[c-nsp] BGP for multi-homed environment
Carlson Per
Per.Carlson at banetele.com
Tue Sep 7 05:09:52 EDT 2004
Hi Alex.
Welcome to the wonderful world of BGP!
> I want to connect each feed into a separate router and
> load share from my network. First off - is this possible??
Yes it is, but require some fiddeling around with BGP. Normally
outbound traffic is easier to loadshare than inbound.
> I have been allocated a class C address block.
Hmm, that limits some of your options for inbound traffic.
More about that later.
> I also want the ability to provide seamless failover between
> both providers. I am also a little unsure as to what is required
> with regards to filtering etc; what is the best policy here??
As a starter, filter out announcement that you *know* is faulty.
For you that means prefixes not allocated by IANA (here is a
terific link: http://www.cymru.com/Bogons/). If you are getting
full internet routes, filter out the default route as well.
Cymru also has got an extensive example of secure BGP configuration:
http://www.cymru.com/Documents/secure-bgp-template.html
If your router supports it, use URPF
(http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configurati
on_guide_chapter09186a00800ca7d4.html)
I would also recommend ACL's that filters out traffic entering
and leaving your network. You can more or less filter out all
traffic not destined to/sourced from your Class C-network.
Don't forget to permit BGP-traffic to the IP-adress of your
peering point!
> If anybody implements a similar configuration - I would
> appreciate some tips or feedback.
I would recommend you to start of with no BGP-policy at all.
If that's works out for you, fine, if not, you have to set up
a policy.
For outbound traffic, you have two basic options, local preference,
AS-prepends.
To loadbalance inbound traffic you can use AS-prepends and and splitting
up the network. The latter is not available for you, prefixes that's
25 bits and longer is very often filtered out by other operators
BGP-policies.
If you already havn't got it, I can warmly recommend the book
'Internet Routing Architecture' by Sam Halabi:
http://www.ciscopress.com/title/157870233X
Per
More information about the cisco-nsp
mailing list