Hi Brian,
It's a good guess. ��
I have a collection of public exposed servers included in irb unit.10 and like to keep the ip range assigned to the irb.10.
Here is my import/export policies:
My import policy:
policy-statement policy-statement-import-alipes-ISP {
term accept {
from {
route-filter 0.0.0.0/0 exact;
}
}
then accept;
}
My export policy:
policy-statement policy-statement-export-alipes-ISP {
term accept {
from {
route-filter xxx.xxx.xxx.xxx/27 exact;
}
}
then accept;
}
//Carsten
TW. I am guessing on what IP goes on which interface... �� ------------------------------ Brian Johnson ------------------------------ -posted to the "Routing" community
You are receiving this message because you followed the 'BGP for dual ISP uplink' message thread. To unsubscribe from this message thread, go to Unsubscribe. Update your email preferences to choose the types of email you receive
|
|
|
Original Message:
Sent: 3/29/2021 8:54:00 AM
From: Brian Johnson
Subject: RE: BGP for dual ISP uplink
BTW. I am guessing on what IP goes on which interface... 😉
------------------------------
Brian Johnson
------------------------------
Original Message:
Sent: 03-29-2021 08:51
From: Brian Johnson
Subject: BGP for dual ISP uplink
This is not what I would consider to be a very standard design. Start with using the interface for the IP termination. This will cause the neighbor to go down when the interface drops.
interfaces {
xe-0/0/0 {
description "ISP - Internet";
unit 0 {
family inet {
address 86.119.11.9/31;
}
}
}
xe-0/0/1 {
description "ISP - Internet backup";
unit 0 {
family inet {
address 86.119.44.63/31;
}
}
}
}
Since i do not see your import or export policy, I'm not sure if that is causing you issues or not. Be sure to reference the physical interfaces in your routing instance if you make this change.
------------------------------
Brian Johnson
Original Message:
Sent: 03-29-2021 08:36
From: Unknown User
Subject: BGP for dual ISP uplink
Hi,
Thank you for your time too Brian. Well i dont understand that the connection is functioning:
So I made a config like this:
routing-instance-ISP {
instance-type virtual-router;
interface irb.10;
routing-options {
autonomous-system 64000;
}
protocols {
bgp {
traceoptions {
file ISP.log size 1m files 2 world-readable;
flag normal;
flag update detail disable;
}
log-updown;
import policy-statement-import-alipes-ISP;
export policy-statement-export-alipes-ISP;
group ISP-multipath {
type external;
multipath;
peer-as 1000;
neighbor 86.119.11.8/31;
neighbor 86.119.44.62/31;
}
}
}
}
irb {
unit 10 {
family inet {
filter {
input trusted-servers;
}
address xxx.xxx.xxx.xxx/27;
address 86.119.11.9/31;
address 86.119.44.63/31;
}
}
interfaces {
xe-0/0/0 {
description "ISP - Internet";
unit 0 {
family ethernet-switching {
vlan {
members internet;
}
}
}
}
xe-0/0/1 {
description "ISP - Internet backup";
unit 0 {
family ethernet-switching {
vlan {
members internet;
}
}
}
}
If i disable xe-0/0/0, then xe-0/0/1 should provide connection. But it does not. Routes are showing the correct routes but no connection. BGP holdtime and keepalive are default 90 / 30. What am i missing? Thank you.
//Carsten
Original Message:
Sent: 03-28-2021 13:51
From: Brian Johnson
Subject: BGP for dual ISP uplink
I'm on-board with Steve, but here's some additional thoughts. BGP is a routing protocol. it advertises routes (sends them to neighbors) and it receives routes (processes advertised routes received from neighbors).
Per item 1: If you advertise the same routes to both neighbors, typically you can control preference of path used for inbound traffic by advertising a metric and/or by prepending your advertisements. For outbound preference, if you want an active/passive situation, then set the local preference to a higher value on the prefered neighbor.
Per item 2: If only 1 link is working, I'm sure you want to use that link for both ingress and egress traffic. I'm sure you mean how do you control which link is used durring an outage. If either link goes down, the other link becomes the only path and the routes become active (if they weren't already active.
Hope this helps. Please let me know if you still have questions.
------------------------------
Brian Johnson
Original Message:
Sent: 03-28-2021 06:22
From: Unknown User
Subject: BGP for dual ISP uplink
Hi Steve,
Thanks for sharing your thoughts and your time.
I have two uplinks to our ISP. BGPe is established to both peers. I'm trying to setup:
- Redundance. So if one uplink goes down, the other one takes over and the connection is still usable.
- When 1 is working I would like to be able to choose which uplink used as primary – if it possible to preference this.
/Carsten
Original Message:
Sent: 3/28/2021 6:11:00 AM
From: spuluka
Subject: RE: BGP for dual ISP uplink
I'm not following what you are trying to do with the next hop here.
for an eBGP session the next hop sent to the peer will be the BGP peer itself.
Are you trying to get the active next hop on your configured default route sent?
local preference is about your return route usage for the routes you receive from the peer.
What are you trying to affect here?
Policy you configure will override any global group settings, so what is the content of the import and export policy you have selected?
------------------------------
Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/homeOriginal Message:
Sent: 03-26-2021 10:19
From: Unknown User
Subject: BGP for dual ISP uplink
Hi,
I the subnet for each isp BGP uplinks in the same ASN.
I would like to, 2 things:
1. have BGP to set new routes if next-hop comes unavailable.
2. the option to preference which route i would like to use as primary (next-hop) and secondary (qaulified-next-hop)
I have this config which do not failover when pulling the plug for next-hop.
routing-instance-ISP {
instance-type virtual-router;
interface irb.10;
routing-options {
static {
route 0.0.0.0/0 {
next-hop 1.2.3.4;
qualified-next-hop 2.3.4.5 {
preference 275;
}
preference 270;
}
}
autonomous-system 64000;
}
protocols {
bgp {
traceoptions {
file ISP.log size 1m files 2 world-readable;
flag normal;
flag update detail disable;
}
log-updown;
import policy-statement-import-alipes-ISP;
export policy-statement-export-alipes-ISP;
group ISP-multipath {
type external;
preference 170;
peer-as 1000;
neighbor 1.2.3.4;
}
group ISP-multipath-backup {
type external;
preference 175;
peer-as 1000;
neighbor 2.3.4.5;
}
}
}
}
Can you kick-in if this the wrong approach? Thank you.
/Carsten