What is Multi-homing ? Multi-homing means having multiple connections to the Internet. What is HSRP?

Hot Standby Router Protocol (HSRP) allows routers use a shared IP or Virtual IP that act as a single virtual router, maintaining connectivity even if the first hop router fails, because other router is on hot standby Why do I need BGP and HSRP configured on the same routers?

In the event of a failure of connectivity toward one ISP, the traffic is rerouted dynamically through the other ISP with the BGP Hot Standby Router Protocol (HSRP) tracks the primary link to the main ISP and notifies the hot standby router when there is loss of connectivity toward the primary ISP. Thanks to dynamips and GNS3 projects developers who made it possible to test the Ciscos IOS and Juniper platform functionality before deploying configurations to the actual production network.

Project goal
Configure two routers as our edge network devices with Multi-homed BGP and provide connectivity from the inside network via the HSRP Virtual IP Address (VIP)

Logical diagram

BGP/HSRP Logical Diagram In the above diagram we have a router configured as the Internet cloud with AS400, ISP1 with AS200, ISP2 with AS300 and Primary and Secondary routers with AS100 Behind the switch we have a LAN or Firewall router that provides NAT, ACL etc to end devices on the network when traffic is requested toward the Internet. The Internet router is configured with three interfaces; 1- FastEthernet0/0 connect to the connected to ISP1 with an IP address of 192.168.100.1 and netmask of 255.255.255.0 or /24 CIDR 2- FastEthernet0/1 connect to the connected to ISP2 with an IP address of 192.168.200.1 and netmask of 255.255.255.0 or /24 CIDR

3- loopback1 interface 10.0.0.1 255.255.255.0 we going to advertise through the two ISPs neighbors Internet Router Configurations
interface Loopback1 ip address 10.0.0.1 255.0.0.0 ! interface FastEthernet0/0 ip address 192.168.100.1 255.255.255.0 duplex auto speed auto ! interface FastEthernet0/1 ip address 192.168.200.1 255.255.255.0 duplex auto speed auto ! router bgp 400 no synchronization bgp log-neighbor-changes network 10.0.0.0 network 192.168.100.0 network 192.168.200.0 neighbor 192.168.100.10 remote-as 200 neighbor 192.168.200.10 remote-as 300 no auto-summary !

ISP1 1- FastEthernet0/1 connect to the Internet router 2- FastEthernet0/0 connect to Primary Router
ISP1 Router Configurations interface FastEthernet0/0 ip address 172.16.100.1 255.255.255.0 duplex auto speed auto ! interface FastEthernet0/1 ip address 192.168.100.10 255.255.255.0 duplex auto speed auto ! router bgp 200 no synchronization bgp log-neighbor-changes network 172.16.100.0 mask 255.255.255.0 network 192.168.100.0 neighbor 172.16.100.10 remote-as 100 neighbor 172.16.100.10 password cisco neighbor 192.168.100.1 remote-as 400 no auto-summary !

ISP2 1- FastEthernet0/1 connect to the Internet router 2- FastEthernet0/0 connect to Secondary Router
ISP2 Router Configurations

interface FastEthernet0/0 ip address 172.16.200.1 255.255.255.0 duplex auto speed auto ! interface FastEthernet0/1 ip address 192.168.200.10 255.255.255.0 duplex auto speed auto ! router bgp 300 no synchronization bgp log-neighbor-changes network 172.16.200.0 mask 255.255.255.0 network 192.168.200.0 neighbor 172.16.200.10 remote-as 100 neighbor 172.16.200.10 password cisco neighbor 192.168.200.1 remote-as 400 no auto-summary !

Primary Router 1- FastEthernet0/1 connect to ISP1 2- FastEthernet0/0 connect to the LAN Switch FastEthernet0/0 is configured with HSRP as primary interface or Active interface for the inside traffic 3- Loopback0 for iBGP traffic between Primary and Secondary routers
Primary Router Configuration interface Loopback0 description iBGP ip address 1.1.1.1 255.255.255.252 ! interface FastEthernet0/0 ip address 192.168.1.1 255.255.255.0 duplex auto speed auto standby 1 ip 192.168.1.3 standby 1 priority 105 standby 1 preempt delay minimum 60 standby 1 track FastEthernet0/1 ! interface FastEthernet0/1 description WAN ip address 172.16.100.10 255.255.255.0 duplex auto speed auto ! router bgp 100 no synchronization bgp log-neighbor-changes bgp maxas-limit 10 network 192.168.1.0 neighbor 1.1.1.2 remote-as 100 neighbor 1.1.1.2 description iBGP with our other Secondary Router neighbor 1.1.1.2 update-source Loopback0 neighbor 1.1.1.2 version 4 neighbor 1.1.1.2 next-hop-self neighbor 1.1.1.2 soft-reconfiguration inbound neighbor 1.1.1.2 maximum-prefix 250000 neighbor 172.16.100.1 remote-as 200 neighbor 172.16.100.1 description ISP1

