Scenario
You’ve got a single multi-homed BGP connection to two ISPs. You want to load balance traffic to a specific destination but you have no control over what the ISPs are doing with that route as it traverses the network! You helped the ISP build their network … but then they fired you and left you scratching your head trying to enable load balancing.
Goal:
- Nothing has been preconfigured for you!
- Make the required physical connections as depicted in the diagram.
- Configure the IP addresses as depicted in the diagram (begin with 192.168).
- Configure eBGP as follows using the connected physical interfaces as update sources:
* R1 to R3
* R1 to R2
* R3 to R4
* R4 to R5
* R2 to R5 - Add a loopback on R1 and R5 with addresses 1.1.1.1/32 and 5.5.5.5/32 respectively.
- Pull these loopbacks into BGP using the network command, and no other networks afterwards.
- Configure an outbound route-map on R5 to set the origin to “?” for all routes it sends to R2.
- Configure an outbound route-map on R5 to set the origin to “e” for all routes it sends to R4.
- Configure an outbound route-map on R2 to set the MED to 2 for all routes it sends to R1.
- Configure an outbound route-map on R3 to set the MED to 3 for all routes it sends to R1.
- Ensure R1’s BGP table reflects these updates, and ensure you have connectivity from 1.1.1.1 to 5.5.5.5.
- *** From this point forward, you cannot configure any other router except R1. You used to work at the ISP and configured their network for them, but they just fired you. ***
- Enable load balancing for the 5.5.5.5 network within BGP. You will know when you are successful when R1’s routing table has two entries for 5.5.5.5/32 (one next hop is R2, the other is R3).
IOS:
c3725-adventerprisek9-mz.124-7.image
Topology:
Do you want your CCNA or CCNP Certificate?
The How to Master series helps you to understand complex topics like spanning-tree, VLANs, trunks, OSPF, EIGRP, BGP and more.
Written by René Molenaar - CCIE #41726
Hi Rene,
Could you please upload the .net file this lab (BGP Multipath Load Balancing )
rajkumar,
Nothing has been preconfigured in this lab; there is no topology to download. You must build the lab from scratch. This is my preferred way of hammering home basic skills that cause us angst in our day to day troubleshooting.
I can’t figure out how to get 5.5.5.5 to be able to ping 1.1.1.1 even when I apply your final configs to the routers. It’s the damndest thing, every router has a route to the loopbacks and routers which are directly connected to R1/R5 can ping those loopbacks, but not the other side’s. For example, R3 can ping 1.1.1.1 but not 5.5.5.5 even though it has a route all the way through.
I am using c3725-advipservicesk9-mz.124-23.bin on the 3725 in GNS3.
@ juangolbez what does the sh ip bgp show on r3 for 5.5.5.5 ?
when you say every router has a route i assume you mean through bgp ? not through the use of statics (minus the neighboring router’s loopbacks)
Hi. You actually may be doing everything right. I had a similar issue until I realized that router 5.5.5.5 and 1.1.1.1 may not know how to go back to interfaces they are being pinged from.
Let’s say, if you are trying to ping from R1 to 5.5.5.5 you are actually pinging from 192.168.12.1 or 192.168.13.1. R5 does not have a route to 192.168.12.0/24 and 192.168.13.0/24 networks so the ping must fail. It’s the same situation if you ping R5 from R3 or R1 from R4.
However, if you use this command on R1 you will get a successful ping.
Ping 5.5.5.5 source 1.1.1.1
Cheers
what if u want R1 to ping 5.5.5.5 without using the source command
what do u do? without routing protocols
You’d have to pull the intermediate networks (the 192s) into BGP with network or redistribute commands. I didn’t see a reason to do that. Pinging using the source keyword makes more sense and better simulates real LAN to LAN communications. No one really cares about connectivity to the internetwork links … other than the routers.
This is because from R3 1.1.1.1’s next hop is reachable(D.C) and when pinging 5.5.5.5 from R3, R5 does not know how to get back.
Same will happen if you will ping 5.5.5.5 from R4, you will be able to do that as the next hop is directly connected or reachable. but you will not able to ping 1.1.1.1 from R4 due to the same reason.
