Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Link Failover with BGP to Multihomed ISP

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Link Failover with BGP to Multihomed ISP

L1 Bithead

This configuration it's for a very particular case on my site.

I have three links with two ISP (for example: ISP1a,ISP1b,ISP2)

I cannot annunce at the same time my entire class over ISP1a and ISP1b for two reason:

1) BGP loop problem

2) For ISP commercial reasons only one line can transport traffic at time.

 

I want:

Annunce my entire class over ISP1a,ISP2 with two different local preference.

Only in the case BOTH link (ISP1a,ISP2) failure, start to annunce my entire class to ISP1b.

 

It's possible with Palo Alto ?

How?

 

Regards

Max

2 REPLIES 2

L5 Sessionator

You can't send local preference information outside of your AS. That attribute is only used within an AS to determine the preferred exit point.

That being said, you can often influence the local preference of neighboring AS by using community values. By passing a specific community to a neighbor AS, you can effect how traffic to your AS will be handled.

Check with ISP1 about community values you can pass to them that will influence their local preference. If they have this option, then you can announce your prefix out both ISP1 links and add community values to each that will influence the local preference within their AS to prefer link A. That should keep any traffic from going over link B unless there is a failure on link A. 

 

If you want to prefer ISP1a over ISP2 for inbound traffic, the typical way of influencing that decision is by prepending your AS to the announcement of your prefix to ISP2. This will make your ISP2 link less-desireable due to having a higher AS path count. 

You will also need to prepend your AS on the announcement out ISP1b, with a higher number of prepends, so that it will be less desireable than ISP2.

 

Or you could probably use Conditional BGP advertisement. If you are receiving the default route on all links,  the lack of receiving a default from both ISP1a and ISP2 will trigger the advertisement of your prefix to ISP1b.

 

 

I agree with rmfalconer. AS path prepend will be your best bet to influence inbound traffic. One link at a time will only be used to ISP1.

 

You need to make sure your outbound routing lines up too. You can optionally do static default routes with different metrics, and next-hop monitoring in PAN-OS 8 if through a switch.

  • 4122 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!