Solved

Multihomed Central Office - Public Address Space

Posted on 2013-06-20
10
510 Views
Last Modified: 2013-06-21
I have been given the responsibility of somehow multihoming my central office location to the Internet.  I have two separate Internet providers who claim to offer the bandwidth that I need for each link.  My question is regarding public IP address space.  Currently, we purchase our IPs through our single provider.  These are, of course, PA addresses.  To my knowledge, these would not suffice in a dual-homed environment with two ISPs.  I did some quick research on ARIN's website and it looks like we are too small to be candidates for a direct end-user assignment - I'm only using half of a /25 currently.  ARIN's policy requires you to use at least 25% of a /24 upon purchase and 50% within a year.  

So, does anyone out there know what would be the best course of action for my enterprise?  I am a higher education institution in Texas.  I'm a member of Educause, but I'm not sure they can sell me what I need in this case.  Once I get the address question answered, I would then need to know what the best method to purchase a BGP ASN would be.
0
Comment
Question by:marrj
  • 5
  • 5
10 Comments
 
LVL 28

Accepted Solution

by:
Jan Springer earned 500 total points
ID: 39264323
You can work with PA as long as the provider that has assigned those addresses to you will provide an LOA allowing you to announce them through another AS.  Done all the time and not a big deal.

I wouldn't recommend announcing anything smaller than a /24, however since many routers block smaller prefixes.

If you were to do so, the aggregate that your subnet falls into would allow traffic to flow to your network from the assigning ISP.

It's a bit of a gamble but if you really need two distinct providers, it may be worth the shot.

Any chance you can get a /25 that's contiguous with what you have from your current provider so that you can at least announce a /24?
0
 
LVL 1

Author Comment

by:marrj
ID: 39264363
Yes, I'm pretty sure the next /25 in line with my provider is not being used.  Obtaining a /24 should not be a problem.

I currently have one router that advertises my public range to my single ISP.  I was thinking that I would need to purchase a second router that interfaced with my public range and with the second ISP, then run eBGP on both edge routers to advertise into the corresponding ISPs.  Would that be the best course of action?  Would their be any reason to establish iBGP peering between my two edge routers?
0
 
LVL 28

Expert Comment

by:Jan Springer
ID: 39264438
Or you use one router for the two peers and ask both to give you a default route.

When it's justified, you can grow into a router that will handle at least two full routing tables.

The only reason that I'd get a second router and do iBGP (even if it's just a default route) is for the redundancy in case one router died.
0
 
LVL 1

Author Comment

by:marrj
ID: 39264453
I do like the idea of having a fault tolerant edge with two routers.  I already have an ASA 5515 configured in an active/standby failover.  I think I'm going to pursue the two router approach for a fully redundant edge.

Any word of advice on how to purchase an ASN?
0
 
LVL 28

Expert Comment

by:Jan Springer
ID: 39265750
You don't purchase one (technically).  Contact your RIR.  In North American that is ARIN (www.arin.net), in Asia that is APNIC (www.apnic.net), in Europe that is RIPE (www.ripe.net) and in South America that is LACNIC (www.lacnic.net).

You will fill out the obligatory paperwork and submit a small fee for  the ASN.  The RIR may require proof of multi-homing such as a copy of a contract (the first is already established).

Holler if you need help.  It's a rather each process.  If you get a four byte ASN, make sure that your router firmware supports it.
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 1

Author Comment

by:marrj
ID: 39266278
I will have BGP running on a couple of Cisco 2921 ISR's.  How do I find out if they will support a four-byte ASN?
0
 
LVL 28

Expert Comment

by:Jan Springer
ID: 39266395
What is the output of "sho ver"?
0
 
LVL 1

Author Comment

by:marrj
ID: 39266446
Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.1(4)M4, REL                                                                             EASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Tue 20-Mar-12 18:57 by prod_rel_team

ROM: System Bootstrap, Version 15.0(1r)M15, RELEASE SOFTWARE (fc1)

HOSTNAME uptime is 5 days, 17 hours, 45 minutes
System returned to ROM by power-on
System restarted at 22:40:05 UTC Sat Jun 15 2013
System image file is "flash0:c2900-universalk9-mz.SPA.151-4.M4.bin"
Last reload type: Normal Reload


This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

Cisco CISCO2921/K9 (revision 1.0) with 487424K/36864K bytes of memory.
Processor board ID ************
3 Gigabit Ethernet interfaces
1 terminal line
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity enabled.
255K bytes of non-volatile configuration memory.
250880K bytes of ATA System CompactFlash 0 (Read/Write)


License Info:

License UDI:

-------------------------------------------------
Device#   PID                   SN
-------------------------------------------------
*0        CISCO2921/K9          *************



Technology Package License Information for Module:'c2900'

-----------------------------------------------------------------
Technology    Technology-package           Technology-package
              Current       Type           Next reboot
------------------------------------------------------------------
ipbase        ipbasek9      Permanent      ipbasek9
security      securityk9    Permanent      securityk9
uc            None          None           None
data          None          None           None

Configuration register is 0x2102
0
 
LVL 28

Expert Comment

by:Jan Springer
ID: 39266616
You don't need to worry about 4-byte ASNs since you cannot take two full routing tables.  If you like this router and cannot justify something heavier, I would recommend asking for a default route from both providers and just doing iBGP between the two.
0
 
LVL 1

Author Comment

by:marrj
ID: 39266755
I like that plan.  Thank you very much for all of your wisdom in this area.  Look for another one of my posts soon.  I will name it "BGP for multihomed enterprise".  I'm going to post my BGP config on EE for verification of its correctness.  I would like to award you the points for this post though.  So, stay tuned.
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Suggested Solutions

I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now