BGP multipath with load-balancing plus MPLS VPN

Posted by Igor Plashchun in Igor Plashchun's Blog on Apr 26, 2014 9:40:55 AM   

Hello colleagues!

Bring to your attention the idea of configuration the equipment when connecting a small enterprise to two ISP.

 

bgp_multi_home.jpg

 

 

Feature of this design is that one of the providers now connects remote site client using technology MPLS VPN, through the same physical connection.

Router Customer Edge (CE) receives default routes from ISPs via BGP and implements load balancing.

If you need to give priorities to certain routes, the BGP protocol allows it.

NAT is run on the same CE router.

In case of failure of one of the ISP, all client traffic go through another ISP. To clear the table of NAT translations EEM function is used for CE router.

Monitored upstream ISP3 availability on the router PE (provider edge) ISP1 and ISP2.

When the accident detection PE router ISP1 breaks BGP session with the router CE, thus there is removed routes.

MPLS VPN design not shown, it standart configuration, here there is only half of the configuration.

Fully test this idea I do not have the technical capabilities. If someone intress this idea, conduct tests, please.

I will be glad to hear from you comments and suggestions to improve the current design.

If you see errors, please tell us.

 

Router CE is configured as follows:

!

hostname CE

!

ip cef

!

ip vrf Voice

rd 10.10.1.8:4

!

interface Loopback10

ip vrf forwarding Voice

ip address 10.10.0.8 255.255.255.255

!

interface Loopback20

ip address 10.20.0.8 255.255.255.255

!

interface FastEthernet0/0

description To ISP1

no ip address

speed 100

full-duplex

!

interface FastEthernet0/0.10

encapsulation dot1Q 10

ip vrf forwarding Voice

ip address 10.10.1.6 255.255.255.252

!

interface FastEthernet0/0.20

encapsulation dot1Q 20

ip address 10.20.1.6 255.255.255.252

!

interface FastEthernet0/0.190

encapsulation dot1Q 190

ip address 190.0.0.2 255.255.255.252

ip nat outside

ip virtual-reassembly

!

interface FastEthernet0/1

description To Client

no ip address

speed 100

full-duplex

!

interface FastEthernet0/1.10

encapsulation dot1Q 10

ip vrf forwarding Voice

ip address 10.10.1.9 255.255.255.252

!

interface FastEthernet0/1.20

encapsulation dot1Q 20

ip address 10.20.2.9 255.255.255.252

ip nat inside

ip virtual-reassembly

!

interface FastEthernet1/0

description To ISP2

ip address 10.20.4.18 255.255.255.252

speed 100

full-duplex

!

interface FastEthernet1/0.191

encapsulation dot1Q 191

ip address 191.0.0.2 255.255.255.252

ip nat outside

ip virtual-reassembly

!

router ospf 10 vrf Voice

log-adjacency-changes

auto-cost reference-bandwidth 1000

capability vrf-lite

network 10.10.0.8 0.0.0.0 area 1

network 10.10.1.4 0.0.0.3 area 0

network 10.10.1.8 0.0.0.3 area 1

maximum-paths 15

!

router ospf 20

log-adjacency-changes

auto-cost reference-bandwidth 1000

network 10.20.0.8 0.0.0.0 area 1

network 10.20.1.4 0.0.0.3 area 0

network 10.20.1.8 0.0.0.3 area 1

network 10.20.2.8 0.0.0.3 area 1

maximum-paths 15

default-information originate

!

router bgp 65190

bgp router-id 10.20.0.8

bgp log-neighbor-changes

bgp bestpath as-path multipath-relax

neighbor 190.0.0.1 remote-as 111

neighbor 190.0.0.1 description To IPS1

neighbor 190.0.0.1 update-source FastEthernet0/0.190

neighbor 190.0.0.1 fall-over

neighbor 191.0.0.1 remote-as 222

neighbor 191.0.0.1 description To IPS2

neighbor 191.0.0.1 update-source FastEthernet1/0.191

neighbor 191.0.0.1 fall-over

maximum-paths 3

!

address-family ipv4

  neighbor 190.0.0.1 activate

  neighbor 190.0.0.1 route-map CheckDefaultRoute in

  neighbor 190.0.0.1 route-map CheckNetworkISP1 out

  neighbor 191.0.0.1 activate

  neighbor 191.0.0.1 route-map CheckDefaultRoute in

  neighbor 191.0.0.1 route-map CheckNetworkISP2 out

  maximum-paths 3

  no auto-summary

  no synchronization

  network 190.0.0.0 mask 255.255.255.252

  network 191.0.0.0 mask 255.255.255.252

exit-address-family

!

