biggynet
asked on
bgp multihomed single site
Hello,
I am working with the ISPs for a bgp multihomed single site. Basically, my router will be connecting to 2 different ISPs (ISP1 & ISP2). I want to have a fail-over type of implementation. Is there any tutorial or sample bgp configs on this? I am using a public IP address block from ISP1, will it be a problem in advertising to ISP2? Thx
I am working with the ISPs for a bgp multihomed single site. Basically, my router will be connecting to 2 different ISPs (ISP1 & ISP2). I want to have a fail-over type of implementation. Is there any tutorial or sample bgp configs on this? I am using a public IP address block from ISP1, will it be a problem in advertising to ISP2? Thx
giltjr
ISP2 must agree to do this.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Yes they agree to do the multihomed. Is there any sample of config out there?
Need a bit more information.
Which type and model router?
Do both links terminate in a single router, or do you have a unique router for each link?
Which type and model router?
Do both links terminate in a single router, or do you have a unique router for each link?
ASKER
My Cisco 3825 will be connecting to 2 ISPs. ISP1 will be the primary and ISP2 will be the secondary for backup failover.
Oh, do you have your own AS number?
Just as a F.Y.I, you really can't do a primary/backup. You can specify which one you want preferred. Normally the preferred route will be taken, but in some instances the non-preferred route will be used. An example would be anybody that is directly connected to ISP2, will take ISP2's link to get to you.
Here is Cisco guide lines and steps:
http://www.cisco.com/en/US/docs/ios/12_2/ip/configuration/guide/1cfbgp.html
Just as a F.Y.I, you really can't do a primary/backup. You can specify which one you want preferred. Normally the preferred route will be taken, but in some instances the non-preferred route will be used. An example would be anybody that is directly connected to ISP2, will take ISP2's link to get to you.
Here is Cisco guide lines and steps:
http://www.cisco.com/en/US/docs/ios/12_2/ip/configuration/guide/1cfbgp.html
ARIN is not handing out small /24 blocks. They have large blocks available for ISPs. Your ISP should issue you a /24 from their available blocks.
ISP2 will agree to publish that block, and may discontinue your old address blocks.
You'll need to apply to ARIN for your own ASN. You first have to go through the steps of registering an Org and at least one contact. The application for the ASN requires the /24 or bigger address block from ISP1, or a copy of the signed/executed service contract if you are in the waiting period before turning up new service. You also need to provide a real-world contact (not just a customer service number or role) for each ISP so that ARIN can verify your accounts and IP address usage.
We're doing this niw with a new ISP. Took 2-3 days to get the org and contact setup. I am told that the AN application will take a week, once all of the info is complete.
ISP2 will agree to publish that block, and may discontinue your old address blocks.
You'll need to apply to ARIN for your own ASN. You first have to go through the steps of registering an Org and at least one contact. The application for the ASN requires the /24 or bigger address block from ISP1, or a copy of the signed/executed service contract if you are in the waiting period before turning up new service. You also need to provide a real-world contact (not just a customer service number or role) for each ISP so that ARIN can verify your accounts and IP address usage.
We're doing this niw with a new ISP. Took 2-3 days to get the org and contact setup. I am told that the AN application will take a week, once all of the info is complete.
ASKER
I already had the public AS number and the /24 block from the ISP1.
This linkhttp://www.cisco.com/en/US/docs/ios/12_2/ip/configuration/guide/1cfbgp.html does not have any multihomed single site config.
This linkhttp://www.cisco.com/en/US/docs/ios/12_2/ip/configuration/guide/1cfbgp.html does not have any multihomed single site config.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
About the default route, full table, and partial table; how do I control that from the ISP. Do I just say what I want to the ISP and receive the routes from my router? Or do I have to do some filtering to make the route advertisement like what the way I want it.
Best way is to get your ISP's just to feed you a default route.
Of course (using the sample from the link) you can setup an ACL do block non-default route.
Of course (using the sample from the link) you can setup an ACL do block non-default route.
ASKER
Either I get the default or full bgp table from the ISP, do my internal network know how to get to me to get to the Internet? How will the redistribution from my router to the internal network? Thx
Your internal network will be handled by your DHCP LAN setup
i.e. your router will have a WAN side that has two feeds and BGP peering sessions that will be receiving external paths.
