194:3429) 
    Destination: Local Host (172.16.0.100:80) 
    Protocol: HTTP 
    Additional information 
    Number of bytes sent: 0 Number of bytes received: 0
    Processing time: 0ms Original Client IP: 77.73.111.194 
    Closed Connection BLK-TMG-02 21.07.2014 11:57:18 
    Log type: Firewall service 
    Status: A connection was gracefully closed in an orderly shutdown process with a three-way FIN-initiated handshake.  
    Source: External (77.73.111.194:3429) 
    Destination: Local Host (172.16.0.100:80) 
    Protocol: HTTP 
    Additional information 
    Number of bytes sent: 786 Number of bytes received: 318
    Processing time: 15ms Original Client IP: 77.73.111.194
    And HTTPS:
    Allowed Connection BLK-TMG-02 21.07.2014 11:57:17 
    Log type: Web Proxy (Reverse) 
    Status: 302 Moved Temporarily 
    Rule: Publish OWA 
    Source: External (77.73.111.194:3430) 
    Destination: Local Host (10.1.200.129:443) 
    Request: GET http://mail.domain.com/ 
    Filter information: Req ID: 0a31413a; Compression: client=Yes, server=No, compress rate=0% decompress rate=0% 
    Protocol: https 
    User: anonymous 
    Additional information 
    Client agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET4.0C; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
    Object source: Internet (Source is the Internet. Object was added to the cache.)
    Cache info: 0x40000000 (Response should not be cached.)
    Processing time: 1 MIME type: text/html; charset=UTF-8 
    I can't understand the difference between there servers. If I shutdown EDGE2, the Publishing will work fine through EDGE1.

  • ForeFront TMG ISP Redundancy - Lost of internet connectivity

    I set up ISP redundancy on Forefront TMG that has my exchange 2010 server published through it. If both external NICs are enabled, I lose internet connectivity. If either NICs are enabled, and the other disabled, I get internet connectivity. Any ideas?

    Hi,
    Based on my knowledge, it may be caused by path mismatch.
    Simply to say, dns request goes in through the ISP1 and dns reply goes out through ISP2.
    However, we still need you to verify this, you can capture the packets on remote users to see if the destination IP in dns request and the source IP in dns reply are the same.
    Please also check the TMG live logging to see if there is any error information.
    Best Regards
    Quan Gu

  • Cisco PIX 515E multiple ISP support in a VPN scenario

    Iam currently running a cisco 7.2 ios in a Cisco PIX 515E appliance. I have terminated two ISP links in the two ports, and I also have a inside network (LAN). I want to establish 2 Site-Site VPN tunnels using each one of these ISP links respectively (Site 1 in ISP link 1 && Site 2 in ISP link 2).
    Is this possible to achieve??

    Hello,
    This should work. Route the remote endpoint for site 1 out link 1 (using a static route) and for site 2 out link 2 (using a static route) and that should do it.
    Return traffic should work, assuming both ISPs aren't advertising the networks your interfaces are on via BGP (ie, you don't want return traffic from site one coming down the link to site 2 because that ISP is advertising that AS as well.)
    --Jason

  • BGP - How to create redundant path by bgp (as path prepend alternative)

    I am having issues with BGP seeing the advertised routes. I am trying to find an alternate to AS-Path prepend and trying to use bgp instead for a redundant path.
    Setup:-
    We have 3 mpls sites. (in reality its more than 20 but for simplicity we will call that 3).  The 3 sites are SiteA , SiteB and siteC.  I have simplified the issue below.
    SiteA - Has MPLS link running eBGP with AS 300.
    SiteB - Has MPLS link running eBGP with AS 200
    SiteC- Has MPLS link running eBGP with AS 100
    Site B and C has a local LAN connection between each other.  Site A and B and C are on BGP network. Site A can see B and C and so on.