ip nat inside source route-map ISP1 interface FastEthernet0/0.190 overload

ip nat inside source route-map ISP2 interface FastEthernet1/0.191 overload

!

ip access-list standard VlanClient

permit 10.2.10.0 0.0.0.255

permit 10.20.2.8 0.0.0.3

ip access-list standard VlanClient2

permit 10.2.10.0 0.0.0.255

permit 10.20.2.8 0.0.0.3

!

ip prefix-list OnlyDefaultRoute seq 10 permit 0.0.0.0/0

!

ip prefix-list OnlyNetworkISP1 seq 10 permit 190.0.0.0/30

!

ip prefix-list OnlyNetworkISP2 seq 10 permit 191.0.0.0/30

!

route-map CheckDefaultRoute permit 10

match ip address prefix-list OnlyDefaultRoute

!

route-map CheckNetworkISP2 permit 10

match ip address prefix-list OnlyNetworkISP2

!

route-map CheckNetworkISP1 permit 10

match ip address prefix-list OnlyNetworkISP1

!

route-map ISP2 permit 10

match ip address VlanClient

!

route-map ISP1 permit 10

match ip address VlanClient2

match interface FastEthernet0/0.190

!

event manager applet ISP1Down

event syslog pattern ".*%BGP-5-ADJCHANGE: neighbor 190.0.0.1 Down.*"

action 1.0 cli command "enable"

action 2.0 cli command "clear ip nat translation forced"

action 5.0 syslog msg "Clear ip NAT translation - Bad ISP1"

event manager applet ISP2Down

event syslog pattern ".*%BGP-5-ADJCHANGE: neighbor 191.0.0.1 Down.*"

action 1.0 cli command "enable"

action 2.0 cli command "clear ip nat translation forced"

action 5.0 syslog msg "Clear ip NAT translation - Bad ISP2"

!

end

 

Router ISP1   is configured as follows:

!

hostname ISP1

!

ip cef

!

ip vrf Data

rd 20:2

route-target export 20:2

route-target import 20:1

!

ip vrf Voice

rd 10.10.1.5:2

route-target export 10.10.1.5:4

route-target import 10.10.1.1:5

!

ip sla monitor 190

type echo protocol ipIcmpEcho 198.8.8.8 source-interface FastEthernet0/1.333

timeout 1000

threshold 40

frequency 3

ip sla monitor schedule 190 life forever start-time now

!

mpls label protocol ldp

!

track 190 rtr 190 reachability

!

interface Loopback0

ip address 172.16.16.5 255.255.255.255

ip router isis

!

interface Loopback10

ip vrf forwarding Voice

ip address 10.10.5.5 255.255.255.255

!

interface Loopback20

ip vrf forwarding Data

ip address 10.20.5.5 255.255.255.255

!

interface FastEthernet0/0

description To CE

no ip address

speed 100

full-duplex

!

interface FastEthernet0/0.10

encapsulation dot1Q 10

ip vrf forwarding Voice

ip address 10.10.1.5 255.255.255.252

!

interface FastEthernet0/0.20

encapsulation dot1Q 20

ip vrf forwarding Data

ip address 10.20.1.5 255.255.255.252

!

interface FastEthernet0/0.190

encapsulation dot1Q 190

ip address 190.0.0.1 255.255.255.252

!

interface FastEthernet0/1

description To ISP3

no ip address

speed 100

full-duplex

!

interface FastEthernet0/1.333

encapsulation dot1Q 333

ip address 172.16.100.6 255.255.255.252

!

interface FastEthernet1/0

  description To MPLS Router

speed 100

full-duplex

!

interface FastEthernet1/0.777

encapsulation dot1Q 777

ip address 172.16.100.6 255.255.255.252

ip router isis

mpls label protocol ldp

mpls ip

mpls mtu 1512

isis circuit-type level-2-only

!

router ospf 20 vrf Data

router-id 10.20.5.5

log-adjacency-changes

auto-cost reference-bandwidth 1000

redistribute bgp 111 metric-type 1 subnets

network 10.20.1.4 0.0.0.3 area 0

network 10.20.5.5 0.0.0.0 area 0

!

router ospf 10 vrf Voice

router-id 10.10.5.5

log-adjacency-changes

auto-cost reference-bandwidth 1000

redistribute bgp 111 metric-type 1 subnets

network 10.10.1.4 0.0.0.3 area 0

network 10.10.5.5 0.0.0.0 area 0

!

router isis

net 10.0001.0000.0000.0005.00

!

