The border gateway protocol is the routing protocol of the internet. It allows organizations with blocks of public IPs, known as prefixes, to advertise these addresses to other bgp-speaking routers on the internet. The simple reason for the use of bgp is to “tell” other router on the internet how best to get to your network. BGP makes use of autonomous systems to advertise public prefixes so that other routers are informed on how to get to your autonomous system (AS).
One of the most common implementation of bgp is on a dual-ISP setup. So, in this demonstration, I will be showing us how to implement ebgp to load-balancing across two ISP links while making sure that all in-coming traffics fail over to the active ISP when the gateway of the other goes down.
I have two unequal connections to the internet with a prefix of 192.168.40.0/24 that I need to advertise to the internet via the two ISPs. Why would I want to do this? To make sure that my prefix is reachable via the two ISPs and that my network stays up as long as one of the ISPs is active.
>>>Implement bgp on the HQ router to successfully peer with the two ISP routers.
>>>For security purpose, make sure only the public prefix is being advertised to the ISPs.
>>>Using a bgp attribute, implement policies on the HQ router to ensure that higher number of in-coming packets are routed through ISP1 while the remaining goes through ISP2 but, all packets should pass through the active ISP in the event that anyone goes down.
Ether4=220.127.116.11/30: connects to ISP1
Ether5=18.104.22.168/30:vconnects to ISP2
Ether3=192.168.40.0/24: (our public IP block. Yes, I know it is not on the public range. It’s just for this demo)
[[email protected]] > ip add add address=22.214.171.124/30 interface=ether4 comment=ISP1-connection
[[email protected]] > ip add add address=126.96.36.199/30 interface=ether5 comment=ISP2-connection
Frist of all, we need to create a filter rule that will be used to prepend the AS-Path of the prefix advertised to ISP2. This will ensure that ISP1 becomes the most preferred link to get to our network.
Note that the ebgp multip-hop feature was not used because the peering was done on a physical interface on all the peering ISP routers. Assuming it done using a loopback interface on the ISP routers, then the ebgp multi-hop feature would have been used.
[[email protected]] > routing bgp peer add name=peer1 instance=default remote-address=188.8.131.52 remote-as=400 update-source=ether4( as an ISP, you can also implement a filterrule to allow only the public prefix of a client into the routing table of ISP1 router. We will do that on ISP2)
[[email protected]] > ip address add address=184.108.40.206/24 interface=bridge1 ( you can use any interface as your LAN instead of the bridge.)
Create a filter rule to accept only the prefix on HQ router. This will make sure that ISP2 does not receive the prefixes from any other router. This feature is used to save the router from having the entire routing table of the internet dumped on it.
Now, we need to see how the HQ prefix is being advertised to both ISPs. First, let’s check on ISP1.
How HQ is seen from ISP1
ISP1 routing table has entries for HQ’s prefix and the prefix of ISP2. Now, let’s see how many AS it will take to get to HQ from ISP1. To see that double-click on the HQ entry in the routing table and click on attributes.
From the image above, it takes one AS to get to HQ prefix from ISP1. Now, let’s look at ISP2.
Because of the filter rule, ISP2 has no entry for the prefix attached to ISP1(10.0.0.0/24). This is a good way of not only making sure that clients do not goof up your routing table but also saving your router’s processor. Now let’ts see how many AS it takes to get to HQ from ISP2. Remember we used AS-PATH-PREPEND for that peering with ISP2. Let’s see if it worked.
Beautiful! you can see from the image above that the 192.168.40.0/24 prefix has three AS- the original one plus the two we added. Take this like hop counts in RIP, one is better than three. When both ISPs advertise to upper providers, most of them will prefer the link from ISP1 because it has a shorter AS path to HQ.
Please, follow me on twitter, like on Facebook and subscribe to my channel on YouTube for more on Mikrotik, Cisco, and other tech-related knowledge. Thanks for reading and try to stay safe this new year and beyond.
Ashioma Michael, a BSc (Computer Science)., MTCNA, CCNA, and CCNP holder with many years of industry-proven experience in network design, implementation and optimization. He has tutored and guided many professionals towards obtaining their Cisco certifications. Mike works as a senior network engineer with one of the leading internet service providers in West Africa.