(Collected from http://www.myriadsupply.com/blog/?p=259)
Creating BGP inbound redundancy + HSRP outbound redundancy.
Here’s a configuration sample using two routers, Primary R1 terminating a DS3 and BackupR2 terminating a 20MB circuit.
The diagram is shown below as well as the running configurations snipplets from both routers.
A local preference of 150 is used on the primary R1 to force outbound traffic via HSRP out the primary.
ASN pre-pending is used on backup R2 to dissuade inbound traffic from coming in via the lesser bandwidth ISP.
X = Used in place of real IP’s.
Primary R1:
PrimaryR1#sh run
Building configuration…
Building configuration…
Current configuration : 2913 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname PrimaryR1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
!
ip cef
!
interface Loopback100
no ip address
!
interface GigabitEthernet0/1
description LAN port
ip address 64.X.X.1 255.255.255.224
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
media-type rj45
no negotiation auto
standby 1 ip 64.X.X.5
standby 1 priority 105
standby 1 preempt delay minimum 60
standby 1 track Serial3/0
!
interface GigabitEthernet0/2
description conn to Backup Lightpath
ip address 65.X.X.66 255.255.255.240
ip nat outside
ip virtual-reassembly
duplex full
speed 100
media-type rj45
no negotiation auto
!
interface GigabitEthernet0/3
description LAN handoff from P2P to Denver
ip address 10.30.0.1 255.254.0.0
duplex auto
speed auto
media-type rj45
no negotiation auto
!
interface Serial1/0
description p-2-p to Denver DC
ip address 10.10.10.1 255.255.255.252
dsu bandwidth 44210
framing c-bit
cablelength 10
clock source internal
serial restart-delay 0
!
interface Serial3/0
description DS3 XO WAN interface
ip address 65.X.X.254 255.255.255.252
ip access-group 150 in
encapsulation ppp
dsu bandwidth 44210
framing c-bit
cablelength 10
serial restart-delay 0
!
router bgp 16XX
no synchronization
bgp log-neighbor-changes
network 64.X.X.0 mask 255.255.255.224
network 64.X.X.2
aggregate-address 64.X.X.0 255.255.255.0 summary-only
neighbor 64.X.X.2 remote-as 16XX
neighbor 64.X.X.2 next-hop-self
neighbor 65.X.1X.253 remote-as 2828
neighbor 65.X.X.253 route-map setLocalpref in
neighbor 65.X.X.253 route-map localonly out
no auto-summary
!
no ip http server
!
ip as-path access-list 10 permit ^$
ip nat inside source list 101 interface GigabitEthernet0/2 overload
!
access-list 101 permit ip any any
access-list 150 permit ip any any
!
route-map setLocalpref permit 10
set local-preference 200
!
route-map localonly permit 10
match as-path 10
!
control-plane
!
gatekeeper
shutdown
!
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname PrimaryR1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
!
ip cef
!
interface Loopback100
no ip address
!
interface GigabitEthernet0/1
description LAN port
ip address 64.X.X.1 255.255.255.224
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
media-type rj45
no negotiation auto
standby 1 ip 64.X.X.5
standby 1 priority 105
standby 1 preempt delay minimum 60
standby 1 track Serial3/0
!
interface GigabitEthernet0/2
description conn to Backup Lightpath
ip address 65.X.X.66 255.255.255.240
ip nat outside
ip virtual-reassembly
duplex full
speed 100
media-type rj45
no negotiation auto
!
interface GigabitEthernet0/3
description LAN handoff from P2P to Denver
ip address 10.30.0.1 255.254.0.0
duplex auto
speed auto
media-type rj45
no negotiation auto
!
interface Serial1/0
description p-2-p to Denver DC
ip address 10.10.10.1 255.255.255.252
dsu bandwidth 44210
framing c-bit
cablelength 10
clock source internal
serial restart-delay 0
!
interface Serial3/0
description DS3 XO WAN interface
ip address 65.X.X.254 255.255.255.252
ip access-group 150 in
encapsulation ppp
dsu bandwidth 44210
framing c-bit
cablelength 10
serial restart-delay 0
!
router bgp 16XX
no synchronization
bgp log-neighbor-changes
network 64.X.X.0 mask 255.255.255.224
network 64.X.X.2
aggregate-address 64.X.X.0 255.255.255.0 summary-only
neighbor 64.X.X.2 remote-as 16XX
neighbor 64.X.X.2 next-hop-self
neighbor 65.X.1X.253 remote-as 2828
neighbor 65.X.X.253 route-map setLocalpref in
neighbor 65.X.X.253 route-map localonly out
no auto-summary
!
no ip http server
!
ip as-path access-list 10 permit ^$
ip nat inside source list 101 interface GigabitEthernet0/2 overload
!
access-list 101 permit ip any any
access-list 150 permit ip any any
!
route-map setLocalpref permit 10
set local-preference 200
!
route-map localonly permit 10
match as-path 10
!
control-plane
!
gatekeeper
shutdown
!