    Thanks for responding. i have added a prefix list for filtering outbound. I was hoping that it will learn that route through the bgp network statement.
    ie.. I have added network B at C and network C at B. They both are neighbors and when i see advertised routes and received routes i can see the routes. 
    How should i proceed or any guidance would help..
    From site C i want to see below when i do show ip bgp for 20.20.20.20.
    20.20.20.20  - is reachable as As200 -i
    20.20.20.20  - As100 - 200 - i  (i don't see this)

  • TMG ISP Redundancy and DNS

    Hello,
    I have installed TMG with 3 NICs such as ISP1, ISP2 and Internal
    I configured the ISP1 and ISP2 interfaces with IP addresses and default gateways and
    configured internal NIC with IP address, but Default Gateway.
    I installed DNS service on TMG and configured the forwarders pointing to ISP DNS servers.
    Finally Internal NIC DNS configuration
    Primary : 127.0.0.1
    Alternative: Internal AD DNS servers
    Configured persistent routes
    =============================================================
    Persistent Routes:
      Network Address          Netmask             Gateway Address  Metric
             10.0.0.0               255.0.0.0                      10.1.2.1            1        
             ( Internal LAN)
              1.1.1.1            255.255.255.255             192.168.5.1       2                   ( ISP1 DNS Server)
               2.2.2.2           255.255.255.255             192.168.4.2       3                    ( ISP2 DNS
    Server)
               0.0.0.0                 0.0.0.0                       192.168.4.2    Default
               0.0.0.0                 0.0.0.0                       192.168.5.1  Default
    Now I am trying to join the TMG server to domain but failed. Error saying that cannot resolve domain name
    I would highly appreciate any help.
    Thanks

    So far now everything is working.
    Just a summary
    - Installed the DNS service on TMG.
    - Configured the forwarders pointing to ISP 1 & 2 DNS servers.
    - Configured the conditional forwarder to forward DNS request to internal DNS server for AD authentication.
    - Internai NIC DNS
    Primary : 127.0.0.1 ( local host TMG )
    Alternative: Internal DNS servers.

  • Cisco DMVPN Spoke ISP Redundancy

    Hi Dears,
    I want to configure DMVPN on cisco routers. I want to configure dual ISP at spoke's. ADSL link is primary and 3g is backup and configure dmvpn.
    How i configure in HUB and Spoke sites? I want to use Eigrp protocol.

    Hi Teymur,
    You can configure a single tunnel interface on the spoke, primary hub and the secondary hub for dual hub and dual isp on spoke.
    Use EEM script for failover between your ISP connections and can configure both hubs on the same tunnel interface.
    Introduce delay on the secondary hub tunnel interface so that it is less preferred.
    Spoke Tunnel configuration :
    interface Tunnel0
      bandwidth 1000
      ip address 10.10.0.12 255.255.255.0
      ip mtu 1400
      ip nhrp authentication test
      ip nhrp map 10.10.0.1 172.16.1.1
      ip nhrp map 10.10.0.2 172.16.1.2
      ip nhrp network-id 100000
      ip nhrp holdtime 300
      ip nhrp nhs 10.10.0.1       <---- Primary Hub
      ip nhrp nhs 10.10.0.2       <---- Secondary Hub
      delay 1000
      tunnel source Ethernet0
      tunnel mode gre multipoint
      tunnel key 100000
      tunnel protection ipsec profile vpnprof
     Primary Hub
     interface Tunnel0
      ip address 10.10.0.1 255.255.255.0
      ip mtu 1400
      ip nhrp authentication test
      ip nhrp map multicast dynamic
      ip nhrp network-id 100000
      ip nhrp holdtime 600
      no ip split-horizon eigrp 1
      delay 1000
      tunnel source Ethernet0
      tunnel mode gre multipoint
      tunnel key 100000
      tunnel protection ipsec profile vpnprof
     Secondary Hub
     interface Tunnel0
      ip address 10.10.0.2 255.255.255.0
      ip mtu 1400
      ip nhrp authentication test
      ip nhrp map multicast dynamic
      ip nhrp network-id 100000
      ip nhrp holdtime 600
      no ip split-horizon eigrp 1
      delay 1500                    <--- Increase the delay so that the routes learnt from this is less prefered
      tunnel source Ethernet0
      tunnel mode gre multipoint
      tunnel key 100000
      tunnel protection ipsec profile vpnprof
    For Dual ISP failover on Spoke :
     Configure tracking with IP SLA monitor. Then use EEM script to change the source and route of the tunnel when the track fails.
     If Ethernet0/0 is the primary WAN interface and Ethernet0/1 is the backup then you can use the below template.
     track 1 ip sla 1 reachability
     ip sla 1
       icmp-echo <Primary Next-hop IP> source-interface Ethernet0/0
        threshold 3000
        timeout 3000
        frequency 3
    ip sla schedule 1 life forever start-time now
    ip sla responder
    event manager applet Failto-secondary-tunnel
     event track 1 state down
     action 1.0 cli command "enable"
     action 1.1 cli command "configure terminal"
     action 1.2 cli command "interface tunnel0"
     action 1.3 cli command "shut"
     action 1.4 cli command "tunnel source Ethernet0/1"
     action 1.5 cli command "no shut"
     action 1.6 cli command "exit"
     action 1.7 cli command "ip route 0.0.0.0 0.0.0.0 <backup next-hop ip>"
     action 1.8 cli command "ip route 0.0.0.0 0.0.0.0 <Primary next-hop ip> 10"
     action 1.9 cli command "end"
    event manager applet Comeback-primary-tunnel
     event track 1 state up
     action 1.0 cli command "enable"
     action 1.1 cli command "configure terminal"
     action 1.2 cli command "interface tunnel0"
     action 1.3 cli command "shut"
     action 1.4 cli command "tunnel source Ethernet0/0"
     action 1.5 cli command "no shut"
     action 1.6 cli command "exit"
     action 1.7 cli command "ip route 0.0.0.0 0.0.0.0 <Primary next-hop ip>"
     action 1.8 cli command "ip route 0.0.0.0 0.0.0.0 backup next-hop ip> 10"
     action 1.9 cli command "end"
    Hope that helps

