Howto HSRP in a Multihomed BGP

BGP

Introduction

What is Multi-homing ?
Multi-homing means having multiple connections to the Internet.

What is HSRP?

Hot Standby Router Protocol HSRP allows routers use a shared IP or Virtual IP that act as a single virtual router, maintaining connectivity even if the first hop router fails, because other router is on hot standby

Why do I need BGP and HSRP configured on the same routers?

In the event of a failure of connectivity toward one ISP, the traffic is rerouted dynamically through the other ISP with the BGP. Hot Standby Router Protocol HSRP tracks the primary link to the main ISP and notifies the hot standby router when there is loss of connectivity toward the primary ISP.

Thanks to dynamips and GNS3 projects developers who made it possible to test the Cisco IOS and Juniper platform functionality before deploying configurations to the actual production network.

Project-Goal

Configure two routers as our edge network devices with Multi-homed BGP and provide connectivity from the inside network via the HSRP Virtual IP Address (VIP)

Logical diagram

In the above diagram we have a router configured as the Internet cloud with AS400, ISP1 with AS200, ISP2 with AS300 and Primary and Secondary routers with AS100

Behind the switch we have a LAN or Firewall router that provides NAT, ACL etc… to end devices on the network when traffic is requested toward the Internet.

The Internet router is configured with three interfaces;

1- FastEthernet0/0 connect to the connected to ISP1 with an IP address of 192.168.100.1 and netmask of 255.255.255.0 or /24 CIDR

2- FastEthernet0/1 connect to the connected to ISP2 with an IP address of 192.168.200.1 and netmask of 255.255.255.0 or /24 CIDR

3- loopback1 interface 10.0.0.1 255.255.255.0 we going to advertise through the two ISPs neighbors.

Internet-Router-Configurations

interface Loopback1  
ip address 10.0.0.1 255.0.0.0  
!
interface FastEthernet0/0  
ip address 192.168.100.1 255.255.255.0  
duplex auto  
speed auto  
!
interface FastEthernet0/1  
ip address 192.168.200.1 255.255.255.0  
duplex auto  
speed auto  
!
router bgp 400  
no synchronization  
bgp log-neighbor-changes  
network 10.0.0.0  
network 192.168.100.0  
network 192.168.200.0  
neighbor 192.168.100.10 remote-as 200  
neighbor 192.168.200.10 remote-as 300  
no auto-summary  
!

ISP1

1- FastEthernet0/1 connect to the Internet router
2- FastEthernet0/0 connect to Primary Router

ISP1 Router Configurations
interface FastEthernet0/0  
ip address 172.16.100.1 255.255.255.0  
duplex auto  
speed auto  
!
interface FastEthernet0/1  
ip address 192.168.100.10 255.255.255.0  
duplex auto  
speed auto  
!
router bgp 200  
no synchronization  
bgp log-neighbor-changes  
network 172.16.100.0 mask 255.255.255.0  
network 192.168.100.0  
neighbor 172.16.100.10 remote-as 100  
neighbor 172.16.100.10 password cisco  
neighbor 192.168.100.1 remote-as 400  
no auto-summary  
!
Primary Router

1- FastEthernet0/1 connect to ISP1
2- FastEthernet0/0 connect to the LAN Switch

FastEthernet0/0 is configured with HSRP as primary interface or Active interface for the inside traffic

3- Loopback0 for iBGP traffic between Primary and Secondary routers

Primary Router Configuration
interface Loopback0  
description iBGP  
ip address 1.1.1.1 255.255.255.252  
!
interface FastEthernet0/0  
ip address 192.168.1.1 255.255.255.0  
duplex auto  
speed auto  
standby 1 ip 192.168.1.3  
standby 1 priority 105  
standby 1 preempt delay minimum 60  
standby 1 track FastEthernet0/1  
!
interface FastEthernet0/1  
description WAN  
ip address 172.16.100.10 255.255.255.0  
duplex auto  
speed auto  
!
router bgp 100  
no synchronization  
bgp log-neighbor-changes  
bgp maxas-limit 10  
network 192.168.1.0  
neighbor 1.1.1.2 remote-as 100  
neighbor 1.1.1.2 description iBGP with our other Secondary Router  
neighbor 1.1.1.2 update-source Loopback0  
neighbor 1.1.1.2 version 4  
neighbor 1.1.1.2 next-hop-self  
neighbor 1.1.1.2 soft-reconfiguration inbound  
neighbor 1.1.1.2 maximum-prefix 250000  
neighbor 172.16.100.1 remote-as 200  
neighbor 172.16.100.1 description ISP1  
neighbor 172.16.100.1 password cisco  
neighbor 172.16.100.1 version 4  
neighbor 172.16.100.1 soft-reconfiguration inbound  
neighbor 172.16.100.1 prefix-list announce out  
neighbor 172.16.100.1 maximum-prefix 250000  
no auto-summary  
!
ip route 1.1.1.2 255.255.255.255 192.168.1.2  
ip route 192.168.1.0 255.255.255.0 192.168.1.10  
!
ip prefix-list announce description Our allowed routing announcements  
ip prefix-list announce seq 5 permit 192.168.1.0/24  
ip prefix-list announce seq 10 deny 0.0.0.0/0 le 32  
!