Your LAN side interface likely using NAT with port/ip mapping as needed for external/public resources to access services on your internal system, web, email, etc.
Each ISP will have thieir individual likely /30 IP allocation
1 to your WAN one to their router and one for broadcast and network address while the /24 is mapped as accessible via their assigned WAN IP.
The WAN side will point to each interface to the ISP's router IP.
If you expect to handle VPN connection, you would need to make sure you maintain the path based on the manner it arrived i.e. if a connection came in via ISP2 it has to return the same way.
etc.
i.e. your router will have a WAN side that has two feeds and BGP peering sessions that will be receiving external paths.
Your LAN side interface likely using NAT with port/ip mapping as needed for external/public resources to access services on your internal system, web, email, etc.
Each ISP will have thieir individual likely /30 IP allocation
1 to your WAN one to their router and one for broadcast and network address while the /24 is mapped as accessible via their assigned WAN IP.
The WAN side will point to each interface to the ISP's router IP.
If you expect to handle VPN connection, you would need to make sure you maintain the path based on the manner it arrived i.e. if a connection came in via ISP2 it has to return the same way.
etc.
To add just a bit to arnold's post.
Your internal computers should not be using your ISP's default route as they route.
In the worse situation your internal computers would point to your router's LAN side interface.
/----- ISP1 Link ---> ISP1 router
inside network <--> switch <--> 3825 <
\----- ISP2 Link ---> ISP2 router
As arnold stated, typically you would have some type of device internally NAT'ing your internal IP addresses to public.
Your internal computers should not be using your ISP's default route as they route.
In the worse situation your internal computers would point to your router's LAN side interface.
/----- ISP1 Link ---> ISP1 router
inside network <--> switch <--> 3825 <
\----- ISP2 Link ---> ISP2 router
As arnold stated, typically you would have some type of device internally NAT'ing your internal IP addresses to public.
ASKER
But if I have several routers in my internal network, do I have to go to each of them and configure the default gateway as my 3825 Internet router? Is there a redistribution statement from my Internet router that I can do to accomplish that? Thx
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
What I meant was can I redistribute a default route from my Internet router to my internal routers. That way I don't have to worry about going to all of my internal routers and configure the default gateway.
You might have multiple routers within your network, but only ONE connects to the Internet.
All other routers must forward traffic to that one router.
Say you have
R1 <--> R2 <--> R3 <--> Internet <--> ISP's Router
R1 must point to R2 as its default route, R2 must point to R3. R3 is where you are doing BGP with your ISP's.
If you try and set R1's default route to what you are getting from either of your ISP's it will not work, as R1 is not directly connected to your ISP's router.
If you are currently using the Internet, then there is NO change needed on your internal network. You leave it alone. The only change is to the router that connects directly to your ISP's.
All other routers must forward traffic to that one router.
Say you have
R1 <--> R2 <--> R3 <--> Internet <--> ISP's Router
R1 must point to R2 as its default route, R2 must point to R3. R3 is where you are doing BGP with your ISP's.
If you try and set R1's default route to what you are getting from either of your ISP's it will not work, as R1 is not directly connected to your ISP's router.
If you are currently using the Internet, then there is NO change needed on your internal network. You leave it alone. The only change is to the router that connects directly to your ISP's.
It depends on your internal setup.
You do not need to pass external Networks which your internet facing router learns from the BGP peers.
You could use OSPF on the inside network to advertise paths through the various routers to get back to the internet facing one
but the OSPF will only deal with pushing internal and default paths without referencing external public IPs.
I gather your intenal router connection is more of a mesh rather than sequential giltjr and I presumed?
i.e. internet facing route has a connection feed to router a, router b, router C
then each of those has its own local LAN and each has a connection to the others?
i.e. in the event the feed from internet facing router to router a is 'cut', the path from LAN A will go up to route a and then will be routed through either router b or router c on its way back to the internet facing router.
in this setup the internet facing router will be pushing via OSPF the default gateway 0.0.0.0 0.0.0.0 to each of the three routers.
