From: Anthony Pace (anthonypace@fastmail.fm)
Date: Wed Jun 02 2004 - 13:41:26 GMT-3
Todd,
I did someting similar in another configuration to what you described and
I traffic "shared". What I did was Announce some address space via one
provider and some address space via the other(really both, but with
opposite prepends). (useing prepends and Local preference let me
influence the traffic while allowing full redundancy)
Used policy routing to control the EGRESS traffic.I had all of the EGRESS
traffic being spit out of one Firewall but two routers (1 to each ISP)
were upstream. The router which was primary HSRP was allowed traffc
sourced form address-space-1 to go out provider-1 but policy routed
traffc sourced form address-space-2 over to the other router to take
router-2's default from provider-2.
My explanation here is not great, but there was traffic sharing as well
as redundacy but there were some issues to overcome in the up/down
scenario.
Anthony Pace
On Wed, 2 Jun 2004 10:47:16 -0400, "Todd Veillette"
<tveillette@myeastern.com> said:
> Anthony,
>
> Just some feedback on how ours is set up. 2 providers - 2 full class C's
> one
> from each provider and went through the steps you describe below. (ARIN
> to
> get AS and RadB for your blocks). We asked each ISP to accept the other's
> Class C. We run 2 identical border routers, multiple connections on each
> to
> each ISP, take partial tables from each, run our AS and iBGP between
> multiple trunked switches links on our side of the border routers. We set
> up
> whatever th provider wanted as far as communities, bgp filtering, etc. We
> manually tweaked our routes using various looking glass sites as best we
> could, and we have multiple vlan/dmz's for different security zones
> inside
> all somewhat manual for redundancy using hsrp, to evenly distribute
> bandwidth thru the ISP's connections.
>
> On the plus side, uptime is solid, complexity is one drawback.
>
> Now we have another Class C at another location, and we are looking at
> setting this up for "global" redundancy. Haven't even looked at this, nor
> do
> I know if I want to.
>
> -TV
>
>
>
> ----- Original Message -----
> From: "Anthony Pace" <anthonypace@fastmail.fm>
> To: "Howard C. Berkowitz" <hcb@gettcomm.com>; <ccielab@groupstudy.com>
> Sent: Tuesday, June 01, 2004 1:56 PM
> Subject: RE: BGP customers?
>
>
> > These are my experiences multi-holming with BGP ( I would love to hear
> > comments on the architectures below)
> >
> > There are several steps I had to go through to be up and running on
> > redundant ISP's via BGP (and I'm not sure I have seen them documented or
> > summarized in one place.)
> >
> > - ARIN registration for ASN
> > - Contracts with ISP's
> > - Get address space from providers (unless you can get your own block)
> > - Register ASN and all address blocks with RadB
> >
> > This much was a prerequisite for even beginning the discussion of BGP (as
> > well as a bunch of paperwork)
> >
> > If you use DNS for all of the "connections started by others" then
> > provider address space is just as good as having your own; but if allot
> > of IP address's are hard coded alot of places, then you may have to do
> > some work if you want to switch providers, or if they re-po the address
> > space (which can happen)
> >
> > Most of the discussion on this list is pretty much the Halabi
> > primary/fail over architecture, but in an effort to "not waste the
> > redundant link" I have experimented with the following:
> >
> > - Announce address space out of 1 provider and send EGRESS traffic out
> > the other. (Allot of people said this was asymmetrical routing but the
> > LAN was downstream of both routers doing this so it was quite symmetrical
> > by the time it came down into the firewall.)(this was true load balancing
> > and I am inclined to think that people who were critical of it were,
> > perhaps, just regurgitating something they heard someone else say)
> >
> > - Announce some address space via one provider and some address space via
> > the other. Use policy routing to control the EGRESS traffic. (use
> > prepends and Local preference to influence the traffic while allowing
> > full redundancy)
> >
> > - take in full routes from 2 providers on 2 routers and also peer them
> > with each other. Let the traffic come and go however it wants to.
> >
> > - take in partial routes + default route from 2 providers. Let the
> > traffic come and go however it wants to.
