2 WAN BGP failover

saibarker · Wed Sep 04, 2019 5:44 am

Hi,

I have a bit of an odd scenario..

I have 2x WAN connections which both advertise the 103.107.224.0/23 network with AS 123456 via BGP. WAN1 is SFP1 and WAN2 is SFP2

I have local subnet 10.10.2.0/24 and 103.107.224.0/23
I want 103.107.224.0/23 to primarily use the WAN1 connection and failover to WAN2 if WAN1 fails
I also want 10.10.2.0/24 to primarily use the WAN2 connection and failover to WAN1 if WAN2 fails.

Can this be done on my CCR1036? if so what would a config look like?

Thanks in advanced,

pwuk · Thu Sep 05, 2019 10:54 am

Route filters
* Wan1-out -- set 10.10.2.0/24 to as-prepend of 2
* Wan2-out -- set 103.107.224.0/23 to as-prepend of 2

That would mean that incoming traffic would

However for outgoing traffic I think you'd have to use routing marks if you only have one router, and from memory that involves using /routing bgp instance set routing-table=, and running two instances (presumably with ibgp between them)

I determined this was probably possible, but would be tricky, especially for people trying to understand what was happening in stressful cases, so opted for two routers, with WAN1 on one router, WAN2 on the other router, home traffic for WAN1 out on router 1, home traffic on WAN2 out on router 2, set weights, and ibgp between them.

You might be able to cheat by setting a static default route using
ip-mangle -- set routing mark on traffic from 103.10.... to "viaWAN2"
ip route -- add a default low metric to the WAN1 gateway and use check-gateway=ping
ip route -- add a default low metric to the WAN2 gateway for those marked "viaWAN2" and use check-gateway=ping
ip route -- add a default higher metric to the WAN2 gateway and use check-gateway=ping
ip route -- add a default higher metric to the WAN1 gateway for those marked "viaWAN2" and use check-gateway=ping

Although if BGP fails but the circuit doesn't, you may end up with unidirectional routes

Hopefully someone will come along and say "oh no, this is really standard, you just do $this and it works", as that would be really useful for me too!

ingdaka · Thu Sep 05, 2019 12:04 pm

First of all 10.10.... looks like is an Private IP, you cannot advertise them to BGP!

saibarker · Fri Sep 06, 2019 7:11 am

Route filters
* Wan1-out -- set 10.10.2.0/24 to as-prepend of 2
* Wan2-out -- set 103.107.224.0/23 to as-prepend of 2

That would mean that incoming traffic would

However for outgoing traffic I think you'd have to use routing marks if you only have one router, and from memory that involves using /routing bgp instance set routing-table=, and running two instances (presumably with ibgp between them)

I determined this was probably possible, but would be tricky, especially for people trying to understand what was happening in stressful cases, so opted for two routers, with WAN1 on one router, WAN2 on the other router, home traffic for WAN1 out on router 1, home traffic on WAN2 out on router 2, set weights, and ibgp between them.

You might be able to cheat by setting a static default route using
ip-mangle -- set routing mark on traffic from 103.10.... to "viaWAN2"
ip route -- add a default low metric to the WAN1 gateway and use check-gateway=ping
ip route -- add a default low metric to the WAN2 gateway for those marked "viaWAN2" and use check-gateway=ping
ip route -- add a default higher metric to the WAN2 gateway and use check-gateway=ping
ip route -- add a default higher metric to the WAN1 gateway for those marked "viaWAN2" and use check-gateway=ping

Although if BGP fails but the circuit doesn't, you may end up with unidirectional routes

Hopefully someone will come along and say "oh no, this is really standard, you just do $this and it works", as that would be really useful for me too!

Hi Pwuk,
Thanks for the insight!
You have given me a few paths to explore so Ill let you know what I find once have a chance to do some testing!

Cheers,

ahmadzai · Fri Sep 06, 2019 8:07 am

Your Question answer is well explained in following link Load Sharing Setup area and i have also deployed it in my ISP setup and running smoothly, kindly read it carefully and if you had any question feel free to let me know i will assist you.

https://wiki.mikrotik.com/wiki/Manual:S ... ultihoming

pwuk · Fri Sep 06, 2019 2:54 pm

First of all 10.10.... looks like is an Private IP, you cannot advertise them to BGP!

Of course you can

Here's one router I have

 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 ADb  0.0.0.0/0                          172.26.114.241           20
 1 ADb  10.67.57.0/24                      172.26.114.241           20
 2 ADb  10.168.30.0/24                     172.26.114.241           20
 3 ADb  10.169.42.9/32                     172.26.114.241           20

You probably won't find an ISP willing to take your 10.0.0.0/8 (or other RFC1918 addresses), but if you do then there's nothing to say you can't do it.

MichaelHallager · Sun Sep 08, 2019 6:51 am

First of all 10.10.... looks like is an Private IP, you cannot advertise them to BGP!
Of course you can

You probably won't find an ISP willing to take your 10.0.0.0/8 (or other RFC1918 addresses), but if you do then there's nothing to say you can't do it.

If you publicly announce RFC1918 space - in the vast majority of instances your bad/bogan routes will be simply dropped. In any other instances you will look like a muppet.

2 WAN BGP failover

2 WAN BGP failover

Re: 2 WAN BGP failover

Re: 2 WAN BGP failover

Re: 2 WAN BGP failover

Re: 2 WAN BGP failover

Re: 2 WAN BGP failover

Re: 2 WAN BGP failover

Who is online