bgp multihomed single site

Hello,
I am working with the ISPs for a bgp multihomed single site. Basically, my router will be connecting to 2 different ISPs (ISP1 & ISP2). I want to have a fail-over type of implementation. Is there any tutorial or sample bgp configs on this? I am using a public IP address block from ISP1, will it be a problem in advertising to ISP2? Thx
biggynetAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

giltjrCommented:
ISP2 must agree to do this.
0
arnoldCommented:
ISP1 must agree to this as well which requires that the IP segment they allocate to is not part of a larger segment.
I think these days, the BGP advertised network must be at least a /24, though it might have to be larger i.e. /23 etc.


In reality to achieve what you are looking for, you would likely have to obtain your own block of IPs from arin/ripe/apnet, etc. depending on where you are based and have the two ISPs agreeing to add your IP block to their BGP which would mean that they will establish a peering BGP session with you and will rebroadcast it up the chain (they will/should limit to make sure you do not mistakenly push a path that is not allocated to you by using a filter of the network that is expected from you.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
giltjrCommented:
Most ISP will not re-advertise anything smaller than a /24.

The min. block you can get from arin/ripe and the rest is a /21.  You also have to show that you are using good IP addressing practices, such as using private IP addressing internally and using many-to-one NAT when possible on the outside.  You also have to show you will use something like 70% of the public block within 2 years.

Typically your ISP's will work with you to get the proper setup for your routers.
0
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

biggynetAuthor Commented:
Yes they agree to do the multihomed. Is there any sample of config out there?
0
giltjrCommented:
Need a bit more information.

Which type and model router?

Do both links terminate in a single router, or do you have a unique router for each link?
0
biggynetAuthor Commented:
My Cisco 3825 will be connecting to 2 ISPs. ISP1 will be the primary and ISP2 will be the secondary for backup failover.
0
giltjrCommented:
Oh, do you have your own AS number?

Just as a F.Y.I, you really can't do a primary/backup.  You can specify which one you want preferred.  Normally the preferred route will be taken, but in some instances the non-preferred route will be used.  An example would be anybody that is directly connected to ISP2, will take ISP2's link to get to you.

Here is Cisco guide lines and steps:

http://www.cisco.com/en/US/docs/ios/12_2/ip/configuration/guide/1cfbgp.html
0
aleghartCommented:
ARIN is not handing out small /24 blocks.  They have large blocks available for ISPs.  Your ISP should issue you a /24 from their available blocks.

ISP2 will agree to publish that block, and may discontinue your old address blocks.

You'll need to apply to ARIN for your own ASN.  You first have to go through the steps of registering an Org and at least one contact.  The application for the ASN requires the /24 or bigger address block from ISP1, or a copy of the signed/executed service contract if you are in the waiting period before turning up new service.  You also need to provide a real-world contact (not just a customer service number or role) for each ISP so that ARIN can verify your accounts and IP address usage.

We're doing this niw with a new ISP.  Took 2-3 days to get the org and contact setup.  I am told that the AN application will take a week, once all of the info is complete.
0
biggynetAuthor Commented:
I already had the public AS number and the /24 block from the ISP1.
This linkhttp://www.cisco.com/en/US/docs/ios/12_2/ip/configuration/guide/1cfbgp.html does not have any multihomed single site config.
0
giltjrCommented:
Opps, sorry about that:

http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a008009456d.shtml

How much memory do you have?  Your best bet is to use the receiving default route only.

Depending on how much memory you have and how many direct attache routes your ISP has you might be able to get away with directly connect routes options.
0
biggynetAuthor Commented:
About the default route, full table, and partial table; how do I control that from the ISP. Do I just say what I want to the ISP and receive the routes from my router? Or do I have to do some filtering to make the route advertisement like what the way I want it.
0
giltjrCommented:
Best way is to get your ISP's just to feed you a default route.  

Of course (using the sample from the link) you can setup an ACL do block non-default route.
0
biggynetAuthor Commented:
Either I get the default or full bgp table from the ISP, do my internal network know how to get to me to get to the Internet? How will the redistribution from my router to the internal network? Thx
0
arnoldCommented:
Your internal network will be handled by your DHCP LAN setup
i.e. your router will have a WAN side that has two feeds and BGP peering sessions that will be receiving external paths.
Your LAN side interface likely using NAT with port/ip mapping as needed for external/public resources to access services on your internal system, web, email, etc.

Each ISP will have thieir individual likely /30 IP allocation
1 to your WAN one to their router and one for broadcast and network address while the /24 is mapped as accessible via their assigned WAN IP.
The WAN side will point to each interface to the ISP's router IP.

If you expect to handle VPN connection, you would need to make sure you maintain the path based on the manner it arrived i.e. if a connection came in via ISP2 it has to return the same way.

etc.
0
giltjrCommented:
To add just a bit to arnold's post.

Your internal computers should not be using your ISP's default route as they route.

In the worse situation your internal computers would point to your router's LAN side interface.
                                                              /----- ISP1 Link ---> ISP1 router
inside network <--> switch <--> 3825 <
                                                              \----- ISP2 Link ---> ISP2 router

As arnold stated, typically you would have some type of device internally NAT'ing your internal IP addresses to public.
0
biggynetAuthor Commented:
But if I have several routers in my internal network, do I have to go to each of them and configure the default gateway as my 3825 Internet router? Is there a redistribution statement from my Internet router that I can do to accomplish that? Thx
0
arnoldCommented:
What do you mean you have multiple routers?