Why there is no video for this 🙁
If have done everything fine and everything is working fine. But the command "" [b]bgp bestpath as-path multipath-relax[/b]"" is not working and was not able to complete the practical.
What IOS version?
Hi,
Thank you for this lab. would you please upload the video related to this lab
Hello Nick,
I was not able to figure out load balancing for that last point. From what I know you will be able to do only load sharing in this case since our router is connecting to 2 different ISPs. You can do only load balance to the same network if you have 1 rtr that is connecting to 2 routers of 1 ISP (in the same AS). Please correct me if I am wrong! I will be trying a lab with that to check if it’s working.
PS for the rest of the guys you need to advertise into BGP directly connected networks to fix it – network statement . (for example R1 doesnt know .25.0/24 network and R5 doesnt know .12.0/24 and that’s why ping if not working)
This lab requires a hidden BGP command that relaxes the rule about multipath selection.
for last point make static route form R1 to 5.5.5.5
Dear Sir,
I don’t understand these two config
Configure an outbound route-map on R5 to set the origin to "?" for all routes it sends to R2.
Configure an outbound route-map on R5 to set the origin to "e" for all routes it sends to R4
Please solve this.
You need to build a route-map and apply it outbound towards the specific neighbor to change the BGP attribute.
route-map BGP_R2_OUT permit 10
set origin incomplete
router bgp X
neighbor x.x.x.x route-map BGP_R2_OUT out
… as an example.
Hi guys,
doesnt work for me as well. This is my R1 config:
R1#sh run | s bgp
router bgp 1
no synchronization
bgp log-neighbor-changes
bgp bestpath as-path multipath-relax
network 1.1.1.1 mask 255.255.255.255
neighbor 192.168.12.2 remote-as 2
neighbor 192.168.13.3 remote-as 3
maximum-paths 2
no auto-summary
I tried it out with IOS versions
– c3725-adventerprisek9-mz.124-25d and
– c7200-spservicesk9-mz.152-4.S3
S
hi sandor. i did the same but i had to prepend the as-path on the routes coming from R3 to equal out the AS-PATH lenght. Max path is an attribute that comes after AS-path so you need to match the as-path length and enable multipath. once this is done you will find 2 routes in the routing table
multipath condition
as-path multipath-relax—allows the switch/router to treat paths received from different AS’s for multipath, if their AS-path lengths are the same and other multipath conditions are met.
Finally I made it work! (good thing you wrote here about bgp bestpath as-path multipath-relax)
R1#sh ip ro | b 5.5
B 5.5.5.5 [20/0] via 192.168.13.3, 00:03:41
[20/0] via 192.168.12.2, 00:03:41
Here’s my config: (note: some things are extra)
router bgp 1
no synchronization
bgp log-neighbor-changes
bgp bestpath as-path multipath-relax
network 1.1.1.1 mask 255.255.255.255
neighbor 192.168.12.2 remote-as 2
neighbor 192.168.12.2 route-map BGP2 in
neighbor 192.168.13.3 remote-as 3
neighbor 192.168.13.3 route-map BGP in
maximum-paths 5
no auto-summary
route-map BGP permit 10
set metric 0
set local-preference 90
set origin incomplete
route-map BGP2 permit 10
set metric 0
set local-preference 90
set origin incomplete
set as-path prepend 3
in order for the load balacing to work, there are some conditions that should be matched first: http://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/13753-25.html#bgpmpath
You are correct, and to test and see the load balancing in effect, you can do a ping from R1 to 5.5.5.5 source 1.1.1.1 repeat x times … turn on debug ip packet and see the packets sent to between the two AS towards the destination 5.5.5.5 network.
The router’s locally generated pings will be CEF-switched though, and should only take one path. Are you seeing something different?
Thing need to be done on R1 for the load balancing to work:
– Set bgp maximum-paths to 2 (or higher)
– Create an inbound route-map for route from R3, set metric to 2
– Create an inbound route-map for route from R2, prepend 2 to the route-map so the as-path from R2 and R3 routes are of same length.
– Enable the “bgp bestpath as-path multipath-relax” so the 2 as-paths do not need to be equal.
-> Load balancing will be activated.