  • ASA BGP Multihoming

    Hi All,
    Has anyone tried or successfully running BGP on ASA with a Multi-homed setup with two ISP's and a provider independent Public Subnet with a Public ASN.
    Currently BGP is running on the Primary ISP and we are only taking the default route from there.
    We are planning to implement a pair of ASA's in Active/Passive Setup with both ISP's terminating on them. To achieve ISP redundancy we would configure ISP failover using SLA Monitoring, however I would also like our Public Subnet unaltered if we switch to the backup ISP in case of a failure.
    Both ISP Drops are Gig-Ethernet Copper Links, for which we will be using a switch stack to distribute both links to the ASA pair.
    I just wanted to confirm if someone is running a similar setup or has validated that this works?

    Hola!
    I can't say that I've seen this running in the wild - but I have seen it designed in Cisco documentation.  I'd be a little leery about using ASAs for BGP Internet peering - you might run into some feature issues and I'd be concerned about memory issues for large routing tables.
    My preference would be to place (1) or (2) Cisco 29xx or 39xx with a fair amount of memory (depending on the design).
    Please rate helpful posts.

  • Tracking packet loss to selected destination on BGP gateway

    Hi,
    We have a Multihomed(2-ISP on 1-Router) BGP connectivity for ISP redundancy, through this link we are advertising our own IP prefix. The link failover works perfectly fine, it happens if either of the local loop for the ISP physically goes down or if the remote peer(neighbor router) is not reachable.
    The existing BGP configuration is not helping us much to address the intermittent packet loss issues that occurs with some of our critical remote destinations.
    I am not sure how we can fix this issue on the gateway router. I am actually trying with IP SLA configurations to see if we can address this issue.
    Let me know if there is a better way to address such issues on border router.

    VPN01#sh ip cef switching statistics
           Reason                          Drop       Punt  Punt2Host
    RP LES No route                          19          0          0
    RP LES Packet destined for us             0      39625         98
    RP LES No adjacency                     480          0          0
    RP LES TTL expired                        0          0      29428
    RP LES Fragmentation failed, DF         346          0       1877
    RP LES Features                       18434          0      21821
    RP LES Unclassified reason               18          0          0
    RP LES Neighbor resolution req         1029         20          0
    RP LES Tun decap, gre payload             0        187          0
    RP LES Fragmentation no pak               0          0      13108
    RP LES Total                          20326      39832      66332
    All    Total                          20326      39832      66332

