Community discussions

 
christopherh
newbie
Topic Author
Posts: 29
Joined: Sun Feb 24, 2019 7:43 am
Location: Sydney, Australia

Monitoring of BGP session and VRRP Failover

Sun Feb 24, 2019 9:09 am

Hi All,

Just looking for some input/feedback into a BGP and VRRP setup I have with my upstream provider. Let me explain:

The Setup
Two VMs are configured as BGP routers. Both have BGP sessions configured to the carrier's router using IP address 203.0.113.22 (via multihop) to the same carrier and announcing upstream a /24 v4 and /48 v6. The carrier also requires a default route be configured (due to the multi-hop BGP). Each router has a public IP configured as below:
  • CR1 - IP: 192.0.2.1/24, Gateway: 192.0.2.254
  • CR2 - IP: 198.51.100.1/24, Gateway 198.51.100.254
VRRP is also configured between the two routers with a floating IP from the /24 and /48.

The Configuration
I have configured the two routers as follows:
  • Changed the default route on cr1 to the following (so that the BGP session can establish with the carrier but won't route any other internet traffic until the BGP session is up): dst-address - 203.0.113.22, gateway - 192.0.2.254.
  • Configured BGP on both cr1 and cr2 to announce the /24 and /48 to the carrier.
  • Configured VRRP over the private network to float the gateway IP from the /24 prefix I am announcing.
  • Configured NetWatch on cr1 to monitor 1.1.1.1 and change the VRRP priority when it is unable to reach 1.1.1.1.
I've confirmed that this configuration works by disabling the BGP session and seeing NetWatch not being able to monitor 1.1.1.1, and then changing the VRRP priority to preference cr2 as the master. When BGP on cr1 comes back up, NetWatch then changes the priority on the VRRP interface back to it's former glory, thereby moving the floating IP back.

The Question
Is there a better way of achieving this? Does anyone else have a similar setup and configured things a little differently? Please let me know below.

Thanks,
Christopher H.

*Note: All IPs used are example IPs taken from RFC 5737 with the exception of CloudFlare's DNS Server (1.1.1.1).

Who is online

Users browsing this forum: No registered users and 4 guests