Category: Hsrp

HSRP BGP LAb: Tracking path by ip SLA for multihomed ISP

6/25/2013

This lab is same as previous Lab " HSRP Redundancy in Multi-homed ISPs - BGP AS-Path prepending" in many aspects but there were some short commings left in previous labs. Previously if our immediate route failed between our HSRP divice and ISP; we can track that but what if; Any of the link between source and destination fail. Previous configuration let our HSRP device working as Active device and we will face severe packet losses and communication errors. Here in this lab we will track ip addresses instead of connected interfaces so that if that route become unavailable then Active HSRP shift its role to standby ISP.

Let's do our lab.

Requiremnents:

Configure IP Addresses as per diagram. Configure one loop back address 5.5.5.5 on Internet router.
Configure HSRP on both HSRP1 (Active) and HSRP2 (standby). Track ip address between HSRP1 & internet for fail-over.
Configure IBGP in a way that HSRP1 should not sent BGP update to its neighbor HSRP2 and vice versa
Without doing any configuration related to propagating any network to neighbors, redistribution, static routing. Make sure network 100.10.10.0 should communicate to network 5.5.5.5.
Packet coming from internet router to LAN should take preffered path and ensure that secondary path route becomes less preferred as compared to preferred path
For verification use following command and compare results with previous Lab " HSRP Redundancy in Multi-homed ISPs - BGP AS-Path prepending" results. Follow these commands and take help from previous lab
Show ip route ; Show ip bgp ip-address ; traceroute or tracert ; ping ; show standby (for HSRP) ; show standby brief ; show ip bgp summary ; show ip bgp ; debug ip bgp etc

! HSRP1 Configuration
interface Serial0/0
ip address 16.16.16.1 255.255.255.0
no shut

interface FastEthernet0/1
ip address 100.10.10.1 255.255.255.0
no shut

standby 10 ip 100.10.10.100
standby 10 priority 150
standby 10 preempt delay minimum 70

standby 10 track 1 decrement 60

track 1 ip route 5.5.5.0 255.255.255.0 reachability

router bgp 50
network 100.10.10.0 mask 255.255.255.0
neighbor 16.16.16.2 remote-as 80
neighbor 100.10.10.2 remote-as 50
neighbor 100.10.10.2 next-hop-self
neighbor 100.10.10.2 transport connection-mode passive

! HSRP2 Configuration
interface FastEthernet0/0
ip address 100.10.10.2 255.255.255.0
no shut

standby 10 ip 100.10.10.100
standby 10 priority 120
standby 10 preempt
standby 10 track Serial0/0

interface Serial0/0
ip address 22.22.22.1 255.255.255.0
no shut

router bgp 50
network 100.10.10.0 mask 255.255.255.0
neighbor 22.22.22.2 remote-as 200
neighbor 22.22.22.2 route-map AS-Path-Append out

neighbor 100.10.10.1 remote-as 50
neighbor 100.10.10.1 next-hop-self
neighbor 100.10.10.1 transport connection-mode passive

access-list 10 permit 100.10.10.0

route-map AS-Path-Append permit 10
match ip address 10
set as-path prepend 50

! ISP1 Configuration
interface Serial0/0
ip address 16.16.16.2 255.255.255.0
no shut

interface Serial0/1
ip address 160.16.16.1 255.255.255.0
no shut

router bgp 80
neighbor 16.16.16.1 remote-as 50
neighbor 160.16.16.2 remote-as 500

! ISP2 Configuration
interface Serial0/0
ip address 22.22.22.2 255.255.255.0
no shut

interface Serial0/1
ip address 210.16.16.2 255.255.255.0
no shut

router bgp 200
neighbor 22.22.22.1 remote-as 50
neighbor 210.16.16.1 remote-as 500

! Internet Configuration
interface Loopback0
ip address 5.5.5.5 255.255.255.0

interface Serial0/0
ip address 160.16.16.2 255.255.255.0
no shut

interface Serial0/1
ip address 210.16.16.1 255.255.255.0
no shut

router bgp 500
network 5.5.5.0 mask 255.255.255.0
neighbor 160.16.16.1 remote-as 80
neighbor 210.16.16.2 remote-as 200