  • BGP Next-hop Change

    Hi All,
    I want to discuss a problem that I am facing in the BGP scenario.
    The problem is that I have 2 ISP connections from a service provider which is terminating on 6509 VSS and our companies 2 routers and ASA is also connected to 6509 VSS.
    R5 is creating a eBGP peering with R3 (Primary ISP) and R4 (Secondary ISP) and in same way R6 is having eBGP peering with R3 and R4.
    I am using 2 default routes 1st with default AD towards R3 (Pri ISP) and 2nd with a higher AD value towards R4 (Sec ISP).
    After this I had changed Next-hop with the help of route-map.So, that the traffic will hit on ASAs interface from WAN side.
    The route-map for R3 is having a set IP next-hop of ASAs IP address x.x.x.10 and the route-map for R4 is having a set IP next-hop of ASAs 2nd interface IP address y.y.y.10 
    So, now problem is when I use command on R5 to see which next-hop I am sending to customer(#sh ip bgp nei x.x.x.3 advertised-routes) than for R3 network it shows me the exact next-hop which I want of x.x.x.10 ASAs interfaces but when I use same command to check for R4 than the output is also same i.e. it is having the next-hop of ASAs IP x.x.x.10 even in my route-map I am having a entry to set next-hop for R4 is ASAs interface IP y.y.y.10
    After this I used wireshark to capture packet and I also used debug but the output shows that next-hop is set for R4 is y.y.y.10
    So, this is the problem i.e. in show output command it is showing wrong next-hop but in capturing it is acknowledging that it is using the next-hop mentioned in route-map.
    This is my configuration on R5 and same is on R6 just IPs are like y.y.y.6
    R5#
    interface GigabitEthernet0/0
     description TO Primary ISP
     ip address x.x.x.5 255.255.255.248
     duplex auto
     speed auto
     no shut
    interface GigabitEthernet0/1
     description To Secondary ISP
     ip address y.y.y.5 255.255.255.248
     duplex auto
     speed auto
     no shut
    ip access-list standard BLOCK
     deny any
    route-map as_prepend_secondary permit 10
     set ip next-hop y.y.y.10
    route-map as_prepend_primary permit 10
      set ip next-hop x.x.x.10
    router bgp AAAAA
     no synchronization
     bgp log-neighbor-changes
     network z.z.z.z mask 255.255.255.248
     timers bgp 10 30
     neighbor y.y.y.4 remote-as BBBBB
     neighbor y.y.y.4 route-map as_prepend_secondary out
     neighbor x.x.x.3 remote-as BBBBB
     neighbor x.x.x.3 route-map as_prepend_primary out
     distribute-list BLOCK in
     no auto-summary
    ip route x.x.x.0 255.255.255.0 x.x.x.3
    ip route y.y.y.0 255.255.255.0 y.y.y.3 2
    This is the output of Debug on R6
    BGP: TX IPv4 Unicast Wkr global 7 Cur Processing.
    BGP: TX IPv4 Unicast Wkr global 7 Cur Attr change from 0x0 to 0x68F081C8.
    *Sep 15 13:16:15.056: BGP(0): y.y.y.4 NEXT_HOP is set to y.y.y.10 by policy for net y.y.y.128,
    Thanks & Regards,
    Rahul Chhabra

    Topology Diagram

  • VPLS multihoming

    Dears,
    I would like to know If VPLS multihoming redundancy feature is avilable at Cisco or not ?
    have a CE connected to two different PEs for redundancy. PEs are configured in a VPLS mode. At steady state only primary PE should carry traffic ... xSTP should not be configured due to its slow convergence compared with VPLS
    This feature "VPLS Multihoming with BGP Signaling" is availabe at Juniper and I want to implement at Cisco http://www.netscreen.at/techpubs/en_US/junos10.4/topics/task/configuration/vpls-multihoming-bgp-signaling-solutions.html
    Appreicate your assistance
    Many Thanks
    BR
    Sherif Ismail

    Well you can do it with mLACP.
    http://www.cisco.com/en/US/docs/ios-xml/ios/cether/configuration/15-1s/ce-iccp-multichass-vlan-red.html
    http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9402/white_paper_c11-574984.html
    Yasir

