Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 576
  • Last Modified:

Using BGP between two Internet Service Providers for internet redundancy

I understand that for BGP, I need to purchase an AS number and a minimum of a class C subnet.  This is fine, I know it won't be a problem, but here's my question.  Right now I only have one internet circuit, (I'm not doing BGP with them right now, but they can do it).  We are bringing in a 2nd ISP who can also do BGP so we will have internet redundancy.  My question is do I need a class C subnet from both ISP's?  With the ISP I currently have I have a /30 WAN connection, and a /28 public routable IP Block.  Any assistance would be greatly appreciated.  Thanks. .
  • 2
2 Solutions
If you purchase a class C and AS from ARIN, you will be able to advertise the class C to both providers and can use BGP AS-Path Prepending for redundancy. If you purchase a /24 from the provider, they generally speaking will not allow you to advertise that block to another provider as it is part of a larger network owned and advertised to the internet by that ISP. This is something you will want to confirm with your ISP.

If you just need internet redundancy for strictly outbound access, you can use the /28 with your primary provider without BGP and when you fail over, you can then NAT everything to the range on the second circuit. Keep in mind this will reset users connections as they will start using a new IP.

Or, If you purchase a /24 from your provider (not from ARIN), when you failover to the other circuit, you could just PAT all the traffic to the outside interface of your second internet connection. This way, you will not need to lease another block of IP's. Let me know if this makes sense.

What I see most often when companies desire redundant Internet access, purchasing an AS and /24 from ARIN is often the path they take
You actually can use a /24 from a provider and advertise it to another provider, but you need to jump through a few hoops. There are forms that need to be filled out and sent to both ISP's in order to get them to be in agreement over accepting the subnet to be advertised. I had a customer do this about a year back... it took like 4+ months for the forms to get handled, and I'm not sure if it was due to the customer, ISP, or just how the process goes.

Of course, the above is all dependent on the ISP's being willing to do this.

This may not be an issue for you, but when you only have 1 class C and two ISP's, you can have failover but you need to make sure the ISP's DON'T use local preference settings. Most ISP's set a local-pref value to any subnets advertised by directly connected customers. This means that if a packet goes through their network destined for yours, they will always route through their own network instead of passing it off to someone else's network. This allows a packet to leave your network out ISP A but return through ISP B due to the destination being closer to ISP B and routing through ISP B. Removing the local-pref values allow you to control traffic flow using prepending.

This all gets much more complicated if you want to split the class C internally for redundant data centers, but it is an internal complication and not with the ISP.
Rauenpc is correct regarding advertising PA address space to another ISP. It's possible, but not as cut and dry as obtaining AS/block from ARIN.
denver218Author Commented:

Featured Post

Receive 1:1 tech help

Solve your biggest tech problems alongside global tech experts with 1:1 help.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now