Description
This article describes how to achieve load balancing between two EBGP speakers over parallel links.
Solution
Basic understanding of EBGP Multhop Load-Balancing.
- The multihop is only for EBGP and not for IBGP
- Generally, EBGP selects one of the link to send packets due to which the load balancing does not work.
- If in case there is multiple physical link between the BGP peer unit then instead of creating the separate EBGP peering for each link, it is possible to configure only one EBGP peering session with the loopback address of remote unit.
- The remote unit loopback has to be reachable from the local unit with either static routes or an IGP with equal-cost paths which help to load-balance the traffic among the multiple physical links between the units.
- The main benefit of EBGP multihop is that even though one of the physical links fails, reachability still exists on the alternate link.
Diagram.
This article describes how to achieve load balancing between two EBGP speakers over parallel links.
Solution
Basic understanding of EBGP Multhop Load-Balancing.
- The multihop is only for EBGP and not for IBGP
- Generally, EBGP selects one of the link to send packets due to which the load balancing does not work.
- If in case there is multiple physical link between the BGP peer unit then instead of creating the separate EBGP peering for each link, it is possible to configure only one EBGP peering session with the loopback address of remote unit.
- The remote unit loopback has to be reachable from the local unit with either static routes or an IGP with equal-cost paths which help to load-balance the traffic among the multiple physical links between the units.
- The main benefit of EBGP multihop is that even though one of the physical links fails, reachability still exists on the alternate link.
Diagram.
Configuring EBGP Multihop.
- Configure 'FGT-A' with two static routes to reach remote Loopback IP 10.10.10.40. One path via 192.168.1.2 and the other path via 192.168.2.2.
- Likewise, Configure 'FGT-B' with two static routes to reach remote Loopback IP 10.10.10.20. One path via 192.168.1.1 and the other path via 192.168.2.1.
- Configure EBGP session using the update-source as 'loopback' to use it as source for EBGP instead of physical interface IP.
- Enable 'ebgp-enforce-multihop. to allow EBGP multihop.
- When 'ebgp-enforce-multihop' command is enabled, the FortiOS by default sets the ebgp-multihop-ttl value of 255.
FGT-A Configuration.
- Likewise, Configure 'FGT-B' with two static routes to reach remote Loopback IP 10.10.10.20. One path via 192.168.1.1 and the other path via 192.168.2.1.
- Configure EBGP session using the update-source as 'loopback' to use it as source for EBGP instead of physical interface IP.
- Enable 'ebgp-enforce-multihop. to allow EBGP multihop.
- When 'ebgp-enforce-multihop' command is enabled, the FortiOS by default sets the ebgp-multihop-ttl value of 255.
FGT-A Configuration.
# config system interfaceFGT-B Configuration.
edit "loopback"
set vdom "root"
set ip 10.10.10.20 255.255.255.255
set allowaccess ping
set type loopback
next
end
# config router bgp
set as 20
# config neighbor
edit "10.10.10.40"
set ebgp-enforce-multihop enable
set remote-as 40
set update-source "loopback"
set ebgp-multihop-ttl 255
next
end
# config network
edit 1
set prefix 172.16.1.0 255.255.255.0
next
end
# config router static
edit 1
set dst 10.10.10.40
set gateway 192.168.1.2
set device "wan1"
next
edit 2
set dst 10.10.10.40
set gateway 192.168.2.2
set device "wan2"
next
end
# config system interface
edit "loopback"
set vdom "root"
set ip 10.10.10.40 255.255.255.255
set allowaccess ping
set type loopback
next
end
# config router bgp
set as 40
# config neighbor
edit "10.10.10.20"
set ebgp-enforce-multihop enable
set remote-as 20
set update-source "loopback"
set ebgp-multihop-ttl 255
next
end
# config network
edit 1
set prefix 172.16.2.0 255.255.255.0
next
end
# config router static
edit 1
set dst 10.10.10.20
set gateway 192.168.1.1
set device "wan1"
next
edit 2
set dst 10.10.10.20
set gateway 192.168.2.1
set device "wan2"
next
end
