From: Todd Veillette (tveillette@myeastern.com)
Date: Wed Jun 02 2004 - 11:47:16 GMT-3
Anthony,
Just some feedback on how ours is set up. 2 providers - 2 full class C's one
from each provider and went through the steps you describe below. (ARIN to
get AS and RadB for your blocks). We asked each ISP to accept the other's
Class C. We run 2 identical border routers, multiple connections on each to
each ISP, take partial tables from each, run our AS and iBGP between
multiple trunked switches links on our side of the border routers. We set up
whatever th provider wanted as far as communities, bgp filtering, etc. We
manually tweaked our routes using various looking glass sites as best we
could, and we have multiple vlan/dmz's for different security zones inside
all somewhat manual for redundancy using hsrp, to evenly distribute
bandwidth thru the ISP's connections.
On the plus side, uptime is solid, complexity is one drawback.
Now we have another Class C at another location, and we are looking at
setting this up for "global" redundancy. Haven't even looked at this, nor do
I know if I want to.
-TV
----- Original Message -----
From: "Anthony Pace" <anthonypace@fastmail.fm>
To: "Howard C. Berkowitz" <hcb@gettcomm.com>; <ccielab@groupstudy.com>
Sent: Tuesday, June 01, 2004 1:56 PM
Subject: RE: BGP customers?
> These are my experiences multi-holming with BGP ( I would love to hear
> comments on the architectures below)
>
> There are several steps I had to go through to be up and running on
> redundant ISP's via BGP (and I'm not sure I have seen them documented or
> summarized in one place.)
>
> - ARIN registration for ASN
> - Contracts with ISP's
> - Get address space from providers (unless you can get your own block)
> - Register ASN and all address blocks with RadB
>
> This much was a prerequisite for even beginning the discussion of BGP (as
> well as a bunch of paperwork)
>
> If you use DNS for all of the "connections started by others" then
> provider address space is just as good as having your own; but if allot
> of IP address's are hard coded alot of places, then you may have to do
> some work if you want to switch providers, or if they re-po the address
> space (which can happen)
>
> Most of the discussion on this list is pretty much the Halabi
> primary/fail over architecture, but in an effort to "not waste the
> redundant link" I have experimented with the following:
>
> - Announce address space out of 1 provider and send EGRESS traffic out
> the other. (Allot of people said this was asymmetrical routing but the
> LAN was downstream of both routers doing this so it was quite symmetrical
> by the time it came down into the firewall.)(this was true load balancing
> and I am inclined to think that people who were critical of it were,
> perhaps, just regurgitating something they heard someone else say)
>
> - Announce some address space via one provider and some address space via
> the other. Use policy routing to control the EGRESS traffic. (use
> prepends and Local preference to influence the traffic while allowing
> full redundancy)
>
> - take in full routes from 2 providers on 2 routers and also peer them
> with each other. Let the traffic come and go however it wants to.
>
> - take in partial routes + default route from 2 providers. Let the
> traffic come and go however it wants to.
>
> Anthony Pace CCIE 10349
>
>
>
>
>
>
>
>
>
>
> On Sat, 29 May 2004 13:49:30 -0400, "Howard C. Berkowitz"
> <hcb@gettcomm.com> said:
> > At 7:24 AM -0700 5/29/04, Tom Rogers wrote:
> > >Howard,
> > >We were thinking of multihoming. I have few questions to ask U.
> > >1)Do we have to justify for desiring an AS , IIRC from ARIN ?
> >
> > Yes, but multihoming to two or more ISPs is generally adequate. Do
> > note that they typically won't give you the ASN until you can show
> > them contracts for the connections, often to be installed within a
> > month.
> >
> > >2)Where do we get the independent network #s?
> >
> > I'm not sure I understand. You can multihome perfectly well with
> > provider-assigned address space, as long as both providers agree to
> > advertise address space from one provider's address space. Both
> > providers _must_ advertise your /24 or equivalent as well as their
> > less-specifics.
> >
> > >3)Will my 2 diiferent ISPs route my class c network? (I was reading
> > >in the group somewhere that only /19 re routable..
> >
> > Nothing is ever certain, but there's an increasing tendency to let
> > multihomed /24 through. Realistically, you must coordinate with both
> > ISPs when multihoming. One of the things that makes it more likely
> > for your address space is that both ISPs include it in their
> > publically accessible routing policy in one of the public routing
> > registries.
> >
> > >
> > >Thanx in advance
> > >Tom
> > >
> > >"Howard C. Berkowitz" <hcb@gettcomm.com> wrote:
> > >
> > >At 9:44 PM -0400 5/28/04, Peter van Oene wrote:
> > >>At 04:20 PM 5/28/2004, MMoniz wrote:
> > >>>Also in the real world, most ISP's will offer to advertise either
customer
> > >>>only or all routes.
> > >>>I would assume they accomplish this with an AS-path filter to you!
Much
> > >>>simpler!!
> > >>
> > >>usually communities if they are clueful.
> > >
> > >Peter, did you just use "clueful ISP practice" in the same thought as
> > >"CCIE lab"?
> > >
> > >>
> > >>>Just as you can filter the same with an AS-path filter from your ISP.
> > >>
> > >>agree
> > >>
> > >>>We have this exact scenario where we are multihomed with our own AS
and
> > >>>accept full routes. In fact if
> > >>>you are multihomed I think you must have your own AS, or an agreement
> > >>>between your different ISP's.
> > >
> > >It's really not that difficult to get an AS -- $500 per year, IIRC
> > >from ARIN and probably about the same from the other routing
> > >registries. RIPE-NCC requires and ARIN recommends that you register
> > >your routing policy in their routing registry database -- and if you
> > >don't know how to do that, you really shouldn't be running BGP in the
> > >Internet. A competent consultant can set up a reasonable multihoming
> > >policy and do your application in under a day. Get a consultant and
> > >watch closely -- make training a part of the contract.
> > >
> > >_______________________________________________________________________
> > >Please help support GroupStudy by purchasing your study materials from:
> > >http://shop.groupstudy.com
> > >
> > >Subscription information may be found at:
> > >http://www.groupstudy.com/list/CCIELab.html
> > >
> > >
> > >
> > >Do you Yahoo!?
> > >Friends. Fun. <http://messenger.yahoo.com/>Try the all-new Yahoo!
Messenger
> >
> > _______________________________________________________________________
> > Please help support GroupStudy by purchasing your study materials from:
> > http://shop.groupstudy.com
> >
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> --
> Anthony Pace
> anthonypace@fastmail.fm
>
> --
> http://www.fastmail.fm - Faster than the air-speed velocity of an
> unladen european swallow
>
> _______________________________________________________________________
> Please help support GroupStudy by purchasing your study materials from:
> http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sat Jul 03 2004 - 19:40:31 GMT-3