In the above configuration you noticed we only announcing out only our Net block 192.168.1.0/24

The HSRP is also tracking out link to ISP1 – In case the link goes does the router become the standby HSRP and the Secondary router become active.

ISP2

1- FastEthernet0/1 connect to the Internet router
2- FastEthernet0/0 connect to Secondary Router

ISP2 Router Configurations
interface FastEthernet0/0  
ip address 172.16.200.1 255.255.255.0  
duplex auto  
speed auto  
!
interface FastEthernet0/1  
ip address 192.168.200.10 255.255.255.0  
duplex auto  
speed auto  
!
router bgp 300  
no synchronization  
bgp log-neighbor-changes  
network 172.16.200.0 mask 255.255.255.0  
network 192.168.200.0  
neighbor 172.16.200.10 remote-as 100  
neighbor 172.16.200.10 password cisco  
neighbor 192.168.200.1 remote-as 400  
no auto-summary  
!
Secondary Router

1- FastEthernet0/1 connect to ISP2
2- FastEthernet0/0 connect to the LAN Switch

FastEthernet0/0 is configured with HSRP as Secondary interface or hot standby interface for the inside traffic

3- Loopback0 for iBGP traffic between Primary and Secondary routers.

Secondary Router Configuration
interface Loopback0  
description iBGP  
ip address 1.1.1.2 255.255.255.252  
!
interface FastEthernet0/0  
description LAN  
ip address 192.168.1.2 255.255.255.0  
duplex auto  
speed auto  
standby 1 ip 192.168.1.3  
standby 1 preempt  
!
interface FastEthernet0/1  
description WAN  
ip address 172.16.200.10 255.255.255.0  
duplex auto  
speed auto  
!
router bgp 100  
no synchronization  
bgp log-neighbor-changes  
network 192.168.1.0  
neighbor 1.1.1.1 remote-as 100  
neighbor 1.1.1.1 description iBGP with our other Primary Router  
neighbor 1.1.1.1 update-source Loopback0  
neighbor 1.1.1.1 version 4  
neighbor 1.1.1.1 next-hop-self  
neighbor 1.1.1.1 soft-reconfiguration inbound  
neighbor 1.1.1.1 maximum-prefix 250000  
neighbor 172.16.200.1 remote-as 300  
neighbor 172.16.200.1 description eBGP with ISP2  
neighbor 172.16.200.1 password cisco123  
neighbor 172.16.200.1 version 4  
neighbor 172.16.200.1 prefix-list announce out  
neighbor 172.16.200.1 route-map eBGP_ACL out  
no auto-summary  
!
ip route 1.1.1.1 255.255.255.255 192.168.1.1  
!
!
ip prefix-list announce description Our allowed routing announcements  
ip prefix-list announce seq 5 permit 192.168.1.0/24  
ip prefix-list announce seq 10 deny 0.0.0.0/0 le 32  
access-list 1 permit 192.168.1.0 0.0.0.255  
!
route-map eBGP_ACL permit 10  
match ip address 1  
set as-path prepend 100  
!

Notice in the above configuration the HSRP preempt is lower and we have additional route-map to prepend BGP, which tell the router this is longer path to the Internet.

LAN Router

One interface configured to route traffic to the HSRP VIP or virtual ip address. If one router goes off-line the other router become active and keeps the VIP as a default gateway for our LAN traffic from and to the Internet.

LAN Router Configurations

interface Loopback10  
ip address 192.168.50.1 255.255.255.0  
ip nat inside  
ip virtual-reassembly  
!
interface FastEthernet0/0  
ip address 192.168.1.10 255.255.255.0  
ip nat outside  
ip virtual-reassembly  
duplex auto  
speed auto  
!
ip forward-protocol nd  
ip route 0.0.0.0 0.0.0.0 192.168.1.3  
!
!
ip http server  
no ip http secure-server  
ip nat pool swimmingpool 192.168.1.100 192.168.1.200 netmask 255.255.255.0  
ip nat inside source list 10 pool swimmingpool overload  
!
access-list 10 permit 192.168.50.0 0.0.0.255  
!

Traffic from loopback interface is NATed and routed to the Internet.

Download GNS3 Topology and configuration attachment

Good Luck!

Hassan El-Masri

Network Consultant Engineer

comments powered by Disqus