5

I am currently using a very simple eBGP and iBGP configuration in my network to route out through a single ISP. This diagram gives a rough idea of what I currently have in operation: Single homed BGP

I am running out of capacity through ISP 1 and would like to add an additional ISP and create a dual homed setup. I have a /20 from ARIN that I am advertising to ISP1.

This is the setup I would like to end up with:

Dual Homed eBGP

I know that I can use local-pref to control which of my two edge routers customer traffic should exit through. However, inbound route control is more difficult.

I would like to advertise my same /20 to both ISP 1 and ISP 2. Is there any way I can load-balance incoming traffic into my network? I know there are tricks such as as-path prepending, etc...

I don't want to run into a situation where all inbound traffic is taking preference through ISP 1, to the point where I'm maxing out the 1G connection, while ISP 2 sits idle.

I use VyOS on my edge routers.

Improve this question
4
  • Some of networkengineering.stackexchange.com/questions/1745/… may be applicable here.
    – generalnetworkerror
    Commented Feb 3, 2015 at 9:22
  • Cant you just configure the same weight of the 2 routes and it will do a round robin load balancing?
    – Victor Nordmark
    Commented Feb 3, 2015 at 10:04
  • Victor, that's how I was hoping it would work. But I began doing some research and it seems that BGP will just pick one of the routes, not load balance between the two.
    – Ethan H.
    Commented Feb 3, 2015 at 20:18
  • RR would be a serious headache to your clients. A flow needs to stick to a single path (as long as the path is working.) Bouncing between ISPs leads to a random, out-of-order mess.
    – Ricky
    Commented Feb 3, 2015 at 22:34

4 Answers 4

Reset to default
5

inbound route control is more difficult

Understatement of the century. Just as you can use local-pref to push traffic out which ever pipe you wish, others can as well. As a result, you have little control over how traffic reaches you. AS-PATH is the only sure-fire way to remotely influence route preference (and the local network admin can still override it, but my experience says that's rare.) Depending on your two ISPs, there may be various communities that can limit where your routes go.

Improve this answer
4
  • Ok, this makes sense. So follow up question. I am advertising my entire /20. Say, for example, I assign each of my customers a /29. Is there any way I can choose whether or not to prepend the AS path based on the customers source IP? I think this will become a problem because the AS path prepend can only be done on the entire /20, is this true? Will I need to split up my block into /24s to increase granularity and routing control?
    – Ethan H.
    Commented Feb 3, 2015 at 20:27
  • Your /20 is one route announcement. You can change the attributes announced to each BGP peer (ISP), but that's all. Any finer controls would require additional announcements (breaking up the /20) You can announce the /20 and only a few more specific /24's (if your peers will allow it)
    – Ricky
    Commented Feb 3, 2015 at 22:30
  • Well, you can keep your /20 announced on both, and announce more specific routes individually, say a /21 on each, or even divide the 8 possible /23 routes across the ISPs in any way you want. Commonly a /23 is the smallest route that everyone should accept
    – Roy
    Commented Jul 8, 2015 at 0:18
  • /24 is the minimum -- it's the smallest block any RIR will hand out.
    – Ricky
    Commented Jul 8, 2015 at 7:13
3

Rule number 1 of BGP: "You can't tell someone else what to do with their traffic. You can only gently prod them in the right direction."

AS-Path Prepending would be my recommendation. If your upstream strips of the prepending, phone them up and ask them nicely to stop. :)

Local-Preference would be my recommendation for outbound load balancing. You can easily create policies that attach a local preference to BGP communities. You then tag the communities when the routes are advertised to you. The ISP I work for does this to seperate out domestic peerings vs international, and public peering exchanges, different locations, and so on. Makes it easy to see where routes have come from and then apply an L-Pref to them. You can then also potentially use communities to advertise bgp remote triggered black hole (RTBH), if your upstreams support it of course.

Edit: Was just thinking. We have a situation where we want a 100% guarantee that an upstream will use a certain path for return traffic. We advertise to them the individual /24's instead of the bigger supernet. Could be a potential option as longest match always wins over anything else.

Improve this answer
0

Like others have said, there's no foolproof way to do this, and it will constantly need tweaking. That said, we've had the best luck by deaggregating. I know it's very frowned upon, but it seems to be pretty effective. Essentially, continue to advertise the /20 to both providers, but then also advertise the first half of the /20 (a /21) to ISP 1 and advertise the last half of the /20 (a /21) to ISP 2. Thus, all traffic destined to the first /21 uses ISP 1, and all traffic destined to the second /21 uses ISP 2. If either connection fails, the /20 advertised to the other ISP will keep everything flowing.

Like I said, I know this is bad form and frowned upon...but it works.

Improve this answer
-1

You can use MED to influence inbound traffic to your AS.

Improve this answer
1
  • MEDs only work if you have multiple sessions with the same ASN, not for multiple upstream ISP's.
    – Teun Vink
    Commented Feb 11, 2015 at 20:29

Not the answer you're looking for? Browse other questions tagged or ask your own question.