Solved

BGP or other? for link between two DCs (single-ISP each)

Posted on 2014-03-28
11
222 Views
Last Modified: 2015-06-12
Hi, I am renting rack space in two datacenters for hosting customers websites, and right now i have different customers hosted at each datacenter. I am getting IP allocations from my ISP and I use these for my customers websites. I have a /26 at each location. There is only one ISP (the same one) in the two datacenters, and it has two upstream connections to Tier-1 providers.

I wanted to establish a high speed private link between my two sites, so I can have high-availability and failover for my services such as the customer portal. The datacenter offers a 1Gb fiber circuit between the two sites.

My only layer3 devices at each location are Palo Alto firewalls (PA3050) and I only have a single ethernet hand off from the ISP (100mbps) connection for my internet connectivity at each location.

Can I run BGP in this setup? Or is there a better approach to achieve what I am looking to do? I am attaching a basic diagram.

After getting the BGP (or other routing protocol) working between the two sites, will this be considered a "dual homed" setup? (This will also help me apply for ARIN address space because now I have to use IPs from my ISP)

Diagram
I read that these Palo Altos can only run around 46,000 routes so I am not sure if I can use them for this setup?

Thank you
0
Comment
Question by:sk391
  • 6
  • 5
11 Comments
 
LVL 26

Expert Comment

by:Soulja
ID: 39962025
What routing protocol are you running in each datacenter? I don't see a need for BGP, but OSPF would be a good option.
0
 
LVL 1

Author Comment

by:sk391
ID: 39962459
right now its quite simple, i just have around 10 vlans and only one is the external vlan which requires internet connectivity. around 4 VM's are Natted to the public VLAN for HTTPS traffic.

So the "internet access" vlan is just using the firewall's internal IP as its gateway, and the firewall's primary interface is configured with the /26. only 3 vlan's are trunked to the firewall

both sites have the same setup

how would i benefit with ospf? is there a 'begginers intro" to routing protocols? mostly i come from a virtualization background..

Thank you!
0
 
LVL 26

Accepted Solution

by:
Soulja earned 500 total points
ID: 39962475
Honestly this that many vlans, unless you plan to expand greatly, you could probably live with static routes and just put a /30 subnet between the datacenter to connect both palo alto's.
0
 
LVL 1

Author Comment

by:sk391
ID: 39962489
thanks yes  this might make sense..  i don't see us growing over 30 vlans for a couple years at least!

can you elaborate a bit on the /30 with an example? thank you
0
 
LVL 26

Expert Comment

by:Soulja
ID: 39963691
I am not clear on the circuit your isp is offering between the datacenters, but essentially, you would just create a subnet between the palo alot firewall, or the routers/switches that the isp provided to connect the datacenters. You traffic would route back and forth across this subnet for cross-datacenter traffic.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 1

Author Comment

by:sk391
ID: 39963718
thank you, and then I could create a HA virtual interface on this new /30 subnet, that my vlans in both datacenters would use as their new primary gateway to the internet?

for example if i had the below before:

datacenter 1 vlans: primary internet gateway paloalto1 wan interface
datacenter 2 vlans: primary internet gateway paloalto2 wan interface

now I would have

datacenter1 vlans: primary internet gateway paloalto1/2 virtual ip (on the /30 subnet)
datacenter2 vlans: primary internet gateway paloalto1/2 virtual ip (on the /30 subnet)

does this make sense?
0
 
LVL 26

Expert Comment

by:Soulja
ID: 39963728
Eh, I may not be reading your comment correctly, but the cross datacenter connection would only be for the datacenter to talk to one another. Now if you have an internet connection in both datacenters, you could have failover for one to use the other datacenters internet if the local internet fails. This is where you really want some dynamic routing as it could get tedious with a lot of static routes.
0
 
LVL 1

Author Comment

by:sk391
ID: 39963790
yes that's exactly what i mean. however, since the site1 services use the public IPs assigned from the isp of site1, i would need to get my own IPs and use those instead of my isp's, to avoid a single point of failure.

so if the internet at site1 goes down, my services on site1 would continue to run, by using the internet connection of site2 (through the firewall link between the two datacenters)?
0
 
LVL 26

Expert Comment

by:Soulja
ID: 39964031
That is exactly what I am saying. But I am not referring to an ISP failure, more of a circuit or hardware failure that connects to your internet at each data center.
0
 
LVL 1

Author Comment

by:sk391
ID: 39971139
thank you - so the solution would be

1) obtain ASN and IP space (1x /24 to be divided to 2x /25, one for each location)

2) configure the ASN on my site1 router/firewall with the first /25 network

3) configure the ASN on my site2 router/firewall with the second /25 network

4) configure my site1 router/firewall to communicate over iBGP with my site2 router/firewall (does this require a /30 or /31 for the private network?)

5) configure my site1 router/firewall -> communicate over eBGP with site1 ISP router

6) configure my site2 router/firewall -> communicate over eBGP with site2 ISP router

Does this seem right as a high level plan? any other steps I am missing?

Thank you
0
 
LVL 1

Author Comment

by:sk391
ID: 40007913
can you confirm please so i close the question?
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

There are two basic ways to configure a static route for Cisco IOS devices. I've written this article to highlight a case study comparing the configuration of a static route using the next-hop IP and the configuration of a static route using an outg…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now