router bgp 111

bgp router-id 172.16.16.5

no bgp default ipv4-unicast

bgp log-neighbor-changes

neighbor 172.16.16.7 remote-as 111

neighbor 172.16.16.7 update-source Loopback0

neighbor 172.16.16.7 description To MPLS VPN Router

neighbor 172.16.100.5 remote-as 333

neighbor 172.16.100.5 description To ISP3

neighbor 172.16.100.5 fall-over

neighbor 190.0.0.2 remote-as 65190

neighbor 190.0.0.2 description To CE

neighbor 190.0.0.2 fall-over

!

address-family ipv4

  neighbor 172.16.16.7 activate

  neighbor 172.16.100.5 activate

  neighbor 190.0.0.2 activate

  neighbor 190.0.0.2 default-originate route-map SendDefault

  neighbor 190.0.0.2 distribute-list 1 out

  neighbor 190.0.0.2 route-map NetworkClient65190 in

  no auto-summary

  no synchronization

  aggregate-address 190.0.0.0 255.255.0.0 summary-only

exit-address-family

!

address-family ipv4 vrf Voice

  redistribute ospf 10 vrf Voice match internal external 1 external 2

  maximum-paths 9

  no synchronization

exit-address-family

!

address-family ipv4 vrf Data

  redistribute ospf 20 vrf Data match internal external 1 external 2

  maximum-paths 8

  no synchronization

exit-address-family

!

ip forward-protocol nd

!

ip bgp-community new-format

ip as-path access-list 1 deny .*

!

ip access-list standard Default

permit 0.0.0.0

ip access-list standard NetworkClient65190

permit 190.0.0.0 0.0.0.3

!

ip prefix-list ForTrack seq 10 permit 1.0.0.190/32

!

route-map ISP_OK permit 10

match ip address prefix-list ForTrack

!

route-map NetworkClient65190 permit 10

match ip address NetworkClient65190

!

route-map SendDefault permit 10

match ip address Default

!

event manager applet BGPNeighborStop

event syslog pattern ".*TRACKING-5-STATE: 190 rtr 190 reachability Up->Down.*"

action 1.0 cli command "enable"

action 2.0 cli command "configure terminal"

action 3.0 cli command "router bgp 111"

action 4.0 cli command "neighbor 190.0.0.2 shutdown"

action 5.0 syslog msg "Client BGP neighbor stop"

event manager applet BGPNeighborStart

event syslog pattern ".*%TRACKING-5-STATE: 190 rtr 190 reachability Down->Up.*"

action 1.0 cli command "enable"

action 2.0 cli command "configure terminal"

action 3.0 cli command "router bgp 111"

action 4.0 cli command "no neighbor 190.0.0.2 shutdown"

action 5.0 syslog msg "Client BGP neighbor non-stop"

!

end

 

Router ISP2   is configured as follows:

!

hostname ISP2

!

ip cef

!

ip sla monitor 191

type echo protocol ipIcmpEcho 199.8.8.9 source-interface FastEthernet0/0.333

timeout 1000

threshold 40

frequency 6

ip sla monitor schedule 191 life forever start-time now

!

track 191 rtr 191 reachability

!

interface Loopback0

ip address 2.2.2.2 255.255.255.255

!

interface FastEthernet0/0

description To ISP3

no ip address

speed 100

full-duplex

!

interface FastEthernet0/0.333

encapsulation dot1Q 333

ip address 192.168.5.1 255.255.255.252

!

interface FastEthernet0/1

description To CE

no ip address

speed 100

full-duplex

!

interface FastEthernet0/1.191

encapsulation dot1Q 191

ip address 191.0.0.1 255.255.255.252

!

router bgp 222

bgp router-id 2.2.2.2

no bgp default ipv4-unicast

bgp log-neighbor-changes

neighbor 191.0.0.2 remote-as 65190

neighbor 191.0.0.2 description To CE

neighbor 191.0.0.2 shutdown

neighbor 191.0.0.2 fall-over

neighbor 192.168.5.2 remote-as 333

neighbor 192.168.5.2 description To ISP3

neighbor 192.168.5.2 fall-over

!

address-family ipv4

  neighbor 191.0.0.2 activate

  neighbor 191.0.0.2 default-originate route-map SendDefault

  neighbor 191.0.0.2 distribute-list 1 out

  neighbor 191.0.0.2 route-map NetworkClient65190 in

  neighbor 192.168.5.2 activate

  no auto-summary

  no synchronization

  aggregate-address 191.0.0.0 255.255.0.0 summary-only

exit-address-family

!

ip forward-protocol nd

!

ip bgp-community new-format

ip as-path access-list 1 deny .*

!

no ip http server

no ip http secure-server

!