Configuration Explanation

70 seconds delay so that BGP routes get into routing table.
Tracking track 1 (mentioned in next command). If 5.5.5.0 route fail to come into route table of HSRP1 ; HSRP1 shift role to standby router (HSRP router) by decrementing its current priority from 150 to 90

track to check if 5.5.5.0 is reachable

This command let HSRP2 not sending updates to its specified neighbor

when communicating to neighbor 22.22.22.2 and sending information out to it; BGP should consult route-map name AS-PAth-Append

This command let HSRP2 not sending updates to its specified neighbor

Access list 10 permitting route. (We use this in route map)

Here comes route map
route map will match all ip addresses in access list 10
if match found then it will prepend its AS-Path attribute with 50. This will let outside world (AS) perceive that this route is the longest one as compared some other actually equal route.

HSRP Redundancy in Multi-homed ISPs - BGP AS-Path prepending

6/24/2013

In this lab, we are going to use IBGP and EBGP for peer relationship. HSRP will provide us redundant gateways as if active fail; standby will take the place of active HSRP. Read requirements carefully.

Requiremnents:

Configure IP Addresses as per diagram. Configure one loop back address 5.5.5.5 on Internet router.
Configure HSRP on both HSRP1 (Active) and HSRP2 (standby). Track interface between HSRP1 & ISP1 and HSRP2 & ISP2 for fail-over.
Without doing any configuration related to propagating any network to neighbors, redistribution, static routing. Make sure network 100.10.10.0 should communicate to network 5.5.5.5.
Packet coming from internet router to LAN should take preffered path and ensure that secondary path route becomes less preferred as compared to preferred path
Demonstrate internet router path for 100.10.10.0 network by using show ip bgp 100.10.10.0 command and by traceroute.

! HSRP1 Configuration
interface Serial0/0
ip address 16.16.16.1 255.255.255.0
no shut

interface FastEthernet0/1
ip address 100.10.10.1 255.255.255.0
no shut

standby 10 ip 100.10.10.100
standby 10 priority 150
standby 10 preempt delay minimum 70

standby 10 track Serial0/0 60

router bgp 50
network 100.10.10.0 mask 255.255.255.0
neighbor 16.16.16.2 remote-as 80
neighbor 100.10.10.2 remote-as 50
neighbor 100.10.10.2 next-hop-self

! HSRP2 Configuration
interface FastEthernet0/0
ip address 100.10.10.2 255.255.255.0
no shut

standby 10 ip 100.10.10.100
standby 10 priority 120
standby 10 preempt
standby 10 track Serial0/0

interface Serial0/0
ip address 22.22.22.1 255.255.255.0
no shut

router bgp 50
network 100.10.10.0 mask 255.255.255.0
neighbor 22.22.22.2 remote-as 200
neighbor 22.22.22.2 route-map AS-Path-Append out

neighbor 100.10.10.1 remote-as 50
neighbor 100.10.10.1 next-hop-self

access-list 10 permit 100.10.10.0

route-map AS-Path-Append permit 10
match ip address 10
set as-path prepend 50

! ISP1 Configuration
interface Serial0/0
ip address 16.16.16.2 255.255.255.0
no shut

interface Serial0/1
ip address 160.16.16.1 255.255.255.0
no shut

router bgp 80
neighbor 16.16.16.1 remote-as 50
neighbor 160.16.16.2 remote-as 500

! ISP2 Configuration
interface Serial0/0
ip address 22.22.22.2 255.255.255.0
no shut

interface Serial0/1
ip address 210.16.16.2 255.255.255.0
no shut

router bgp 200
neighbor 22.22.22.1 remote-as 50
neighbor 210.16.16.1 remote-as 500

! Internet Configuration
interface Loopback0
ip address 5.5.5.5 255.255.255.0

interface Serial0/0
ip address 160.16.16.2 255.255.255.0
no shut

interface Serial0/1
ip address 210.16.16.1 255.255.255.0
no shut

router bgp 500
network 5.5.5.0 mask 255.255.255.0
neighbor 160.16.16.1 remote-as 80
neighbor 210.16.16.2 remote-as 200

