Saturday, April 23, 2011

How setup a BGP multihome network without your own public AS & IP prefix list

One of the best ways of doing traffic load-balancing and fail-over together is BGP multi-homing. Because BGP always have to best path to a particular destination and one link failure automatically transfer into other link.

But main blocker of implementing BGP in small companies is inability of having their own AS number and IP address list. If you need your own AS number and IP prefix list you have to go through the Regional Internet Registry that allocates IP and AS numbers like APNIC doing in Asia pacific reign.

Following I have explain how to set up a BGP multihomed network without your own public AS or ip prefix list. Set up describe simply as follows. you have to have two BGP peers with two ISPs (ISP1 and ISP2) by peering with your private AS number (EBGP). Also you don't advertise any prefixes (Obviously you don't have). And ask both ISPs to advertise their global BGP routing tables to your end.

Once you get both BGP routing tables on your router you obviously you have the best paths in the routing tables itself. One limitation of this setup is you can't load-balance traffic like web server, mail server traffic that DNS pointed to since you don't have your own IP addresses. In such cases you have to use one of both ISPs IP addresses. This set up is better where you have multiple links from multiple ISPs and you need to get optimal use of the bandwidth.

Following is the configuration as per the Diagram 1.



Client config


router bgp 65550
bgp log-neighbor-changes
neighbor 1.1.1.2 remote-as 100
neighbor 1.1.1.2 ebgp-multihop 10
neighbor 1.1.1.2 update-source f0/0
neighbor 1.1.1.2 soft-reconfiguration inbound
neighbor 2.2.2.2 remote-as 200
neighbor 2.2.2.2 ebgp-multihop 10
neighbor 2.2.2.2 update-source f0/1
neighbor 2.2.2.2 soft-reconfiguration inbound

ISP1 config

router bgp 100
bgp log-neighbor-changes
neighbor 1.1.1.1 remote-as 65550
neighbor 1.1.1.1 ebgp-multihop 10
neighbor 1.1.1.1 update-source f0/0
neighbor 1.1.1.1 soft-reconfiguration inbound
neighbor 1.1.1.1 default-originate

ISP2 config

router bgp 200
bgp log-neighbor-changes
neighbor 2.2.2.1 remote-as 65550
neighbor 2.2.2.1 ebgp-multihop 10
neighbor 2.2.2.1 update-source f0/1
neighbor 2.2.2.1 soft-reconfiguration inbound
neighbor 2.2.2.1 default-originate

F0/0 ip address is a public IP given by ISP1, same as F0/1 is public ip of ISP2. Once you done this configuration your peers should be up and running. This is same as setting up normal BGP peers. Make sure ISP1 and ISP2 advertise the default routes as well. By this point you have to make sure peers are up and running and you are getting BGP updates from both ISPs with default routes.

you can make sure whether peers are running by following commands on client and you will see output like following.

show ip bgp summery

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
1.1.1.2 4 100 1370 1373 174 0 0 21:51:15 150543
2.2.2.2 4 200 1355 1355 174 0 0 22:27:24 110435

Also following commands may help to check the BGP routes and updates
show ip bgp
show ip route bgp
sh ip bgp neighbors 1.1.1.2 received-routes


There is a possibility that you re advertising the updates comming from one ISP to other. You can limit it by configuring a filter list at client side.

ip as-path access-list 1 permit ^$
router bgp 65550
neighbor 1.1.1.2 filter-list 1 out
neighbor 2.2.2.2 filter-list 1 out


Also you can use prefix list to filter the unwanted BGP prefixes coming from ISP1 and ISP2.


Second phase is how to send the upload traffic. Most of the time Client LAN is on private ip range there fore you have to nat the LAN traffic to access the Internet.Upload Traffic that goes to ISP1 has to be nat into F0/0 ip (1.1.1.1) and ISP2 traffic has to be nat into F0/1 ip (2.2.2.1). In any case if you have done static NAT and unknowingly if ISP1 get the packets with source address as ISP2 IP then ISP1 will block the traffic.
To overcome this problem you have to do the natting based on the outgoing interface. As a example Traffic goes to ISP1 has to be nat into F0/0 IP address dynamically.

Following is the configuration


ip nat pool isp1natpool 1.1.1.1 1.1.1.1 netmask 255.255.255.252
ip nat inside source route-map NAT2ISP1 pool isp1natpool overload

route-map NAT2ISP1 permit 10
match ip address 180
match interface f0/0

access-list 180 permit ip 192.168.0.0 0.0.0.255 any

int f0/0
ip nat outside

int f1/0
ip nat inside


Likewise you need to done the natting for ISP2 as well.

ip nat pool isp2natpool 2.2.2.1 2.2.2.1 netmask 255.255.255.252
ip nat inside source route-map NAT2ISP2 pool isp2natpool overload

route-map NAT2ISP2 permit 10
match ip address 185
match interface f0/1

access-list 185 permit ip 192.168.0.0 0.0.0.255 any

int f0/1
ip nat outside



Now your primary setup is done. you have failover and load-balanced multihomed network. Assume one link goes down all the BGP route will be removed from the routing table and all traffic goes through the other path. Best path to particular destination will be select from the BGP table.

Assume you need to set particular destination always through ISP1. This can be done by setting local preference higher.

router bgp 65550
neighbor 1.1.1.2 route-map set-isp1-local-pref in

route-map set-isp1-local-pref permit 10
match ip address prefix-list ISP1_IN_LOCAL_PREF
set local-preference 120

ip prefix-list ISP1_IN_LOCAL_PREF seq 5 permit 140.10.0.0/24


This set up is successfully tested with IOS version c1841-ipbase-mz.124-15.T12.bin. If you encounter any problem while configuring please let me know.

Thanks