ip access-list standard Default

permit 0.0.0.0

ip access-list standard NetworkClient65190

permit 191.0.0.0 0.0.0.3

!

ip prefix-list ForTrack seq 10 permit 1.0.0.191/32

!

route-map ISP_OK permit 10

match ip address prefix-list ForTrack

!

route-map NetworkClient65190 permit 10

match ip address NetworkClient65190

!

route-map SendDefault permit 10

match ip address Default

!

event manager applet BGPNeighborStop

event syslog pattern ".*TRACKING-5-STATE: 191 rtr 191 reachability Up->Down.*"

action 1.0 cli command "enable"

action 2.0 cli command "configure terminal"

action 3.0 cli command "router bgp 222"

action 4.0 cli command "neighbor 191.0.0.2 shutdown"

action 5.0 syslog msg "Client BGP neighbor stop"

event manager applet BGPNeighborStart

event syslog pattern ".*%TRACKING-5-STATE: 191 rtr 191 reachability Down->Up.*"

action 1.0 cli command "enable"

action 2.0 cli command "configure terminal"

action 3.0 cli command "router bgp 222"

action 4.0 cli command "no neighbor 191.0.0.2 shutdown"

action 5.0 syslog msg "Client BGP neighbor non-stop"

!

end

 

Router ISP3   is configured as follows:

!

hostname ISP3

!

ip cef

!

interface Loopback0

ip address 198.8.8.8 255.255.255.0

!

interface Loopback2

ip address 199.8.8.9 255.255.255.0

!

interface FastEthernet0/0

description To ISP1

no ip address

speed 100

full-duplex

!

interface FastEthernet0/0.333

encapsulation dot1Q 333

ip address 192.168.5.2 255.255.255.252

!

interface FastEthernet0/1

no ip address

speed 100

full-duplex

!

interface FastEthernet0/1.333

encapsulation dot1Q 333

ip address 172.16.100.5 255.255.255.252

!

router bgp 333

bgp router-id 198.8.8.8

no bgp default ipv4-unicast

bgp log-neighbor-changes

neighbor 172.16.100.6 remote-as 111

neighbor 172.16.100.6 description To ISP1

neighbor 172.16.100.6 fall-over

neighbor 192.168.5.1 remote-as 222

neighbor 192.168.5.1 description To ISP2

neighbor 192.168.5.1 fall-over

!

address-family ipv4

  neighbor 172.16.100.6 activate

  neighbor 172.16.100.6 default-originate route-map SendDefault

  neighbor 192.168.5.1 activate

  neighbor 192.168.5.1 default-originate route-map SendDefault

  no auto-summary

  no synchronization

  network 198.8.8.0

  network 199.8.8.0

exit-address-family

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 Null0

!

ip access-list standard Default

permit 0.0.0.0

!

route-map SendDefault permit 10

match ip address Default

!

end

 

 

Router Client   is configured as follows:

!

hostname Client

!

ip cef

!

ip vrf Voice

rd 10.10.1.10:4

!

interface Loopback0

ip vrf forwarding Voice

ip address 10.10.0.10 255.255.255.255

!

interface FastEthernet0/0

no ip address

speed 100

full-duplex

!

interface FastEthernet0/0.10

encapsulation dot1Q 10

ip vrf forwarding Voice

ip address 10.10.4.17 255.255.255.252

!

interface FastEthernet0/0.20

encapsulation dot1Q 20

ip address 10.20.4.17 255.255.255.252

!

interface FastEthernet0/1

description To CE

no ip address

speed 100

full-duplex

!

interface FastEthernet0/1.10

encapsulation dot1Q 10

ip vrf forwarding Voice

ip address 10.10.1.10 255.255.255.252

!

interface FastEthernet0/1.20

encapsulation dot1Q 20

ip address 10.20.2.10 255.255.255.252

!

router ospf 10 vrf Voice

log-adjacency-changes

auto-cost reference-bandwidth 1000

capability vrf-lite

network 10.10.0.10 0.0.0.0 area 1

network 10.10.1.8 0.0.0.3 area 1

network 10.10.4.16 0.0.0.3 area 1

!

router ospf 2

log-adjacency-changes

network 10.20.2.8 0.0.0.3 area 1

!

end

 

Client#ping 198.8.8.8 repeat 1000  - Send a flood of traffic through the  ISP1

Client#ping 199.8.8.9 repeat 100 - Send a flood of traffic through the  ISP2

CE#show ip nat translation - Checking the interface through which the traffic is transmitted.

 

 

If you were interested to read the article, then click LIKE. Maybe this will help me find a job

 

P.S. Sorry for my english