BGP config WAS RE: [c-nsp] internet redundancy [7:99340]
Kern, Tom
tkern at CHARMER.COM
Wed May 18 14:15:58 EDT 2005
Ok, i'm still trying to set up an internet redundancy solution.
I unsucessfully attempted this only using eigrp and tunneling it through my firewall and redistributing static routes,etc. But that never worked.
A while back someone mentioned bgp and to get over the FUD surrounding it and just try it.
Ok, so now i'm gonna try it.
My senario is probably well known(too well known, everyone on this list would say).
I have 3 sites with 3 isps. The 3 sites connect to each other via point o point T1's(not the same routers as the internet facing one's).
I want to set up outgoing and incoming redudancy(disregard any resoultion issues and ddns soultions for now).
I'm going to use bgp.
My question are as follows-
1.I need to use the ASN of each respective isp, correct? Do they charge for this normally?
2. Internally, do I need to run ibgp or should i redistribute ebgp into eigrp?
3. If i run ibgp, do i need a "real" ASN or can I use a private one?
4. Aside from setting up an AS-Path filter is there anything else i need to do to prevent filling up my routing table with isp routes?
5. Am i missing anything else?
Thanks
Kern, Tom wrote:
> I set up a ebgp link from the 3 routers to the 3 isp's.
> now, do i inject the ebgp stuff into eigrp or do i run ibgp between
> the 3
> internet routers?
>
>
> i'm confused as to when i should redistribute into an IGP or run ibgp
> Thanks a lot
>
> Chad Larsen wrote:
>> Tom,
>>
>> You'll need to setup BGP with the ISP's and have them advertise only
>> default route to you. You should redistribute the default route
>> into EIGRP..this will allow the route to disappear if the internet
>> link goes down. At this point you'll have 3 edge routers
>> advertising a default route...the EIGRP metrics will allow the PC's
>> to make it out the default router that is closest to them (least
>> cost metric).
>> As far as inbound, you need to advertise your IP block out each ISP
>> with BGP and prepend your own as to manipulate which link will be
>> preferred by the net. Also, you will most likely neet to set a bgp
>> community attribute to manipulate the traffic from within the same
>> ISP's cloud (most of the bigger ISP's will have info on which
>> community should be set).
>>
>> Hopefully this helps,
>>
>> -chad
>>
>>
>>
>> -----Original Message-----
>> From: nobody at groupstudy.com [mailto:nobody at groupstudy.com] On Behalf
>> Of Kern, Tom
>> Sent: Monday, May 16, 2005 8:19 AM
>> To: cisco at groupstudy.com
>> Subject: RE: [c-nsp] internet redundancy [7:99340]
>>
>> i need access from the internet to each site.
>>
>> The NYC site has 400 users.
>> The Albany and Buffalo sites have 50 users each.
>>
>> Here's what I'm lookin for-
>>
>> Currently all sites use the NYC site's frame-relay for internet
>> access(outgoing and incoming). The other sites just got internet
>> access with their own isp's(frame-relay).
>> I would like each site to use their own internet connection for
>> outgoing internet access. I want to set up redundancy so that if
>> say, Buffalo's internet router or link or firewall should go down,
>> they will be rerouted to the Albany or NYC site for internet access.
>> The same would hold true for the other sites.
>>
>> If i can get this set up with minimal pain, i would then look at
>> achieving the same thing for incoming access. So if someone is
>> trying to get to a webserver in Albany, but Albany's isp or router
>> is down, they would be able to get to the website thru NYC or
>> buffalo. I think this would involve using some DDNS solution as
>> well, though.
>>
>> I hope that kinda clears things up.
>>
>> thanks for your help and interest in this.
>>
>>
>>
>> Dom wrote:
>>> Still slightly confused. Sorry the provide moew questions not
>>> answers at this stage -
>>>
>>> Do you host at one site or all?
>>>
>>> How many users at each site?
>>>
>>> Are you trying to get -
>>>
>>> Resiliance between sites?
>>>
>>> Resiliant connections to the Internet?
>>>
>>> Resiliance to where your Internet facing hosts?
>>>
>>> Some/All of the above?
>>>
>>>
>>>
>>> Best regards,
>>>
>>> Dom
>>>
>>>
>>> -----Original Message-----
>>> From: nobody at groupstudy.com [mailto:nobody at groupstudy.com] On Behalf
>>> Of Kern, Tom Sent: 15 May 2005 22:51
>>> To: cisco at groupstudy.com
>>> Subject: RE: [c-nsp] internet redundancy [7:99340]
>>>
>>> yup.
