[c-nsp] BGP Multihomed Selective/Conditional Advertisement

tkacprzynski at SpencerStuart.com tkacprzynski at SpencerStuart.com
Mon Oct 27 14:33:00 EDT 2008


 
Thank you everyone for your helpful input. I thought I would put some of
these ideas in a more structured way (in/out routes based on the
provider)

Normal (no failover)
################################################################
-ATT
---In

----Internet access - default route, set local preference 200
----VPN traffic - will use Cogent (see below)




---Out 

----Internet access - my /24 advertised (no communities)
----VPN traffic - will use Cogent (see below)


#################################################################
-Cogent
---In

----Internet access - default route, local preference 50, will use ATT
unless ATT fails

----VPN traffic - filter for my incoming VPN routes and set local
preference to 200 (since I'm getting /16 or so maybe I could use
conditional injection for /28 of my actual VPN networks?)




---Out 

----Internet access - my /24 advertise with Cogent's community set Local
preference something low like 50 (this way all Cogent users will use the
path through ATT avoiding Cogent's link.

----VPN traffic - advertise /32 for VPN headend router, use Cogent's
community to set Local preference to 135 and set the no-export community
for cogent's peers. 


#################################################################

What do you think about that configuration? The only thing I need to
check is if they will support a /32 to be advertised on their network.



Tom


-----Original Message-----
From: Nathan [mailto:have.an.email at gmail.com] 
Sent: Monday, October 27, 2008 12:39 PM
To: Kacprzynski, Tomasz
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] BGP Multihomed Selective/Conditional Advertisement

On Mon, Oct 27, 2008 at 6:41 PM,  <tkacprzynski at spencerstuart.com>
wrote:
> Nathan, thanks for this idea. Your idea could work. I just need to 
> find out if they will accept my 2x /25  routes if I split the /24.

Frances Albemuth refined my proposal with better knowledge of Cogent's
communities.

> As for the prepend, how could I deal with peers that might be closer 
> to Cogent than ATT and not load-balance that traffic based on peer's 
> peering location?

You won't be load-balancing whatever the case. But yes, packets that
happen to go through Cogent will come to you through your Cogent link.

> The usage of Cogent is primarily for point to point VPN backup from 
> other offices that would be on Cogent's network. Ideally I would like 
> to keep that link free of internet traffic unless the primary (ATT) 
> link fails and also not have asymmetric traffic where traffic comes in

> on the Cogent circuit and leaves on ATT's circuit because of the 
> default route match. I'm not sure if that's possible, but that would 
> be my ideal solution.

If your IP for the point to point VPN backup has a fixed dedicated IP
you could maybe announce that to Cogent instead of the two halves of
your network, and if the range at Cogent is equally fixed you could step
up local-preference on that instead of Cogent's whole network.
That way, only those IPs are impacted by the special "use Cogent"
routing. Since you're going to have ask Cogent, ask them the whole
question, they know their network better than I :-)

Personally I'm not comfortable with conditionals. Propagation takes
time. Does it matter a lot if some small percentage of packets come in
the wrong way?

--
HTH,
Nathan


More information about the cisco-nsp mailing list