[c-nsp] BGP Failover Question

Gert Doering gert at greenie.muc.de
Mon Feb 21 17:11:21 EST 2011


Hi,

On Mon, Feb 21, 2011 at 04:09:55PM -0500, Chris Wallace wrote:
> In order to fix the issue I had to manually shutdown the peer till
> Provider A confirmed the change they made had been reverted.  This
> isn't the first time we have seen this issue with our various
> providers, how can I prevent issues like this from happening in
> the future?

Give your money to a provider that knows their trade.

Seriously: if they break their network in a way that BGP keeps working
but packets fall into a black hole, there is no 100% reliable way to 
make your routers auto-failover to the other provider.

What you could try to do is: either run nagios (or your ping tool of
choice) to a number of selected targets that live behind provider A and
provider B, and manually shutdown either one if something breaks in 
big ways, or try to couple "ip sla" + event manager in the cisco box
to do this in an automated way.

The problem with this approach: image you ping, say, "www.yahoo.com"
and one day yahoo says "we're sick of all these ping packets, we're
going to filter them!", all of a sudden, your routing falls over to
provider B because the ping probe says "yahoo is down, must bei 
provider A failing again!" - so you need to ping a number of targets
and then decide whether "enough" are down...  which has its own
pitfalls, in case provider A actually manages to only blackhole yahoo,
but neither google nor bing...

gert

-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             gert at greenie.muc.de
fax: +49-89-35655025                        gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 305 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20110221/9750cfb5/attachment.pgp>


More information about the cisco-nsp mailing list