BGP not failing over with "neighbor x.x.x.x shutdown" command

[ARatt]

Hello,

If anyone is able to help with this, I really, really appreciate it.

I have recently setup my first BGP connection. I have two ISP's, each connected to by it's own router. After setting it up, I wanted to test the failover ability. I did this by tracerouting to our BGP network to find out what path a ping would take. I then ran a constant ping from the outside to the IP address. I then went to the corresponding router and entered the "neighbor xxx.xxx.xxx.xxx shutdown" command. At this point the ping timed out and was still timed out after 5 minutes. When I "no neighbor xxx.xxx.xxx shutdown" the ping started getting replies again.

I thought the failover would have happened with 3 minutes and during the same continuous ping. But it didn't.

I was able to verify that I could get to our BGP network from both ISP's by tracing from multiple locations on the internet until one finally came in from the other IP.

I will post my configs in first response to this Question.

 

[lady3jane]

how about HSRP? not sure if it would work in your scenerio but, you might have better luck.

 

[ARatt]

Here are the two configs I am using.

Router One
interface Ethernet3/0
ip address 51.46.68.2 255.255.255.0 secondary
ip address 25.15.71.201 255.255.255.248
no ip route-cache
no ip mroute-cache
no keepalive
full-duplex
no cdp enable
standby 1 ip 51.46.68.3
standby 1 priority 120
standby 1 preempt
standby 1 authentication 2b
standby 1 track Serial3/0
!
interface Serial3/0
description ID# CDAI1E570001 XO Communications: 01-03960: COI Food Services
ip address 25.15.72.202 255.255.255.252
encapsulation ppp
no ip route-cache
no ip mroute-cache
no fair-queue
service-module t1 timeslots 1-24
service-module t1 remote-alarm-enable
!
router rip
network 25.0.0.0
!
router bgp 2418
no synchronization
bgp log-neighbor-changes
bgp dampening
network 51.46.68.0 mask 255.255.255.0
neighbor 25.15.72.201 remote-as 1728
neighbor 25.15.72.201 description BGP session
neighbor 25.15.72.201 soft-reconfiguration inbound
neighbor 25.15.72.201 distribute-list 70 out
neighbor 51.46.68.1 remote-as 2418
neighbor 51.46.68.1 description iBGP
neighbor 51.46.68.1 next-hop-self
no auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 25.15.72.201
ip route 0.0.0.0 0.0.0.0 51.46.68.1 100
no ip http server
ip pim bidir-enable
!
access-list 70 permit 51.46.68.0 0.0.0.255



Router TWO
interface Ethernet3/0
ip address 51.46.68.1 255.255.255.0 secondary
ip address 62.38.20.161 255.255.255.224
full-duplex
standby 1 ip 51.46.68.3
standby 1 priority 110
standby 1 preempt
standby 1 authentication 2b
!
interface Serial3/0
no ip address
encapsulation frame-relay IETF
frame-relay lmi-type ansi
!
interface Serial3/0.1 point-to-point
ip address 62.38.201.122 255.255.255.252
frame-relay interface-dlci 511
!
router rip
network 62.0.0.0
!
router bgp 2418
no synchronization
bgp log-neighbor-changes
bgp bestpath dampening
bgp dampening
network 51.46.68.0 mask 255.255.255.0
neighbor 62.38.201.121 remote-as 4312
neighbor 62.38.201.121 description BGP session
neighbor 62.38.201.121 soft-reconfiguration inbound
neighbor 62.38.201.121 distribute-list 70 out
neighbor 51.46.68.2 remote-as 2418
neighbor 51.46.68.2 description iBGP(local) session
neighbor 51.46.68.2 next-hop-self
no auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 62.38.201.121
ip route 0.0.0.0 0.0.0.0 51.46.68.2 100
no ip http server
ip pim bidir-enable
!
!
access-list 70 permit 51.46.68.0 0.0.0.255

 

[ARatt]

Lady3Jane,

I am using HSRP and that works well for outgoing traffic. Though I still need to test by unplugging primary ip's connection.

The problem I am having though is testing to verify that the BGP network access properly fails over to the second ISP if the first ISP goes down. It didn't work with a "neighbor xxx.xxx.xxx.xxx shutdown" command when it appears that it should have.

Any ideas on testing the failover?

Thanks for responding!

 

[baddos]

Have your ISP's send you default routes and remove your static routes. The problem is that when you "shutdown" the BGP session, you aren't removing the route to the xxx.xxx.xxx.xxx address that's in your static route. This is because the connected interface is up, so that route is valid and is installed in the routing table.

If you received default routes from both your ISPS and removed your static routes, if you "shutdown" a BGP session the default route from the session would be removed.

If I was you, this is what I would do in addition to calling your ISPs and having them send you default routes.

Router ONE:

no router rip
network 25.0.0.0
route ospf 100
network 25.15.72.201 0.0.0.3 area 0
network 51.46.68.0 0.0.0.255 area 0
!
no ip route 0.0.0.0 0.0.0.0 25.15.72.201
no ip route 0.0.0.0 0.0.0.0 51.46.68.1 100

Route TWO:

no router rip
network 25.0.0.0
route ospf 100
network 62.38.201.121 0.0.0.3 area 0
network 51.46.68.0 0.0.0.255 area 0
!
no ip route 0.0.0.0 0.0.0.0 62.38.201.121
no ip route 0.0.0.0 0.0.0.0 51.46.68.1 100

 

[StarTAC]

this is interesting.. so, Baddos, what u are saying is that for a BGP session to failover to ISP2, both ISPs should send u default routes, which your local BGP session installs into the routing table..

however, which default route will BGP choose, if it gets both from ISP1 and ISP2..?.. ideally, u want ISP1 to be the primary, but what will stop ISP2's default route from being chosen over ISP1..?..

also, just incase, i am ISP1 or ISP2, what command would i use to send the default route to my multi-homed client..?..

looking forward to your response..

 

[dnels]

Have you tried a traceroute from the Internet to make sure that the route is changing and you are getting to ISP2 when you turn down BGP to ISP1? The default route you have will cause problems because it is based on the state (up/down) of the link and not the health of the networks on the other side of the link.

If you are receiving routes from the ISP then you can use a network or supernet to point the static default route to. Then if that route is lost the default would go away. You can use a local preference to prefer one static default over the other since you have an iBGP session.

If they are not sending routes then you will need them to send a default route. You can also set a local preference, if you get the ISPs to send you the default, to favor one ISP over the other.

Good Luck

 

[StarTAC]

ok.. now i get it.. when u get the default routes from both ISPs, u use a local preference attribute in the BGP session to prefer one route over the other..

so when your main link fails, you fall back to the second preference, which is ISP B..

cheers..

 

[baddos]

What I'm saying is that the static route doesn't go down when he "shutdown" the BGP peer session, because the route isn't withdrawn. It's static, so it's still valid even though the connection should be down (because the interface is still up). On the other hand, a default route that is "learned" from the BGP peer will be withdrawn when that peer session goes down (either by a "shutdown" or a real disturbance in service).