Configuration Explanation

70 seconds delay so that BGP routes get into routing table.
Tracking serial 0/0 so that if it gets failed; HSRP shift role to standby router

when communicating to neighbor 22.22.22.2 and sending information out to it; BGP should consult route-map name AS-PAth-Append

Access list 10 permitting route. (We use this in route map)

Here comes route map
route map will match all ip addresses in access list 10
if match found then it will prepend its AS-Path attribute with 50. This will let outside world (AS) perceive that this route is the longest one as compared some other actually equal route.

BGP network verification

Internet#show ip bgp 100.10.10.0
BGP routing table entry for 100.10.10.0/24, version 3
Paths: (2 available, best #2, table Default-IP-Routing-Table)
Flag: 0x820
Advertised to update-groups:
        1
200 50 50 [Look here you see that actual AS-Path should have (200 50) but due to route map and AS-Path prepend applied on HSRP2 router; Router AS path is showing that this route will go from 3 AS]
    210.16.16.2 from 210.16.16.2 (210.16.16.2)
      Origin IGP, localpref 100, valid, external
80 50 [Here there are 2 AS in AS-Path; hence preferable]
    160.16.16.1 from 160.16.16.1 (160.16.16.1)
      Origin IGP, localpref 100, valid, external, best

Trace route verification

When both HSRP routers are running cool and tracked interfaces have no issues at all. Following is the trace route.

pc1V10[1]> tracert 5.5.5.5
traceroute to 5.5.5.5, 64 hops max, press Ctrl+C to stop
1   100.10.10.1   70.000 ms 62.000 ms 40.000 ms
2   16.16.16.2   80.000 ms 40.000 ms 36.000 ms
3   *160.16.16.2   107.000 ms

(Please note that as 5.5.5.5 is a loopback thats why
traceroute just stops here)

Anyhow see the path. PAckets are taking HSRP1 path.

Now I have shutdown HSRP and ISP1 interface so that HSRP2 should take Active role. Now see results

Internet#show ip bgp 100.10.10.0
BGP routing table entry for 100.10.10.0/24, version 4
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Flag: 0x820
Advertised to update-groups:
        1
200 50 50
    210.16.16.2 from 210.16.16.2 (210.16.16.2)
      Origin IGP, localpref 100, valid, external, best

Please note that now previously preferred route is not there

pc1V10[1]> tracert 5.5.5.5
traceroute to 5.5.5.5, 64 hops max, press Ctrl+C to stop
1   100.10.10.2   60.000 ms 30.000 ms 30.000 ms
2   22.22.22.2   60.000 ms 40.000 ms 40.000 ms
3   *210.16.16.1   72.000 ms

(Please note that as 5.5.5.5 is a loopback thats why
traceroute just stops here)

Anyhow see the path. PAckets are taking HSRP2 path.

HSRP in a multihomed BGP network

6/24/2013

Multihomed Border Gateway Protocol (BGP) network where you have connections to more then one separate Internet service providers (ISPs). In the event of a failure of connectivity toward one ISP, the traffic is rerouted dynamically through the other ISP with the Hot Standby Router Protocol (HSRP).

Requirements:

Configure IP Addresses on physical and vlan interfaces as per diagram
Configure HSRP on MLS1 and MLS2 so that MLS1 become HSRP Active and MLS2 will act as standby. MLS2 should take Active role if MLS one gets down or Interface between MLS1 and ISP goes down..
Configure EBGP neighbor relationship as required
Redistribute connected interfaces via BGP. MLS1 and MLS2 should not redistribute their connected interface
Send routing information of 100.10.10.0 network to all network routers via BGP.
Find result by pinging all interfaces and by finding traceroute of all interfaces

! MLS1HSRP1active Configuration
interface FastEthernet0/0
ip address 1.1.1.1 255.255.255.252
no shut

interface Vlan1
ip address 100.10.10.1 255.255.255.0
standby 10 ip 100.10.10.100
standby 10 priority 90
standby 10 preempt
standby 10 track FastEthernet0/0

router bgp 65222
network 100.10.10.0 mask 255.255.255.0
neighbor 1.1.1.2 remote-as 10

