[c-nsp] HSRP and BGP

matt carter matt at iseek.com.au
Mon Apr 30 02:00:24 EDT 2007



>> 	Is this not a valid way to do HSRP to an upstream? Is there
something 
>> wrong with this methodology? Is there some configuration in the

speaking at least from a domestic point of view, most nsps are happy enough
to allocate a /29 instead of a /30 for the interconnect subnet but aren't
too happy about running dual layer 3 bgp peers on a single layer 2
connection. ( mainly i think because it seems to throw all their support &
diagnostics processes out the window having 2 sets of peers on 1 link ) ...
in my experience, the standard response to this kind of request is to the
effect of if you want n+1 get a second link and do it properly at both
layer2 and layer3, which for whatever reason, simply may not be cost
justifiable.. in that scenario, id opt for something is always better than
nothing.. ( how receptive are nsps in other countries to this 1 xconnect w/
2 sets of peers kind of request? )

> 
> Several problems come to mind. If you have a failover event 
> and the other router takes over, the BGP session will drop 
> and it will take some time to get reestablished. 
> Additionally, depending on your HSRP configuration, when the 
> "primary" router comes back up, it may try to retake the 
> virtual IP, flapping your session again. I don't see any 
> reason to play this kind of head game with your BGP peer.
> 

presuming you have a /29 and only 1 interconnect, given the kind of
ridiculous startup times we are looking at for something as simple as an IOS
upgrade in cisco land, i'd rather fire up HSRP and have the circuit flap
once (assuming no preemption) versus 3-5 minutes of hard down time, but
thats just me.. it seems to work just fine as far as i can tell, just dont
enable MD5 or you will end up with continual auth failure messages from the
standby router ... but hey, maybe there is a better way of doing this, its
certainly not the most ideal solution..

> > HSRP or BGP that I have missed? And if this wont work for 
> some reason, 
> > what is another way of doing this? Should I just have 2 BGP 
> peers with 
> > router-B pre-pending itself?
> 
> This is a much better solution. It uses the routing protocol 
> the way it was intended instead of hacking around it. Use 

on a pure technical level, i 100% agree.

if only things were so simple ;)

--matt




More information about the cisco-nsp mailing list