[c-nsp] Two routers with Single ISP Scenario

shadow floating nadengine at googlemail.com
Wed Apr 21 07:13:36 EDT 2010 

Thanks a lot All for your valuable advice and time.

regards,
Nad

On Tue, Apr 20, 2010 at 5:32 PM, Vincent C Jones
<v.jones at networkingunlimited.com> wrote:
> On Mon, 2010-04-19 at 14:29 +0200, Peter Rathlev wrote:
>> On Mon, 2010-04-19 at 14:11 +0200, shadow floating wrote:
>> > I've one of my customers who wants to stick to single ISP but wants to
>> > implement the full redundancy (no single point of failure) network
>> > scenario, is there a way to connect to 2 routers internet facing with
>> > in an active/standby fashion to a single ISP with a single IP range?
>>
>> The provider and the customer could both use HSRP (or VRRP or GLBP). It
>> needs a L2 connection between the two sites though, and that might not
>> be optimal. It can work fine though. We currently use this as a customer
>> of AS3308.
>>
>>  +----------+           +----------+
>>  | ISP PE 1 |--- (?) ---| ISP PE 2 |
>>  +----------+           +----------+
>>        |                      |
>>        |                      |
>>     +------+              +------+
>>     | CE 1 |--------------| CE 2 |
>>     +------+              +------+
>>
>> The top link (between ISP PE 1 and PE 2) is not strictly necessary and
>> the ISP might prefer not having it.
>
> A much simpler and more robust approach is to get a private ASN from
> your ISP and run BGP. This is the scenario private ASN's are intended
> for and eliminates many layer 2 dependencies. All you need to do is
> accept a default route from the ISP and advertise your prefix to the
> ISP. Don't forget to test and verify that the ISP is passing on your
> prefixes from your advertisements rather than static routing. You will
> regret depending on a link failure being detected by the interfaces on
> both ends.
>
> Of course, if you really care about redundancy, you need to make sure
> the two paths between your routers and the ISP's routers are physically
> diverse so that when one fails, the other has a fighting chance of
> staying up. Watch out for common paths not just getting to the ISP but
> also from the ISP's points of presence you are using to their upstream
> connections. Also consider physical diversity of the routers at each
> end, you probably don't want a site problem (e.g. fire or extended power
> outage) to take you off the Internet either.
>
> Lot's of possibilities, your choices are limited only by your budget.
> For example, you may want to extend your routing through your firewalls
> to your internal sites so an internal network problem does not isolate
> the survivors (yes, you can dynamically route through firewalls without
> sacrificing security. But just like it is easy to add redundancy that
> sacrifices, rather than improves, availability; it takes care and effort
> to route through firewalls without degrading your security). Bottom line
> is you can protect against everything except your ISP fat fingering
> their routing tables and going completely off the air.
>
> Good luck and have fun!
> --
> Vincent C. Jones
> Networking Unlimited, Inc.
> Phone: +1 201 568-7810
> V.Jones at NetworkingUnlimited.com
>
>

More information about the cisco-nsp mailing list