ISP Failover using BGP

Thanks.  So let's look at option #1.  Each Data Center has a different Internet Service Provider and different IP Block.

DataCenter#1 - 1.1.1.1/24 (IP Block)
DataCenter#2 - 2.2.2.2/24 (IP Block)

When you say fat pipe, do you mean I would have to have a separate internet connection between the datacenter's?

Option #2 is an option I have seen in most deployments, but is just a sloppy way of implementing data center fail-over in my opinion.

Check out "BGP Conditional Advertisement"
 http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a0080094309.shtml

Billy

Ok, so let's say Data Center 1 is using XO Communications for their ISP and Data Center 2 is using AT&T for their ISP.  If I want to use BGP, I know both ISP's will have to work together.  What the best way to get the ball rolling?  I know I will have to purchase an AS number.  Will I have to purchase an additional IP Block?  

When I say a fat pipe - I just mean a big pipe between the two locations that basically act as a trunk between the internal and DMZ networks.  It would be a layer 2 connection trunking the vlans between locations.  

Well most likely you will not get your own IP block at this point.  With option #2 you actually don't have to use BGP if you don't want to.  That is because the routing to the two different IP blocks is up all the time.  You are actually controlling where the traffic goes based on the DNS response.  So the public address space you have from both providers is advertised over the Internet all the time.  You configure the global load balancers to answer with specific IP address you want based on where you want the traffic to flow.  Like I said you might have everything go to data center #1 unless you need it to failover.  The global load balancers can talk to each other so they know there is a failure and can automatically start answering DNS queries with the ip address from the other location.

You only need an AS # if you will run BGP.  Since you will not be advertising the same public IP block out two different providers it is not necessary to run BGP unless you want to easily be able to stop the advertisement at any one location.

Ok I have a 20Mbps Internet Connection at Datacenter1 and a 20Mbps Internet connection at Datacenter2.  I have a VPN between the datacentes.  Could this VPN serve at the pipe between the datacenters or will I have to get another circuit for this?  

Well if you are using 2 different IP subnets the VPN service is fine.    If you were going to use the same IP addresses at both locations a VPN would not work.

Each location already has its own Public IP Block.

DataCenter 1 - 1.1.1.0/23
DataCetner 2 - 2.2.2.0/22

VPN will be fine for a backend connection between the data centers like you have it.

Lastly, how do NATs work when failover occurs?  Let's say I have the following NAT for my email server on my ASA in Datacenter 1:  
static (inside,outside) 1.1.1.2 10.8.0.2 netmask 255.255.255.255
So in DNS 1.1.1.2 is "mail.domain.com"

So what Happens when Datacenter 1 fails?  My Mail server is NAT'ed to an IP in datacenter 1, but now has to work in datacenter 2.  

Sorry for all the questions I'm just starting to learn BGP.  I'm in the process of reading a book trying to learn more.  Thanks for all your guidance this far.

Well you would have an ASA in each datacenter.  The ASAs would NOT be in a failover pair.  So at datacenter 1 you have 1.1.1.2 mapped to the mail server in datacenter 1.  At datacenter 2 you would have 2.2.2.2 mapped to the mail server in datacenter 2.

In the event that datacenter 1 went downy the global load balancers acting as the authoritative name server would then start responding to dns queries by answering with the 2.2.2.2 address.

What type of Global Load Balancers to you recommend?  Just curious so I can research and learn more about them.  Thanks.

Thanks for your input.  I appreciate you help.