BGP and fail over

Fri Aug 24, 2018 10:04 pm

Hello everyone

I will have two physical routes to same ISP (one route is active, and the other is passive for backup)
I will have two CCR1016, one connected to the active route, and the other one connected to the passive (backup) route, both with BGP session with my ISP.
I will use only Public IPs

I will use VRRP between both CCR1016, so just one CCR1016 will be the master and the other one will be the backup. If one CCR1016 die, the other one will take all the traffic and my services will still working.

The problem come when the first route (active route) have a physical cut and is unreachable, in that case in my side all the traffic is still going to Master CCR but the Master CCR dont have internet.

So, how I can configure in my Master Router, the option to detect if the BGP session is interrumped and then move all traffic to Backup CCR or in other words how I can change the state of my Backup Router to a Master Router and vice versa.

Is there a protocol to do that automatically or maybe I can have this working with a script that check ping response to the BGP router in the ISP side and when is unreachable will disable the vrrp1 interface so automatically the Backup Router will be the Master Router.

Thank you!
Re: BGP and fail over

Sat Aug 25, 2018 8:19 am

Netwatch tool could ping Google's DNS ( ) and adjust the VRRP priority higher or lower than your backup router:
/tool netwatch
add host= down-script="/int vrrp set [ find name=\"vrrp-vlan10\" ] priority=90" up-script="/int vrrp set [ find name=\"vrrp-vlan10\" ] priority=254"
Then set default priority of 100 on your standby router's vrrp interface.

This should actually work pretty well, as VRRP failover is usually around 3 seconds without reconvergence. Most people would recommend setting up iBGP sessions between your two routers though, possibly using a dedicated interconnect cable (check your router's block diagram to ascertain which ports wouldn't share bandwidth with the primary ports though - not applicable on CCRs where each port connects directly to the CPU).

Setting up iBGP:
Simply define BGP peers between the two routers with update source being set to the router's loopback IP.
Re: BGP and fail over

Fri Aug 31, 2018 5:52 pm

That's the most easy way of doing this, you'll need to enable OSPF as the IGP protocol to distribute the loopbacks interface and then you can configure iBGP between them, and also, you can try by developing the same idea to your entire network by using OSPF to control the loopbacks advertisements and convergency times; and iBGP to control the subnets using OSPF.
Re: BGP and fail over

Fri Aug 31, 2018 6:17 pm

Depending on network scheme i would use bfd and inject two defaults in IGP with different metrics. If there are more than two routers of course.