Each router has to have the default gateway pointing to the router to which it is connected and is getting its feed.

router A => router B => Router C => router N
The default gateway from N will point to the IP of the RouterC
Router C will point to the IP of Router B, and router B to router A and if router A is facing the internet the default gateway will point to the IP of the Router of ISP1 and in the case of multiple providers will have a second default gateway of equal weight (for load balancing) or differing weight if using a preferred/failover to ISP2.
In using BGP peering, one might not have to setup default gateways on the internet facing router allowing for network conversion through BGP sessions.
0
biggynetAuthor Commented:
What I meant was can I redistribute a default route from my Internet router to my internal routers. That way I don't have to worry about going to all of my internal routers and configure the default gateway.
0
giltjrCommented:
You might have multiple routers within your network, but only ONE connects to the Internet.

All other routers must forward traffic to that one router.

Say you have

R1 <--> R2 <--> R3 <--> Internet <--> ISP's Router

R1 must point to R2 as its default route, R2 must point to R3.  R3 is where you are doing BGP with your ISP's.

If you try and set R1's default route to what you are getting from either of your ISP's it will not work, as R1 is not directly connected to your ISP's router.

If you are currently using the Internet, then there is NO change needed on your internal network.  You leave it alone.  The only change is to the router that connects directly to  your ISP's.
0
arnoldCommented:
It depends on your internal setup.
You do not need to pass external Networks which your internet facing router learns from the BGP peers.

You could use OSPF on the inside network to advertise paths through the various routers to get back to the internet facing one

but the OSPF will only deal with pushing internal and default paths without referencing external public IPs.

I gather your intenal router connection is more of a mesh rather than sequential giltjr and I presumed?

i.e. internet facing route has a connection feed to router a, router b, router C
then each of those has its own local LAN and each has a connection to the others?
i.e. in the event the feed from internet facing router to router a is 'cut', the path from LAN A will go up to route a and then will be routed through either router b or router c on its way back to the internet facing router.
in this setup the internet facing router will be pushing via OSPF the default gateway 0.0.0.0 0.0.0.0 to each of the three routers.
Each router will be pushing using OSPF their respective LAN and will retransmit the default gateway from the internet facing router.
and to the internet facing router each will be sending LAN ips which the others will retransmit to the internet facing one.
The complexity here this may involve double NAT i.e. each router might NAT the LAN
and the internet facing router will NAT the "management network"
0
giltjrCommented:
Just missed your post.

--> What I meant was can I redistribute a default route from my Internet router to my internal routers.

Well you could setup a dynamic routing protocol between all your internal routers.  But I'm not sure that would really accomplish anything. It would depend on your setup.

If you had a lot of internal routers that were connected to multiple other internal routers and you wanted automatically fail over.  Then doing something with eigrp would work.


--> That way I don't have to worry about going to all of my internal routers and configure the default gateway.

You still have to configure them for whatever dynamic routing protocol you are using.

However, if you are using them now, then they should have a default route already.
0
biggynetAuthor Commented:
I already have the multihomed failover implementation in place. But I am not sure for the outbound traffic. Both ISPs send me a default route, so how my router knows that it should send outbound traffic through the primary link and not the secondary link. I know that you use local preference if you have two routers. But in my case I only have router. So not sure what I should use. Thx
0
arnoldCommented:
The weighting you have in the peering BGP session is what determines the PATH.
I.e. part of your BGP configuration assigns a weight to each peer.

show ip route
you will see metrics/weight that will cover the path a packet would take based on that.
The lower the metric/weight the more preferred the path.
0
biggynetAuthor Commented:
My weight is set to its default so I have to set my weight so that the outbound traffic can take the primary connection. Correct?
0
arnoldCommented:
Usually one would leave the two connection with equal weight to distribute the traffic unless there is actual cost on one that does not exist on the other I.e. bandwidth cost on the secondary is higher.
If all it is, is outgoing traffic and there are no different in usage cost, the existing should be maintained. If one connection drop, the convergence will keep everything flowing through the remaining. A drop of the bgp peering session will behave the same as if the connection dropped.
0
biggynetAuthor Commented:
So the best practice is leave everything at its default and let the router routes the traffic based on BGP path selection. Correct?
0
arnoldCommented:
As I pointed out it depends on the costs incurred between the connections, yes.
0
giltjrCommented:
Are both links the same speed?

Do both links seem to have the same level of reliability?
0
biggynetAuthor Commented:
ISP1 provides 30mb. ISP2 provides 10mb. Level of reliability?
0
giltjrCommented:
Does one go up or down more often than the other one?

Does one have more dropped packets?

I personally would try and weight it so that ISP1 is favored.

Equal route costs when you have that much difference in speed can cause you problems.   ISP2's link could be saturated while ISP1's is only running at 30% busy.
0
biggynetAuthor Commented:
This will be new circuits so it will take sometimes to figure out the reliability.
0
biggynetAuthor Commented:
Will look into the issue
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking Protocols

From novice to tech pro — start learning today.