Each router will be pushing using OSPF their respective LAN and will retransmit the default gateway from the internet facing router.
and to the internet facing router each will be sending LAN ips which the others will retransmit to the internet facing one.
The complexity here this may involve double NAT i.e. each router might NAT the LAN
and the internet facing router will NAT the "management network"
You do not need to pass external Networks which your internet facing router learns from the BGP peers.
You could use OSPF on the inside network to advertise paths through the various routers to get back to the internet facing one
but the OSPF will only deal with pushing internal and default paths without referencing external public IPs.
I gather your intenal router connection is more of a mesh rather than sequential giltjr and I presumed?
i.e. internet facing route has a connection feed to router a, router b, router C
then each of those has its own local LAN and each has a connection to the others?
i.e. in the event the feed from internet facing router to router a is 'cut', the path from LAN A will go up to route a and then will be routed through either router b or router c on its way back to the internet facing router.
in this setup the internet facing router will be pushing via OSPF the default gateway 0.0.0.0 0.0.0.0 to each of the three routers.
Each router will be pushing using OSPF their respective LAN and will retransmit the default gateway from the internet facing router.
and to the internet facing router each will be sending LAN ips which the others will retransmit to the internet facing one.
The complexity here this may involve double NAT i.e. each router might NAT the LAN
and the internet facing router will NAT the "management network"
Just missed your post.
--> What I meant was can I redistribute a default route from my Internet router to my internal routers.
Well you could setup a dynamic routing protocol between all your internal routers. But I'm not sure that would really accomplish anything. It would depend on your setup.
If you had a lot of internal routers that were connected to multiple other internal routers and you wanted automatically fail over. Then doing something with eigrp would work.
--> That way I don't have to worry about going to all of my internal routers and configure the default gateway.
You still have to configure them for whatever dynamic routing protocol you are using.
However, if you are using them now, then they should have a default route already.
--> What I meant was can I redistribute a default route from my Internet router to my internal routers.
Well you could setup a dynamic routing protocol between all your internal routers. But I'm not sure that would really accomplish anything. It would depend on your setup.
If you had a lot of internal routers that were connected to multiple other internal routers and you wanted automatically fail over. Then doing something with eigrp would work.
--> That way I don't have to worry about going to all of my internal routers and configure the default gateway.
You still have to configure them for whatever dynamic routing protocol you are using.
However, if you are using them now, then they should have a default route already.
ASKER
I already have the multihomed failover implementation in place. But I am not sure for the outbound traffic. Both ISPs send me a default route, so how my router knows that it should send outbound traffic through the primary link and not the secondary link. I know that you use local preference if you have two routers. But in my case I only have router. So not sure what I should use. Thx
The weighting you have in the peering BGP session is what determines the PATH.
I.e. part of your BGP configuration assigns a weight to each peer.
show ip route
you will see metrics/weight that will cover the path a packet would take based on that.
The lower the metric/weight the more preferred the path.
I.e. part of your BGP configuration assigns a weight to each peer.
show ip route
you will see metrics/weight that will cover the path a packet would take based on that.
The lower the metric/weight the more preferred the path.
ASKER
My weight is set to its default so I have to set my weight so that the outbound traffic can take the primary connection. Correct?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
So the best practice is leave everything at its default and let the router routes the traffic based on BGP path selection. Correct?
As I pointed out it depends on the costs incurred between the connections, yes.
Are both links the same speed?
Do both links seem to have the same level of reliability?
Do both links seem to have the same level of reliability?
ASKER
ISP1 provides 30mb. ISP2 provides 10mb. Level of reliability?
Does one go up or down more often than the other one?
Does one have more dropped packets?
I personally would try and weight it so that ISP1 is favored.
Equal route costs when you have that much difference in speed can cause you problems. ISP2's link could be saturated while ISP1's is only running at 30% busy.
Does one have more dropped packets?
I personally would try and weight it so that ISP1 is favored.
Equal route costs when you have that much difference in speed can cause you problems. ISP2's link could be saturated while ISP1's is only running at 30% busy.
ASKER
This will be new circuits so it will take sometimes to figure out the reliability.
ASKER
Will look into the issue