bgp with failover & load balance

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

bgp with failover & load balance

Rama
Hello,

i wonder if i am doing it correctly.

i have two bgp router connection that will go on a firewall.

how am i expected to configure everything to enable failover with load
balancing?

 (ascii art time)


[BGP1]     [BGP2]
   |                 |
   |e1             |e2
-----------------------
|          FW          |
-----------------------
             |
             |
-----------------------
|          LAN         |
-----------------------


i have configured it with
e1: A.B.C.2 gw:A.B.C.1
e2: D.E.F.2 gw:D.E.F.1

the default gw is A.B.C.1

and follow the guide here:
http://www.openbsd.org/papers/linuxtag06-network.pdf

that's my current config :)

AS 65042 --> private
router-id A.B.C.1 --> ip on wan1
network P.U.B.L/24 --> public lan
neighbor A.B.C.1 { --> bgp router1 from cogent
    descr "ISP A"
    remote-as 179
}
neighbor D.E.F.1 { --> bgp router2 from level3
    descr "ISP B"
    remote-as 3549
}


and, everything work :D
but, what's happen if e1 fail?
i can't reach lan (i have nat on P.U.B.L/24)


is that expected to work with some sort of failover or i have to do other
steps for that?

tnx, i am very beginner on that :)

Reply | Threaded
Open this post in threaded view
|

Re: bgp with failover & load balance

Peter Hessler
If you are using bgp, then you shouldn't have a default route.

Do you see routes from both peers?  bgpctl show should give you
something like:

T-LEVEL3                 3549   60101591     399386     0 04w1d23h 552098
T-COGENT                  174   26910070     397509     0 06w2d20h 548495

the last column is how many routes were received from each peer.

"bgpctl show rib selected" will show you the routes, and their next hop
IP.  Try to traceroute to multiple places, some should go over Cogent,
and some should go over Level3.  You can also look up some public
"looking glass" and see where your routes are showing up.

Once you have outbound connectivity from both, and both show
connectivity to you, then things should work fine when you disconnect
from one peer.  However, re-routing is not instant, this may take 90
seconds or even longer.


Using a private AS when connecting to two different transit ISPs is a
bit surprising.



On 2015 Oct 13 (Tue) at 22:25:37 +0200 (+0200), Rama wrote:
:Hello,
:
:i wonder if i am doing it correctly.
:
:i have two bgp router connection that will go on a firewall.
:
:how am i expected to configure everything to enable failover with load
:balancing?
:
: (ascii art time)
:
:
:[BGP1]     [BGP2]
:   |                 |
:   |e1             |e2
:-----------------------
:|          FW          |
:-----------------------
:             |
:             |
:-----------------------
:|          LAN         |
:-----------------------
:
:
:i have configured it with
:e1: A.B.C.2 gw:A.B.C.1
:e2: D.E.F.2 gw:D.E.F.1
:
:the default gw is A.B.C.1
:
:and follow the guide here:
:http://www.openbsd.org/papers/linuxtag06-network.pdf
:
:that's my current config :)
:
:AS 65042 --> private
:router-id A.B.C.1 --> ip on wan1
:network P.U.B.L/24 --> public lan
:neighbor A.B.C.1 { --> bgp router1 from cogent
:    descr "ISP A"
:    remote-as 179
:}
:neighbor D.E.F.1 { --> bgp router2 from level3
:    descr "ISP B"
:    remote-as 3549
:}
:
:
:and, everything work :D
:but, what's happen if e1 fail?
:i can't reach lan (i have nat on P.U.B.L/24)
:
:
:is that expected to work with some sort of failover or i have to do other
:steps for that?
:
:tnx, i am very beginner on that :)
:

--
Antonym, n.:
        The opposite of the word you're trying to think of.

Reply | Threaded
Open this post in threaded view
|

Re: bgp with failover & load balance

Marko Cupać
In reply to this post by Rama
On Tue, 13 Oct 2015 22:25:37 +0200
Rama <[hidden email]> wrote:

> Hello,
>
> i wonder if i am doing it correctly.
>
> i have two bgp router connection that will go on a firewall.
>
> how am i expected to configure everything to enable failover with load
> balancing?
>
>  (ascii art time)
>
>
> [BGP1]     [BGP2]
>    |                 |
>    |e1             |e2
> -----------------------
> |          FW          |
> -----------------------
>              |
>              |
> -----------------------
> |          LAN         |
> -----------------------
>
>
> i have configured it with
> e1: A.B.C.2 gw:A.B.C.1
> e2: D.E.F.2 gw:D.E.F.1
>
> the default gw is A.B.C.1
>
> and follow the guide here:
> http://www.openbsd.org/papers/linuxtag06-network.pdf
>
> that's my current config :)
>
> AS 65042 --> private
> router-id A.B.C.1 --> ip on wan1
> network P.U.B.L/24 --> public lan
> neighbor A.B.C.1 { --> bgp router1 from cogent
>     descr "ISP A"
>     remote-as 179
> }
> neighbor D.E.F.1 { --> bgp router2 from level3
>     descr "ISP B"
>     remote-as 3549
> }
>
>
> and, everything work :D
> but, what's happen if e1 fail?
> i can't reach lan (i have nat on P.U.B.L/24)
>
>
> is that expected to work with some sort of failover or i have to do
> other steps for that?
>
> tnx, i am very beginner on that :)
>

You are going to need public AS, at least two upstream providers that
want to route BGP with you, and authoritative DNS for reverse zone.

Preferrably, upstream providers will connect you to their network not
via standard /30 networks, but via /29 networks, which gives you
ability to create redundant setup (carp + pfsync).

Some time ago when I was implementing this setup for the first time, I
wrote a 'works-for-me' howto:
https://www.mimar.rs/sysadmin/2013/openbsd-na-obodu-korporacijske-mreze

It is in Serbian, but I am sure some online translator can help you
understand the basics.

Regards,
--
Before enlightenment - chop wood, draw water.
After  enlightenment - chop wood, draw water.

Marko Cupać
https://www.mimar.rs/