  • Specific path selection in E-BGP

    I have two routers ASR 9K platform with the image file is "disk0:asr9k-os-mbi-4.3.4.sp4-1.0.0/0x100305/mbiasr9k-rsp3.vm"
    Primary link b/w Router 1 and 2 :
    Router 1  ------>  Directly connected with 30G to Router 2 on a bundle ( Neither ISIS nor BGP running on this link )
    Router 2  ------> Directly connected with 30G to Router 1 on a bundle ( Neither ISIS nor BGP running on this link )
    Secondary link b/w Router 1 and 2 :
    Router 1 and 2 is connected on TenGig /0/0/0/4.451 and I am using secondary link for both Internet and  Private (VPN) traffic as this link is running ISIS as my IGP and IPv4/v6 Unicast and IPv4/v6 Labeeled Unicast Peering using this interface
    My query is how can I seggregate my IPv4/v6 Unicast Traffic in secondary link and IPv4/v6 Labelled Unicast traffic in my Primary link
    Please suggest how can I do in BGP to select one path for Internet Prefixes and another for Private Prefixes
    Many thanks in advance 
    Sankar.

    Hi,
    The OSPF traffic would not pass through the VSL link.  The path would directly go from each 4500 to the 3945 (Equal cost load balancing). I think, the 3900 series supports Etherchannel, if this is the case you can also create a L-3 Portchannel between the VSS and 3945 router.  This way you use one /30 instead of 2 and you still have redundancy.  For BGP, I would do one peering with Loopbacks.
    HTH

  • Lesson BGP & OSPF path selection in VSS routing environment

    Hi, I would like a lesson on how traffic is passed in the following environment:
    One 3945 router with interfaces connected to a pair of 4500X switches configured as VSS pair. One link into each of the 4500 running as routed interfaces using separate IP subnets meaning there are two equal cost paths between the router and the 4500X.
    We are running a single OSPF area and iBGP between the devices. 
    I would like to find out, in normal circumstances where both equal cost links are operating normally, how the 4500 selects the path to send a packet to the router.  We would be trying to avoid traffic passing through the VSL but want to know if the system is smart enough to do that.
    Is there somebody out there who can tell me if the VSS process will select the path directly to the router or if it cannot be guaranteed to do so.
    I also would like to get opinions on whether it is best to create two iBGP neighbour relationships on the link addresses or one relationship between the loopback addresses.
    Thanks 
    LP

    Hi,
    The OSPF traffic would not pass through the VSL link.  The path would directly go from each 4500 to the 3945 (Equal cost load balancing). I think, the 3900 series supports Etherchannel, if this is the case you can also create a L-3 Portchannel between the VSS and 3945 router.  This way you use one /30 instead of 2 and you still have redundancy.  For BGP, I would do one peering with Loopbacks.
    HTH

  • BGP Question

    Hi,
    I currently work for an ISP and also studying BGP. I was wondering when an ISP peers with another ISP what is the most common or best way for an ISP to advertise there networks. They obviously can't use the network commend as you could have 1000's and 1000's of routes will they use a routes map and apply this outbound and the route match matches a prefix list?
    What options do you have here?

    The most common way for an ISP to advertise their networks is that they advertise routes/prefixes that they have learned from others. When they have learned routes/prefixes from one EBGP peer then they can advertise those to other BGP peers (no network statement required). And when they have learned routes/prefixes from their customers they may aggregate or summarize those routes and advertise the results to BGP neighbors. They would need network statements only for the networks whose advertisement is started from that ISP.
    HTH
    Rick

Maybe you are looking for

  • The bookmarks toolbar has disappeared and will not show even though it is checked in the toolbar list.

    I did install the 4 beta, but went back to 3 because I hated the interface changes. I don't know if this is related or not.

  • How to add a picture partly into a video

    Hello,. So, I'm currently making a 3 minute news film at school, and am trying to add a picture into a video, so at the beginning of the news, I want to add a picture either right up or left up corner of the video something like this... http://i1320.

  • More Memory Needed???

    I have recently upgraded to Leopard on my iMac G5 with 512 MB Ram. Since the upgrade my Mac has been running slowly. If I try to run several programs, it sometimes takes a very long time for a program to come up. Also, often the fans will run very lo

  • Mask Shape to Path Issue

    So, I'm probably doing something stupid, but here goes. I imported a Null, and drew a shape with the pen tool.  Then, I clicked mask shape and copied it.  Finally, I pasted it on the Null's position. So, what happens is that both the original mask sh

  • Suggestion-  HR ABAP

    Hi, I have a query with regard to HR - ABAP. I have a functional background (HR) but looking at the future career prospects in the long run I feel that I will require to know thetechnical part too. Can someone suggest me whether I need to go for a sp