From: Anthony Pace (anthonypace@fastmail.fm)
Date: Tue Jun 01 2004 - 14:56:28 GMT-3
These are my experiences multi-holming with BGP ( I would love to hear
comments on the architectures below)
There are several steps I had to go through to be up and running on
redundant ISP's via BGP (and I'm not sure I have seen them documented or
summarized in one place.)
- ARIN registration for ASN
- Contracts with ISP's
- Get address space from providers (unless you can get your own block)
- Register ASN and all address blocks with RadB
This much was a prerequisite for even beginning the discussion of BGP (as
well as a bunch of paperwork)
If you use DNS for all of the "connections started by others" then
provider address space is just as good as having your own; but if allot
of IP address's are hard coded alot of places, then you may have to do
some work if you want to switch providers, or if they re-po the address
space (which can happen)
Most of the discussion on this list is pretty much the Halabi
primary/fail over architecture, but in an effort to "not waste the
redundant link" I have experimented with the following:
- Announce address space out of 1 provider and send EGRESS traffic out
the other. (Allot of people said this was asymmetrical routing but the
LAN was downstream of both routers doing this so it was quite symmetrical
by the time it came down into the firewall.)(this was true load balancing
and I am inclined to think that people who were critical of it were,
perhaps, just regurgitating something they heard someone else say)
- Announce some address space via one provider and some address space via
the other. Use policy routing to control the EGRESS traffic. (use
prepends and Local preference to influence the traffic while allowing
full redundancy)
- take in full routes from 2 providers on 2 routers and also peer them
with each other. Let the traffic come and go however it wants to.
- take in partial routes + default route from 2 providers. Let the
traffic come and go however it wants to.
Anthony Pace CCIE 10349
On Sat, 29 May 2004 13:49:30 -0400, "Howard C. Berkowitz"
<hcb@gettcomm.com> said:
> At 7:24 AM -0700 5/29/04, Tom Rogers wrote:
> >Howard,
> >We were thinking of multihoming. I have few questions to ask U.
> >1)Do we have to justify for desiring an AS , IIRC from ARIN ?
>
> Yes, but multihoming to two or more ISPs is generally adequate. Do
> note that they typically won't give you the ASN until you can show
> them contracts for the connections, often to be installed within a
> month.
>
> >2)Where do we get the independent network #s?
>
> I'm not sure I understand. You can multihome perfectly well with
> provider-assigned address space, as long as both providers agree to
> advertise address space from one provider's address space. Both
> providers _must_ advertise your /24 or equivalent as well as their
> less-specifics.
>
> >3)Will my 2 diiferent ISPs route my class c network? (I was reading
> >in the group somewhere that only /19 re routable..
>
> Nothing is ever certain, but there's an increasing tendency to let
> multihomed /24 through. Realistically, you must coordinate with both
> ISPs when multihoming. One of the things that makes it more likely
> for your address space is that both ISPs include it in their
> publically accessible routing policy in one of the public routing
> registries.
>
> >
> >Thanx in advance
> >Tom
> >
> >"Howard C. Berkowitz" <hcb@gettcomm.com> wrote:
> >
> >At 9:44 PM -0400 5/28/04, Peter van Oene wrote:
> >>At 04:20 PM 5/28/2004, MMoniz wrote:
> >>>Also in the real world, most ISP's will offer to advertise either customer
> >>>only or all routes.
> >>>I would assume they accomplish this with an AS-path filter to you! Much
> >>>simpler!!
> >>
> >>usually communities if they are clueful.
> >
> >Peter, did you just use "clueful ISP practice" in the same thought as
> >"CCIE lab"?
> >
> >>
> >>>Just as you can filter the same with an AS-path filter from your ISP.
> >>
> >>agree
> >>
> >>>We have this exact scenario where we are multihomed with our own AS and
> >>>accept full routes. In fact if
> >>>you are multihomed I think you must have your own AS, or an agreement
> >>>between your different ISP's.
> >
> >It's really not that difficult to get an AS -- $500 per year, IIRC
> >from ARIN and probably about the same from the other routing
> >registries. RIPE-NCC requires and ARIN recommends that you register
> >your routing policy in their routing registry database -- and if you
> >don't know how to do that, you really shouldn't be running BGP in the
> >Internet. A competent consultant can set up a reasonable multihoming
> >policy and do your application in under a day. Get a consultant and
> >watch closely -- make training a part of the contract.
> >
> >_______________________________________________________________________
> >Please help support GroupStudy by purchasing your study materials from:
> >http://shop.groupstudy.com
> >
> >Subscription information may be found at:
> >http://www.groupstudy.com/list/CCIELab.html
> >
> >
> >
> >Do you Yahoo!?
> >Friends. Fun. <http://messenger.yahoo.com/>Try the all-new Yahoo! Messenger
>
> _______________________________________________________________________
> Please help support GroupStudy by purchasing your study materials from:
> http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
-- Anthony Pace anthonypace@fastmail.fm-- http://www.fastmail.fm - Faster than the air-speed velocity of an unladen european swallow
This archive was generated by hypermail 2.1.4 : Sat Jul 03 2004 - 19:40:30 GMT-3