Page 1 of 1
2 WAN BGP failover
Posted: Wed Sep 04, 2019 5:44 am
by saibarker
Hi,
I have a bit of an odd scenario..
I have 2x WAN connections which both advertise the 103.107.224.0/23 network with AS 123456 via BGP. WAN1 is SFP1 and WAN2 is SFP2
I have local subnet 10.10.2.0/24 and 103.107.224.0/23
I want 103.107.224.0/23 to primarily use the WAN1 connection and failover to WAN2 if WAN1 fails
I also want 10.10.2.0/24 to primarily use the WAN2 connection and failover to WAN1 if WAN2 fails.
Can this be done on my CCR1036? if so what would a config look like?
Thanks in advanced,
Re: 2 WAN BGP failover
Posted: Thu Sep 05, 2019 10:54 am
by pwuk
Route filters
* Wan1-out -- set 10.10.2.0/24 to as-prepend of 2
* Wan2-out -- set 103.107.224.0/23 to as-prepend of 2
That would mean that incoming traffic would
However for outgoing traffic I think you'd have to use routing marks if you only have one router, and from memory that involves using /routing bgp instance set routing-table=, and running two instances (presumably with ibgp between them)
I determined this was probably possible, but would be tricky, especially for people trying to understand what was happening in stressful cases, so opted for two routers, with WAN1 on one router, WAN2 on the other router, home traffic for WAN1 out on router 1, home traffic on WAN2 out on router 2, set weights, and ibgp between them.
You might be able to cheat by setting a static default route using
ip-mangle -- set routing mark on traffic from 103.10.... to "viaWAN2"
ip route -- add a default low metric to the WAN1 gateway and use check-gateway=ping
ip route -- add a default low metric to the WAN2 gateway for those marked "viaWAN2" and use check-gateway=ping
ip route -- add a default higher metric to the WAN2 gateway and use check-gateway=ping
ip route -- add a default higher metric to the WAN1 gateway for those marked "viaWAN2" and use check-gateway=ping
Although if BGP fails but the circuit doesn't, you may end up with unidirectional routes
Hopefully someone will come along and say "oh no, this is really standard, you just do $this and it works", as that would be really useful for me too!
Re: 2 WAN BGP failover
Posted: Thu Sep 05, 2019 12:04 pm
by ingdaka
First of all 10.10.... looks like is an Private IP, you cannot advertise them to BGP!
Re: 2 WAN BGP failover
Posted: Fri Sep 06, 2019 7:11 am
by saibarker
Route filters
* Wan1-out -- set 10.10.2.0/24 to as-prepend of 2
* Wan2-out -- set 103.107.224.0/23 to as-prepend of 2
That would mean that incoming traffic would
However for outgoing traffic I think you'd have to use routing marks if you only have one router, and from memory that involves using /routing bgp instance set routing-table=, and running two instances (presumably with ibgp between them)
I determined this was probably possible, but would be tricky, especially for people trying to understand what was happening in stressful cases, so opted for two routers, with WAN1 on one router, WAN2 on the other router, home traffic for WAN1 out on router 1, home traffic on WAN2 out on router 2, set weights, and ibgp between them.
You might be able to cheat by setting a static default route using
ip-mangle -- set routing mark on traffic from 103.10.... to "viaWAN2"
ip route -- add a default low metric to the WAN1 gateway and use check-gateway=ping
ip route -- add a default low metric to the WAN2 gateway for those marked "viaWAN2" and use check-gateway=ping
ip route -- add a default higher metric to the WAN2 gateway and use check-gateway=ping
ip route -- add a default higher metric to the WAN1 gateway for those marked "viaWAN2" and use check-gateway=ping
Although if BGP fails but the circuit doesn't, you may end up with unidirectional routes
Hopefully someone will come along and say "oh no, this is really standard, you just do $this and it works", as that would be really useful for me too!
Hi Pwuk,
Thanks for the insight!
You have given me a few paths to explore so Ill let you know what I find once have a chance to do some testing!
Cheers,
Re: 2 WAN BGP failover
Posted: Fri Sep 06, 2019 8:07 am
by ahmadzai
Your Question answer is well explained in following link Load Sharing Setup area and i have also deployed it in my ISP setup and running smoothly, kindly read it carefully and if you had any question feel free to let me know i will assist you.
https://wiki.mikrotik.com/wiki/Manual:S ... ultihoming
Re: 2 WAN BGP failover
Posted: Fri Sep 06, 2019 2:54 pm
by pwuk
First of all 10.10.... looks like is an Private IP, you cannot advertise them to BGP!
Of course you can
Here's one router I have
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 ADb 0.0.0.0/0 172.26.114.241 20
1 ADb 10.67.57.0/24 172.26.114.241 20
2 ADb 10.168.30.0/24 172.26.114.241 20
3 ADb 10.169.42.9/32 172.26.114.241 20
You probably won't find an ISP willing to take your 10.0.0.0/8 (or other RFC1918 addresses), but if you do then there's nothing to say you can't do it.
Re: 2 WAN BGP failover
Posted: Sun Sep 08, 2019 6:51 am
by MichaelHallager
First of all 10.10.... looks like is an Private IP, you cannot advertise them to BGP!
Of course you can
You probably won't find an ISP willing to take your 10.0.0.0/8 (or other RFC1918 addresses), but if you do then there's nothing to say you can't do it.
If you publicly announce RFC1918 space - in the vast majority of instances your bad/bogan routes will be simply dropped. In any other instances you will look like a muppet.