! ISP Configuration
interface FastEthernet0/0
ip address 1.1.1.2 255.255.255.252
no shut

interface Serial0/0
ip address 11.1.1.1 255.255.255.252
no shut

router bgp 10
redistribute connected
neighbor 1.1.1.1 remote-as 65222
neighbor 11.1.1.2 remote-as 20

! R8 Configuration
interface Serial0/0
ip address 11.1.1.2 255.255.255.252
no shut

interface Serial0/1
ip address 150.1.1.1 255.255.255.252
no shut

router bgp 20
redistribute connected
neighbor 11.1.1.1 remote-as 10
neighbor 150.1.1.2 remote-as 333

! R10 Configuration
interface Serial0/0
ip address 150.1.1.2 255.255.255.252
no shut

interface Serial0/1
ip address 170.1.1.1 255.255.255.252
no shut

interface Serial0/2
ip address 12.1.1.1 255.255.255.252
no shut

router bgp 333
redistribute connected
neighbor 12.1.1.2 remote-as 440
neighbor 150.1.1.1 remote-as 20
neighbor 170.1.1.2 remote-as 200

! MLS2HSRP2standby Configuration
interface FastEthernet0/0
ip address 2.2.2.1 255.255.255.252
no shut

interface Vlan1
ip address 100.10.10.2 255.255.255.0
standby 10 ip 100.10.10.100
standby 10 priority 50
standby 10 preempt
standby 10 track FastEthernet0/0

router bgp 65222
network 100.10.10.0 mask 255.255.255.0
neighbor 2.2.2.2 remote-as 100

! ISP2 Configuration
interface FastEthernet0/0
ip address 2.2.2.2 255.255.255.252
no shut

interface Serial0/0
ip address 22.1.1.1 255.255.255.252
no shut

router bgp 100
redistribute connected
neighbor 2.2.2.1 remote-as 65222
neighbor 22.1.1.2 remote-as 200

! R9 Configuration
interface Serial0/0
ip address 22.1.1.2 255.255.255.252
no shut

interface Serial0/1
ip address 170.1.1.2 255.255.255.252
no shut

router bgp 200
redistribute connected
neighbor 22.1.1.1 remote-as 100
neighbor 170.1.1.1 remote-as 333

! Internet Configuration
interface Loopback0
ip address 44.44.44.44 255.255.255.255

interface Serial0/0
ip address 12.1.1.2 255.255.255.252
no shut

router bgp 440
redistribute connected
neighbor 12.1.1.1 remote-as 333

HSRP Basic lab1

6/22/2013

Requirement:

Configure IP address as per topology
Configure standby IP / VIP as per topology
Verify by debugging and see results
Configuring priority and preempt option
verify results again
Try to ping from PC to gateway. Take down active router interfaces by shutting it down. See if standyby router behave working as active and ping gets successful. Repeat same for standy router and see if listening router change its status from listening -> standby -> Active
Verification Command
show standby
show standby brief
debug standby
debug standby event
debug standby packet

! Active Configuration
hostname Active

interface FastEthernet0/0
ip address 1.1.1.50 255.255.255.0
no shutdown

standby 1 ip 1.1.1.100
standby 1 priority 200

standby 1 preempt

! standby Configuration
hostname standby

interface FastEthernet0/0
ip address 1.1.1.55 255.255.255.0
no shutdown

standby 1 ip 1.1.1.100
standby 1 preempt

! Listening Configuration
hostname Listening

interface FastEthernet0/0
ip address 1.1.1.52 255.255.255.0
no shutdown

standby 1 ip 1.1.1.100
standby 1 priority 50
standby 1 preempt

!PC1 Configuration
interface FastEthernet0/0
ip address 1.1.1.1 255.255.255.0
no shutdown

Configuration Explanation
Changing host name to Active

Enabling interface with ip address

HSRP VIP address. We use it as a gateway
HSRP priority 200; Help us to decide between Active; Standby and Listening