> >
> > Anthony Pace CCIE 10349
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > On Sat, 29 May 2004 13:49:30 -0400, "Howard C. Berkowitz"
> > <hcb@gettcomm.com> said:
> > > At 7:24 AM -0700 5/29/04, Tom Rogers wrote:
> > > >Howard,
> > > >We were thinking of multihoming. I have few questions to ask U.
> > > >1)Do we have to justify for desiring an AS , IIRC from ARIN ?
> > >
> > > Yes, but multihoming to two or more ISPs is generally adequate. Do
> > > note that they typically won't give you the ASN until you can show
> > > them contracts for the connections, often to be installed within a
> > > month.
> > >
> > > >2)Where do we get the independent network #s?
> > >
> > > I'm not sure I understand. You can multihome perfectly well with
> > > provider-assigned address space, as long as both providers agree to
> > > advertise address space from one provider's address space. Both
> > > providers _must_ advertise your /24 or equivalent as well as their
> > > less-specifics.
> > >
> > > >3)Will my 2 diiferent ISPs route my class c network? (I was reading
> > > >in the group somewhere that only /19 re routable..
> > >
> > > Nothing is ever certain, but there's an increasing tendency to let
> > > multihomed /24 through. Realistically, you must coordinate with both
> > > ISPs when multihoming. One of the things that makes it more likely
> > > for your address space is that both ISPs include it in their
> > > publically accessible routing policy in one of the public routing
> > > registries.
> > >
> > > >
> > > >Thanx in advance
> > > >Tom
> > > >
> > > >"Howard C. Berkowitz" <hcb@gettcomm.com> wrote:
> > > >
> > > >At 9:44 PM -0400 5/28/04, Peter van Oene wrote:
> > > >>At 04:20 PM 5/28/2004, MMoniz wrote:
> > > >>>Also in the real world, most ISP's will offer to advertise either
> customer
> > > >>>only or all routes.
> > > >>>I would assume they accomplish this with an AS-path filter to you!
> Much
> > > >>>simpler!!
> > > >>
> > > >>usually communities if they are clueful.
> > > >
> > > >Peter, did you just use "clueful ISP practice" in the same thought as
> > > >"CCIE lab"?
> > > >
> > > >>
> > > >>>Just as you can filter the same with an AS-path filter from your ISP.
> > > >>
> > > >>agree
> > > >>
> > > >>>We have this exact scenario where we are multihomed with our own AS
> and
> > > >>>accept full routes. In fact if
> > > >>>you are multihomed I think you must have your own AS, or an agreement
> > > >>>between your different ISP's.
> > > >
> > > >It's really not that difficult to get an AS -- $500 per year, IIRC
> > > >from ARIN and probably about the same from the other routing
> > > >registries. RIPE-NCC requires and ARIN recommends that you register
> > > >your routing policy in their routing registry database -- and if you
> > > >don't know how to do that, you really shouldn't be running BGP in the
> > > >Internet. A competent consultant can set up a reasonable multihoming
> > > >policy and do your application in under a day. Get a consultant and
> > > >watch closely -- make training a part of the contract.
> > > >
> > > >_______________________________________________________________________
> > > >Please help support GroupStudy by purchasing your study materials from:
> > > >http://shop.groupstudy.com
> > > >
> > > >Subscription information may be found at:
> > > >http://www.groupstudy.com/list/CCIELab.html
> > > >
> > > >
> > > >
> > > >Do you Yahoo!?
> > > >Friends. Fun. <http://messenger.yahoo.com/>Try the all-new Yahoo!
> Messenger
> > >
> > > _______________________________________________________________________
> > > Please help support GroupStudy by purchasing your study materials from:
> > > http://shop.groupstudy.com
> > >
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> > --
> > Anthony Pace
> > anthonypace@fastmail.fm
> >
> > --
> > http://www.fastmail.fm - Faster than the air-speed velocity of an
> > unladen european swallow
> >
> > _______________________________________________________________________
> > Please help support GroupStudy by purchasing your study materials from:
> > http://shop.groupstudy.com
> >
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
>
-- Anthony Pace anthonypace@fastmail.fm-- http://www.fastmail.fm - Access your email from home and the web
This archive was generated by hypermail 2.1.4 : Sat Jul 03 2004 - 19:40:31 GMT-3