[c-nsp] BGP Failover Question
Gert Doering
gert at greenie.muc.de
Mon Feb 21 17:11:21 EST 2011
Hi,
On Mon, Feb 21, 2011 at 04:09:55PM -0500, Chris Wallace wrote:
> In order to fix the issue I had to manually shutdown the peer till
> Provider A confirmed the change they made had been reverted. This
> isn't the first time we have seen this issue with our various
> providers, how can I prevent issues like this from happening in
> the future?
Give your money to a provider that knows their trade.
Seriously: if they break their network in a way that BGP keeps working
but packets fall into a black hole, there is no 100% reliable way to
make your routers auto-failover to the other provider.
What you could try to do is: either run nagios (or your ping tool of
choice) to a number of selected targets that live behind provider A and
provider B, and manually shutdown either one if something breaks in
big ways, or try to couple "ip sla" + event manager in the cisco box
to do this in an automated way.
The problem with this approach: image you ping, say, "www.yahoo.com"
and one day yahoo says "we're sick of all these ping packets, we're
going to filter them!", all of a sudden, your routing falls over to
provider B because the ping probe says "yahoo is down, must bei
provider A failing again!" - so you need to ping a number of targets
and then decide whether "enough" are down... which has its own
pitfalls, in case provider A actually manages to only blackhole yahoo,
but neither google nor bing...
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 305 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20110221/9750cfb5/attachment.pgp>
More information about the cisco-nsp
mailing list