neighbor 172.16.100.1 password cisco neighbor 172.16.100.1 version 4 neighbor 172.16.100.1 soft-reconfiguration inbound neighbor 172.16.100.1 prefix-list announce out neighbor 172.16.100.1 maximum-prefix 250000 no auto-summary ! ip route 1.1.1.2 255.255.255.255 192.168.1.2 ip route 192.168.1.0 255.255.255.0 192.168.1.10 ! ip prefix-list announce description Our allowed routing announcements ip prefix-list announce seq 5 permit 192.168.1.0/24 ip prefix-list announce seq 10 deny 0.0.0.0/0 le 32 !

In the above configuration you noticed we only announcing out only our Net block 192.168.1.0/24 The HSRP is also tracking out link to ISP1 In case the link goes does the router become the standby HSRP and the Secondary router become active. Secondary Router 1- FastEthernet0/1 connect to ISP2 2- FastEthernet0/0 connect to the LAN Switch FastEthernet0/0 is configured with HSRP as Secondary interface or hot standby interface for the inside traffic 3- Loopback0 for iBGP traffic between Primary and Secondary routers
Secondary Router Configuration interface Loopback0 description iBGP ip address 1.1.1.2 255.255.255.252 ! interface FastEthernet0/0 description LAN ip address 192.168.1.2 255.255.255.0 duplex auto speed auto standby 1 ip 192.168.1.3 standby 1 preempt ! interface FastEthernet0/1 description WAN ip address 172.16.200.10 255.255.255.0 duplex auto speed auto ! router bgp 100 no synchronization bgp log-neighbor-changes network 192.168.1.0 neighbor 1.1.1.1 remote-as 100 neighbor 1.1.1.1 description iBGP with our other Primary Router neighbor 1.1.1.1 update-source Loopback0 neighbor 1.1.1.1 version 4 neighbor 1.1.1.1 next-hop-self neighbor 1.1.1.1 soft-reconfiguration inbound neighbor 1.1.1.1 maximum-prefix 250000 neighbor 172.16.200.1 remote-as 300 neighbor 172.16.200.1 description eBGP with ISP2 neighbor 172.16.200.1 password cisco123

neighbor 172.16.200.1 version 4 neighbor 172.16.200.1 prefix-list announce out neighbor 172.16.200.1 route-map eBGP_ACL out no auto-summary ! ip route 1.1.1.1 255.255.255.255 192.168.1.1 ! ! ip prefix-list announce description Our allowed routing announcements ip prefix-list announce seq 5 permit 192.168.1.0/24 ip prefix-list announce seq 10 deny 0.0.0.0/0 le 32 access-list 1 permit 192.168.1.0 0.0.0.255 ! route-map eBGP_ACL permit 10 match ip address 1 set as-path prepend 100 !

Notice in the above configuration the HSRP preempt is lower and we have additional route-map to prepend BGP, which tell the router this is longer path to the Internet. LAN Router One interface configured to route traffic to the HSRP VIP or virtual ip address. If one router goes off-line the other router become active and keeps the VIP as a default gateway for our LAN traffic from and to the Internet.
LAN Router Configurations interface Loopback10 ip address 192.168.50.1 255.255.255.0 ip nat inside ip virtual-reassembly ! interface FastEthernet0/0 ip address 192.168.1.10 255.255.255.0 ip nat outside ip virtual-reassembly duplex auto speed auto ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 192.168.1.3 ! ! ip http server no ip http secure-server ip nat pool swimmingpool 192.168.1.100 192.168.1.200 netmask 255.255.255.0 ip nat inside source list 10 pool swimmingpool overload ! access-list 10 permit 192.168.50.0 0.0.0.255 !

Traffic from loopback interface is NATed and routed to the Internet. Download GNS3 Topology and configuration attachment

What should we do next?

Well, since youve made it to the end of this post, you might be interested in these related articles and resources. Howto Virtual Routing and Forwarding Lite (VRF-lite)