Internet Failover BGP

I am seeking some help with configuring auto failover using BGP between our two internet links.
Currently BGP is set up on both internet links and I can manually failover the subnets by removing the vlan gateways from the primary and adding them to the secondary and vice versa.

Ideally I want this automate so in the event of the primary link going down in and out traffic is route via the secondary.

Has anyone done this and if so could you share your configuration with me?


2 replies

Userlevel 6
Check VRRP with tracking, you could track a route or ping a host and use that to move the VRRP master to the other switch.
The same can be done with ESRP.
Userlevel 5
Those two Internet links, are they on the same router or on two different routers?
I assume you're getting BGP routes from your ISP - make sure you're getting the "default route" from them as well (or only the default, or default plus their 'local' routes, whatever suits you best)

The way I've set this up is:
- vrrp between your two Internet routers (if you only have one that has both Internet uplinks, you skip that)
- Your network's default gateway is the VRRP IP of the two routers (or the router's IP, if you only have one)
- Have both of your routers talk BGP to each other, with each other's neighbor configured with the "next-hop-self" option (skip if only one router)
- Make sure you do NOT have a manually configured default route on the routers to your ISPs. Remember, you got the default route advertised from them.

That way, both routers end up knowing "best paths" to certain locations on the Internet - either through ISP-1 or ISP-2 - I know, not what you asked for, but if your ISPs give you a set of routes on top of the default route, it's a nice side-effect 🙂

Also, if one of the ISPs goes down for whatever reason, you drop all of their routes, including the default route - automatically leaving only the other provider's default route in place. And because both of your routers know about this via their own BGP exchange, they'll just route to the provider that's still up.

Now, if one of your routers dies, that's when VRRP fails over to the other router, and you're still in good shape.

I think the short version is: get default route from the providers to the routers, don't set your own default route, set up VRRP between the routers, and things should work.

Be cautious: If you get full Internet routes + default from your providers, you'll most likely have to use some filtering on the incoming routes, because the number of routes (especially from two or more providers) will likely be too large for your average router. Be that Cisco or Extreme or whatever, unless you get the routers that cost more than your house (or a NY City apartment), you'll likely have route limits that if exceeded, cause the router to bail out in interesting ways.

Good luck, and let us know if that wasn't what you were looking for 🙂