Please upload the dot net file .Waiting for your kind response.
I apologize but the .net file is not available. If you build the lab from scratch, I can assure you that you will learn more.
interesting lab.
i have read several blog posts regarding the “bgp bestpath as-path multipath-relaxed” hidden command.
the ones i’ve read seem to suggest that this command will permit load balancing over eBGP paths with varying attributes so long as the AS-PATH attribute is equal in length over the different paths.
in this particular lab, i did not find that to be accurate.
i had to also make the origin attributes match for the different paths in order to achieve load balancing – did not need to adjust the metric (MED).
* NOTE: the “egp” origin attribute does not appear to be supported as a “route-map set” option in my code version; therefore, i could not set that as required by the lab:
R1(config)#route-map ONE permit 20
R1(config-route-map)#set origin ?
igp local IGP
incomplete unknown heritage
ORIGINAL R1 PATH ATTRIBUTES:
=====
R1(config-router)#do sh ip bgp | b Net
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.0/24 0.0.0.0 0 32768 i
* 5.5.5.0/24 192.168.13.3 3 0 3 4 5 i
*> 192.168.12.2 2 0 2 5 ?
PRE-PENDED AS-PATH FOR R2 (192.168.12.2) PATH:
=====
R1(config-router)#do sh ip bgp | b Net
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.0/24 0.0.0.0 0 32768 i
*> 5.5.5.0/24 192.168.13.3 3 0 3 4 5 i
* 192.168.12.2 2 0 2 2 5 ?
CHANGE ORIGIN ATTRIBUTE:
=====
1) CHANGE INCOMPLETE TO IGP
R1(config-router)#do sh ip bgp | b Net
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.0/24 0.0.0.0 0 32768 i
*> 5.5.5.0/24 192.168.13.3 3 0 3 4 5 i
*m 192.168.12.2 2 0 2 2 5 i
2) CHANGE IGP TO INCOMPLETE
R1(config-router)#do sh ip bgp | b Net
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.0/24 0.0.0.0 0 32768 i
*> 5.5.5.0/24 192.168.13.3 3 0 3 4 5 ?
*m 192.168.12.2 2 0 2 2 5 ?
RELEVANT INFO:
GSN3: 0.8.7 64-bit standalone
Cisco 7200 chassis
IOS code version: c7200-adventerprisek9-mz.152-4.S5
R1#sh run | se router bgp
router bgp 1
bgp router-id 1.1.1.1
bgp log-neighbor-changes
bgp bestpath as-path multipath-relax
network 1.1.1.0 mask 255.255.255.0
neighbor 192.168.12.2 remote-as 2
neighbor 192.168.13.3 remote-as 3
maximum-paths 2
Interesting comment, looks like you are using a pretty new version of IOS. Wonder if it changed. Route-map set egp is probably still there as a hidden command, but is now deprecated.
yep… hidden command.
awesome 🙂
Colorado#sh ver | i IOS
Cisco IOS Software, 7200 Software (C7200-ADVENTERPRISEK9-M), Version 15.2(4)S5, RELEASE SOFTWARE (fc1)
route-map RM1 permit 10
match ip address prefix-list PL1
set origin egp 65535
route-map RM1 permit 100
Colorado#sh ip bgp | b Network
Network Next Hop Metric LocPrf Weight Path
* 13.13.13.0/24 192.168.12.1 0 0 1 e
*> 192.168.23.3 0 0 1 i
Colorado(config-route-map)#set origin ?
igp local IGP
incomplete unknown heritage
Colorado(config-route-map)#set origin egp 65535 ?
% Unrecognized command
Colorado(config-route-map)#set origin egp 65535
Colorado(config-route-map)#
Hey guys,
I’ve setup the lab base so far with just the interfaces and save it if anyone wants to grab it.
See the topology layout for the interfaces I used, or change it as you need it.