>>> web,smtp,dns,ftp,etc.
>>> the only thing i get from my isp is a frame to the CO and depending
>>> on the site(albany and buffalo), a couple of public ip's
>>>
>>> In NYC(where i'm at), we have an entire class c network of our own.
>>> thanks
>>>
>>>
>>> -----Original Message-----
>>> From: Dom [mailto:dom at sysdom.demon.co.uk]
>>> Sent: Sunday, May 15, 2005 5:45 PM
>>> To: Kern, Tom; cisco at groupstudy.com
>>> Subject: RE: [c-nsp] internet redundancy [7:99340]
>>>
>>>
>>> And apart form resilient Internet connectivity, do you do your own
>>> hosting etc?
>>>
>>> -----Original Message-----
>>> From: nobody at groupstudy.com [mailto:nobody at groupstudy.com] On Behalf
>>> Of Kern, Tom Sent: 15 May 2005 22:33
>>> To: cisco at groupstudy.com
>>> Subject: RE: [c-nsp] internet redundancy [7:99340]
>>>
>>> 3 lans. the internet routers are NOT the same as the internal
>>> routers. Seperate internal routers with the T1's to each other.
>>> The internet routers are outside the firewalls.
>>> the 3 sites are Albany,Buffalo,and NYC.
>>> NYC is connected to Albany, Albany to Buffalo,Bufffalo to NYC.
>>> All point to point T1's. 3 isp's.
>>> thanks
>>>
>>> -----Original Message-----
>>> From: Dom [mailto:dom at sysdom.demon.co.uk]
>>> Sent: Sunday, May 15, 2005 2:39 PM
>>> To: cisco at groupstudy.com
>>> Subject: RE: [c-nsp] internet redundancy [7:99340]
>>>
>>>
>>> How many LANs do do have on each site?
>>>
>>> Does the inter-site T1 connection and the IPS connection use the
>>> same router?
>>>
>>> If yes to the above, why are you using EIGRP?
>>>
>>> If there are just three sites and three routers, why can't static
>>> routes be used?
>>>
>>> I must be missing something here
>>>
>>> Dom
>>>
>>> -----Original Message-----
>>> From: nobody at groupstudy.com [mailto:nobody at groupstudy.com] On Behalf
>>> Of Howard C. Berkowitz Sent: 15 May 2005 17:27
>>> To: cisco at groupstudy.com
>>> Subject: Re: [c-nsp] internet redundancy [7:99340]
>>>
>>> At 9:25 AM -0400 5/15/05, Kern, Tom wrote:
>>>> I'm looking to set up internet redudancy.
>>>> i have 3 internet connections in 3 diff sites. all sites are
>>>> connected via point to point T1's.
>>>> Each site uses its own isp.
>>>> I use eigrp internally.
>>>>
>>>> i assume I would have to call the isp's and use BGP to sucessfully
>>>> do this? what would I need to set up on my end?
>>>
>>> With three involved, that's really your only alternative. Do you
>>> have dedicated links between your sites, or would the failover be
>>> via the Internet? In the latter case, how do you handle security?
>>> Encrypted tunnels? Of what sort?
>>>
>>>> How complicated is this?
>>>
>>> You will need to develop a routing policy and get your ISPs to agree
>>> to it. Once that is done, you will need an AS number, which, when I
>>> last looked, was $500 per year. One or more of your ISPs may be
>>> willing to help you get started, usually wanting to be preferred or
>>> charge professional service fees.
>>>
>>> The next step is to develop your routing policy, which will depend
>>> in part on how you go site-to-site. You need at least one
>>> BGP-speaking router at each site, and you might have more than one
>>> to protect against failure. At a minimum, have EIGRP default point
>>> at a BGP speaker.
>>>
>>> Assuming you have permanent links between your sites, the minimum
>>> approach could be for each site to advertise its address space to
>>> the ISP, but to prefer the direct links for inter-site
>>> communication. From each ISP, you could request full or partial
>>> routes, and share them by iBGP among your sites. Partial routes,
>>> for example, are usually the directly connected customers of that
>>> ISP.
>>>
>>> Again, I'm assuming a lot here. It's not necessarily hugely
>>> complicated, but it's easy to make errors. Before I could design
>>> something, I'd have to know details including the nature and speed
>>> of your inter-site links, your backup strategy, if the ISPs are
>>> widely geographically distributed, etc.
>
>
>
>
> Message Posted at:
> http://www.groupstudy.com/form/read.php?f=7&i=99451&t=99340
> --------------------------------------------------
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
More information about the cisco-nsp
mailing list