[j-nsp] Layer 2 ethernet redundancy?

Tony Frank tfrank at optushome.com.au
Thu Jan 22 03:20:58 EST 2004


Hi,

On Wed, Jan 21, 2004 at 11:27:08PM -0500, Jeff Wheeler wrote:
> Perhaps you can explain more comprehensively how your BGP sessions are
> setup from your m20 to your routers. I don't understand your problem as
> well as I'd like, but I'm willing to bet that layer 2 redundancy on your
> m20 is not what you actually need.
> 
> Seems to me like your "routers" 1 - 4 should be speaking BGP to your
> m20s on loopback addresses which participate in your IGP, for example
> OSPF / ISIS / RIP2. In this instance, it doesn't matter if one of your
> FE interfaces fails, because you'll have two or more layer 3 subnets on
> different physical interfaces participating in your IGP, and any of
> those can and will carry the route to your loopback address.
> 
> This is what your IGP is for. Do you have one now? If not, get one. Pick
> OSPF because it works with a lot of devices, unless you are already more
> familar with another IGP that you prefer over OSPF. No holy war, please.
> 
> When you follow-up, include example AS numbers for "routers" 1 - 4. If
> you are using a route-reflector or confederation, send details on that
> as well. You will probably be asking more specific questions that will
> be best answered if the list readership understands your topology.

Ok.
No IGP in use as all the routers are on the same ethernet vlan.
Each "customer router" has only single interface, so if it fails router
is off air anyhow - no loopbacks used as such.
To provide redundancy we have two routers per "customer", one on each l2 switch.

If a router fails (except for m20) then there's a second l3 path available.
If a switch fails, there's a second l2 path available.
On m20, if a single PIC or FPC fails, we have a second PIC/FPC
If entire m20 dies there's a duplicated setup in another physical location with
WAN linking sites (that bit seems to be fine)

Possibly OSPF would be a better choice instead of BGP - something to try..
The routers are all under the same administrative domain in that same people
that configure the m20 will configure the other routers.
Our concern with OSPF was in relation to route leaks although I'm not sure
if that is still an issue.

Maybe a sample config will help explain the m20 side..

On the m20:

interfaces {
	fe-0/3/1 {
		unit 0 {
			family inet address 192.168.0.6/24;
		}
	}
	fe-1/3/1 {
		unit 0 {
			family inet address 192.168.0.7/24;
		}
	}
}

(in a vrf (type vrf), but I dont think it matters)
routing-options {
	aggregate {
		route 176.16.0.0/16;
	}
	autonomous-system 65502;
}
protocols {
	bgp {
		export export_pol;
		group custa_routers {
			type external;
			peer-as 65501;
			local-as 65502;
			neighbour 192.168.0.2 {
				description "cust a r1";
				local-address 192.168.0.6;
			}
			neighbour 192.168.0.3 {
				description "cust a r2";
				local-address 192.168.0.7;
			}
		}
	}
}

I think better approach is probably to use a loopback on the m20 to
terminate all BGP sessions.
The problem then is having the loopback routed properly in failure 
scenario (which is where IGP such as OSPF comes in)
If we were to put in OSPF I think that would alleviate the need for BGP.

May be the way to go.

thanks,

Tony


More information about the juniper-nsp mailing list