To configure dual internet connections using BGP on a Cisco router for redundancy and failover, follow these key steps and considerations:
Basic BGP Configuration
Establish BGP Sessions with Both ISPs
Configure BGP neighbors using the ISPs’ AS numbers and your assigned ASN. For example:
router bgp 65001
neighbor 203.0.113.1 remote-as ISP1_ASN
neighbor 198.51.100.1 remote-as ISP2_ASN
address-family ipv4
network 192.0.2.0 mask 255.255.255.0 # Advertise your public subnet
exit-address-family
Replace ISP1_ASN and ISP2_ASN with the respective ISP AS numbers
Advertise Networks
Use the network command to announce your public IP ranges to both ISPs. Ensure both ISPs accept the advertised prefixes
Traffic Control and Path Selection
Outbound Traffic
Local Preference: Prioritize one ISP for outbound traffic by setting a higher local preference (default is 100):
route-map PREFER_ISP1 permit 10
set local-preference 200
!
router bgp 65001
neighbor 203.0.113.1 route-map PREFER_ISP1 in
This makes ISP1 the preferred path
Inbound Traffic
AS Path Prepending: Lengthen the AS path for the backup ISP to make the primary ISP more attractive:
route-map PREPEND_ISP2 out
set as-path prepend 65001 65001 65001
!
router bgp 65001
neighbor 198.51.100.1 route-map PREPEND_ISP2 out
This reduces the likelihood of inbound traffic using ISP2 unless ISP1 fails
Failover Mechanisms
BGP Conditional Advertisement
Advertise routes to the backup ISP only if the primary ISP’s BGP session fails:
router bgp 65001
neighbor 198.51.100.1 advertise-map ADVERTISE_ONLY_IF_ISP1_DOWN non-exist-map CHECK_ISP1
!
ip prefix-list ISP1_ROUTES seq 5 permit 203.0.113.0/24
!
route-map CHECK_ISP1 permit 10
match ip address prefix-list ISP1_ROUTES
!
route-map ADVERTISE_ONLY_IF_ISP1_DOWN permit 10
set ip address prefix-list YOUR_PUBLIC_SUBNET
This ensures ISP2 receives your prefix only when ISP1 is unavailable
Fast External Fall over
Enable rapid detection of link failures:
router bgp 65001
bgp fast-external-fallover
This terminates BGP sessions immediately if the physical interface goes down3.
Additional Considerations
- NAT Configuration: If using NAT, ensure the firewall or router translates internal addresses to the public IPs provided by the primary ISP. Verify the secondary ISP allows routing the primary’s IP range35.
- Default Routes: Receive default routes from both ISPs using
neighbor <IP> default-originateor configure static defaults with floating AD values for backup25. - Route Filtering: Use prefix-lists or route-maps to filter unwanted routes from ISPs to prevent becoming a transit AS5.
Verification Commands
- Check BGP neighbor status:
show ip bgp summary - Verify advertised/received routes:
show ip bgp neighbors <IP> advertised-routesshow ip bgp neighbors <IP> routes - Monitor path selection:
show ip bgp
By combining these techniques, you achieve redundancy, control traffic flow, and automate failover. Always coordinate with ISPs to ensure they accept your BGP policies
The Lazy Networker 
Leave a comment