!
end
end
————————————————————————-
BackupR2:
BackupR2#sh run
Building configuration…
Building configuration…
Current configuration : 2172 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname BackupR2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
!
!
ip cef
!
interface Loopback1
no ip address
!
interface FastEthernet0/0
description conn to L3 switch on ARIN block
ip address 64.X.X.2 255.255.255.224
duplex auto
speed auto
standby 1 ip 64.X.X.5
standby 1 preempt delay minimum 60
standby 1 track FastEthernet0/1
!
interface FastEthernet0/1
description conn to LP ISP
ip address 65.X.X.134 255.255.255.252
ip access-group 101 in
duplex full
speed 100
!
interface Serial1/0
description DS3 XO WAN interface
ip address 65.X.X.254 255.255.255.252
ip access-group 150 in
encapsulation ppp
shutdown
dsu bandwidth 44210
framing c-bit
cablelength 10
serial restart-delay 0
!
interface Serial3/0
no ip address
shutdown
dsu bandwidth 44210
framing c-bit
cablelength 10
serial restart-delay 0
!
router bgp 16XX
no synchronization
bgp log-neighbor-changes
network 64.X.X.0
network 64.X.X.0 mask 255.255.255.0
redistribute static
neighbor 64.X.X.1 remote-as 16XX
neighbor 64.X.X.1 next-hop-self
neighbor 65.X.X.133 remote-as 6128
neighbor 65.X.X133 route-map foo out
no auto-summary
!
ip classless
ip route 64.X.X.0 255.255.255.0 Null0
no ip http server
!
ip as-path access-list 10 permit ^$
!
!
ip prefix-list localonly seq 5 permit 64.X.X.0/24
access-list 1 permit 64.X.X.0
access-list 10 permit 64.X.X.0
access-list 101 permit ip any any
access-list 150 permit ip any any
!
route-map foo permit 10
match ip address prefix-list localonly
set as-path prepend 16XX 16XX 16XX 16XX 16XX 16XX 16XX 16XX
!
route-map localonly permit 10
match as-path 10
set as-path prepend 16XX 16XX 16XX 16XX 16XX
!
!
!
!
!
!
!
gatekeeper
shutdown
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname BackupR2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
!
!
ip cef
!
interface Loopback1
no ip address
!
interface FastEthernet0/0
description conn to L3 switch on ARIN block
ip address 64.X.X.2 255.255.255.224
duplex auto
speed auto
standby 1 ip 64.X.X.5
standby 1 preempt delay minimum 60
standby 1 track FastEthernet0/1
!
interface FastEthernet0/1
description conn to LP ISP
ip address 65.X.X.134 255.255.255.252
ip access-group 101 in
duplex full
speed 100
!
interface Serial1/0
description DS3 XO WAN interface
ip address 65.X.X.254 255.255.255.252
ip access-group 150 in
encapsulation ppp
shutdown
dsu bandwidth 44210
framing c-bit
cablelength 10
serial restart-delay 0
!
interface Serial3/0
no ip address
shutdown
dsu bandwidth 44210
framing c-bit
cablelength 10
serial restart-delay 0
!
router bgp 16XX
no synchronization
bgp log-neighbor-changes
network 64.X.X.0
network 64.X.X.0 mask 255.255.255.0
redistribute static
neighbor 64.X.X.1 remote-as 16XX
neighbor 64.X.X.1 next-hop-self
neighbor 65.X.X.133 remote-as 6128
neighbor 65.X.X133 route-map foo out
no auto-summary
!
ip classless
ip route 64.X.X.0 255.255.255.0 Null0
no ip http server
!
ip as-path access-list 10 permit ^$
!
!
ip prefix-list localonly seq 5 permit 64.X.X.0/24
access-list 1 permit 64.X.X.0
access-list 10 permit 64.X.X.0
access-list 101 permit ip any any
access-list 150 permit ip any any
!
route-map foo permit 10
match ip address prefix-list localonly
set as-path prepend 16XX 16XX 16XX 16XX 16XX 16XX 16XX 16XX
!
route-map localonly permit 10
match as-path 10
set as-path prepend 16XX 16XX 16XX 16XX 16XX
!
!
!
!
!
!
!
gatekeeper
shutdown
!
end
end
No comments:
Post a Comment