Here is the link: (google drive)
http://goo.gl/m3D6Zb
Follow first 5 steps, leave rest all no need to configure R5, R2, R3 route maps for ? e and MED skip all of them, then login to R1 make sure you have this commands
route-map BGP permit 10
set metric 0
set local-preference 90
set origin incomplete
route-map BGP2 permit 10
set metric 0
set local-preference 90
set origin incomplete
set as-path prepend 3
router bgp 1
neighbor 192.168.13.3 remote-as 3
neighbor 192.168.12.2 remote-as 2
network 1.1.1.1 mask 255.255.255.255
bgp bestpath as-path multipath-relax
neighbor 192.168.12.2 route-map BGP2 in
neighbor 192.168.13.3 route-map BGP in
maximum-paths 5
end
clear ip bgp * soft
then sh ip route
C 192.168.12.0/24 is directly connected, FastEthernet0/1
1.0.0.0/32 is subnetted, 1 subnets
C 1.1.1.1 is directly connected, Loopback1
C 192.168.13.0/24 is directly connected, FastEthernet0/0
5.0.0.0/32 is subnetted, 1 subnets
B 5.5.5.5 [20/0] via 192.168.13.3, 00:08:01
[20/0] via 192.168.12.2, 00:08:01
sh ip bgp
R1#sh ip bgp
BGP table version is 13, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
r RIB-failure, S Stale
Origin codes: i – IGP, e – EGP, ? – incomplete
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.1/32 0.0.0.0 0 32768 i
* 5.5.5.5/32 192.168.13.3 0 90 0 3 4 5 ?
*> 192.168.12.2 0 90 0 3 2 5 ?
done
Here it is people!!!… if you wanna confirm if it is working, here’s what you should see:
First, R1 routing table toward 5.5.5.5:
5.0.0.0/32 is subnetted, 1 subnets
B 5.5.5.5 [20/0] via 192.168.13.3, 00:02:08
[20/0] via 192.168.12.2, 00:02:08
And traceroute from R1:
R1#traceroute 5.5.5.5
Type escape sequence to abort.
Tracing the route to 5.5.5.5
1 192.168.13.3
192.168.12.2
192.168.13.3
2 192.168.25.4
192.168.34.5
192.168.25.4
Good luck!!!… And FYI, this is not a common scenario within BGP’s world
Hello Rene,
Request you to please add a video of this topology.
Thanks in advance.
Hi Rene,
could you please share the video? 🙂
Please give a video Of thisss..
thought i did everything correct on this, but when debugging, all coming from the .12 network, so was not load balancing, however Nicholas Russo’s comments were dead on, as soon as i switched off CEF, could see load balancing working via the debug. thanks Nicholas, would have had me stumped for days if not weeks.
there is no config file attached
Best LAB… understood new command for BGP. Tried everything but failed and after looking into the comments found this new command which helped to complete this LAB. Thanks Rene 🙂
I though this lab will be straight forward, but hmm no.
I had to adjust metric, as path, and origin to make it work, plus the hidden command.
R1#show run | se bgp
router bgp 1
no synchronization
bgp log-neighbor-changes
bgp bestpath as-path multipath-relax
network 1.1.1.0 mask 255.255.255.0
neighbor 192.168.12.2 remote-as 2
neighbor 192.168.12.2 route-map R2 in
neighbor 192.168.13.3 remote-as 3
neighbor 192.168.13.3 route-map R3 in
maximum-paths 2
no auto-summary
R1#show route-map
route-map R2, permit, sequence 10
Match clauses:
Set clauses:
as-path prepend last-as 1
origin egp 2
Policy routing matches: 0 packets, 0 bytes
route-map R3, permit, sequence 10
Match clauses:
Set clauses:
metric -1
Policy routing matches: 0 packets, 0 bytes
R1#
R1#
R1#show ip route 5.5.5.5
Routing entry for 5.5.5.0/24
Known via “bgp 1”, distance 20, metric 2
Tag 2, type external
Last update from 192.168.12.2 00:06:43 ago
Routing Descriptor Blocks:
* 192.168.13.3, from 192.168.13.3, 00:06:43 ago
Route metric is 2, traffic share count is 1
AS Hops 3
Route tag 2
192.168.12.2, from 192.168.12.2, 00:06:43 ago
Route metric is 2, traffic share count is 1
AS Hops 3
Route tag 2
This is a good one! I really enjoyed it, makes you think outside the box.
Carlos Dias
Are there final configs somewhere so I can check my work?