BGP Dual Homed Connection

[fromero]

Hello everyone!

We have an IP Transit with an ISP with two connections (Dual Homed). For each connection we raise two peers.
The idea is that it works as an active - passive model. Let everything come out through one connection and let the other be the secondary connection and only be used when the main connection goes down.

What did we do? A route-map with a local preference applied to the peer of the primary connection to control the upstream and a route-map with an as path preprend applied to the peer of the secondary connection to control the downstream.


//Route-Map Local Preference for peer ISP primary connection
vrf Servicio_TIP ip bgp policy route-map Primary Connection 100
vrf Servicio_TIP ip bgp policy route-map Primary Connection 100 lpref 500
vrf Servicio_TIP ip bgp policy route-map Primary Connection 100 weight 500

//Route-Map As Prepend for peer ISP secondary connection
vrf Servicio_TIP ip bgp policy route-map Secondary connection 100
vrf Servicio_TIP ip bgp policy route-map Secondary connection 100 asprepend "1234 1234 1234 1234"

//Route-Map Local Preference apply to peer ISP primary connection
vrf Servicio_TIP ip bgp neighbor 181.20.2.120 remote-as 1234
vrf Servicio_TIP ip bgp neighbor 181.20.2.120 description "Primary Connection"
vrf Servicio_TIP ip bgp neighbor 181.20.2.120 route-map Primary Connection in
vrf Servicio_TIP ip bgp neighbor 181.20.2.120 admin-state enable

//Route-Map AS Prepend apply to peer ISP secondary connection
vrf Servicio_TIP ip bgp neighbor 186.10.3.110 remote-as 1234
vrf Servicio_TIP ip bgp neighbor 186.10.3.110 description "Secondary connection"
vrf Servicio_TIP ip bgp neighbor 186.10.3.110 route-map Secondary connection out
vrf Servicio_TIP ip bgp neighbor 186.10.3.110 admin-state enable


This doesn't work from what we see. Does anyone know where the problem is or how to deal with it?

[Gleylancer]

Do not use a switch as a router, ESPECIALLY not for ISP connections. It does not get any more insecure than this. Buy a firewall.