Hi Folks,
I’m trying to achieve total redundancy on a multihomed environment:
ISP 1 <=> Router 1 <= X => Router 2 <=> ISP 2
Where X is my Network.
In the example below, he announces separate blocks to each ISP.
https://www.networkstraining.com/cisco-bgp-configuration-tutorial/
I would like to do a failover model, where if one ISP goes down the other would take over.
Please share your thoughts on this.
Best regards,
Sorry, this is not a general help list for basic networking skills. There are many options for appropriate training available, but this is not an appropriate channel for this query.
Tony,
"The NANOG Mailing List is a community-moderated forum, open to all. Established in 1994 to provide the open exchange of technical information, it provides the opportunity for lively discussions of specific implementation challenges that require cooperation among network service providers." - NANOG Usage Guidelines
I disagree with your remark that “this is not an appropriate channel for this query”. I would believe that Jean’s query falls under the “open exchange of technical information” category.
Regards,
Christopher Hawker
Hi Jean,
You can establish an iBGP session between the two routers that exchange either default & own routes, or they can send their own routes with fulls and use local pref to preference the directly-connected transit session before routes learnt from the iBGP session, depending on how you want engineer your traffic. If you are not receiving full tables and only getting a default from each transit provider you would need to weight the defaults so it uses the preferred default. If you’re planning to add (for example) peering or PNIs to either router in the future, you will want full tables for greater traffic control.
Regards,
Christopher Hawker
Agreed, especially since I have seen more than a few professional installations where they got it wrong.
Regards,
David Edelman
who is responsible for the concept of this message. Unfortunately, autocorrect is responsible for the content
Hi Chris,
Thank you for taking your time and point me in the right direction!
I’m getting full routes, so it should be easy for me to achieve your concept.
Best regards,
You can establish an iBGP session between the two routers that exchange
either default & own routes, or they can send their own routes with fulls and
use local pref to preference the directly-connected transit session before routes
learnt from the iBGP session, depending on how you want engineer your traffic.
That's the easy part. If you want the ISPs to be equal with the
shortest path getting the traffic then you're done. Congratulations.
I would like to do a failover model, where if one ISP goes down the other would take over.
If you want to weigh one ISP to be "primary" and the other to be
"backup," you've a long hard road ahead of you. Localprefs can make
you prefer one ISP over the other for _outbound_ traffic but the
levers for controlling _inbound_ traffic are more complicated.
You can get part of the way there by "prepending" your AS number
several times on the backup path. That makes the AS path longer from
the backup ISP which tends to cause BGP selection to pick the shorter
path via the primary ISP. That's basically BGP's default: shorter AS
path wins.
Except for all the jackals out there who use a local mechanism to pick
the best path without regard to the AS path length. For those, you'll
have to learn about "communities." Communities are basically tags: you
tag a route and if your ISP understands the tag it does something
different than normal with that route. Your ISPs publish a list of
communities they understand along with what they will do differently
if you tag a route with that community. Typically you'll want to find
the community that tells your ISP to set their own localpref
differently than the default. You may even need to find the
communities that tell your ISP's ISPs to set their localprefs
differently than their defaults. It gets complicated fast.
Regards,
Bill Herrin
Thanks Bill for the well explanation!
I’ll probably will have to go into the communities then, some of tests I’ve done got me nowhere!
I’m using VyOS (quagga) and prepending didn’t help.
Best regards,
Jean,
The internet is a network like any other (I’m lying, but fundamentally it is).
If you advertise your own subnet via two paths then the network can use those two paths to reach your subnet. In the internet that is not so usual as you’d need to pay to own that subnet and an AS.
Usually you’ll use a subnet from your ISP, and with one exit only, just use default routing (so you don’t need to learn 900k+ routes that all go via the same next hop).
With two ISPs, operating in failover, you can also use just the default from both. You will then use some policy to select which default to use. If you want to customize it (say YouTube goes out of ISP A, while the rest uses B), then you will need to learn more routes than the default.
Other than routing, you need to understand how those links will be used. Users browsing need to use addresses from the ISP so if they are egressing A, they need to be using A’s addresses. This is usually done with NAT and the device doing it has to be aware of the egress. Often, it’s the router itself doing NAT based on the exit interface. But there are multiple possibilities…
HTH,
/Pedro
How much capacity and how much network do you have between router 1 and router 2?
Are the routers between DFZ capable?
Do the links have the ability to carry the full load?
How many routers between router 1 and router 2?
Sorry, this is not a general help list for basic networking skills.
wow! that was helpful, polite, and considerate. good on ya
the list ihas been abput helping others, including the less senior, for
some decades. the nanog list has been the one of the most significant
public help to networkers since dirt was invented.
randy
The hardest part can be handling a failure of either of the routers and having X still be able to talk to the other in smaller networks. While VRRP, MC-LAG, and MPLS do exist, platform, vendor, and your requirements all make for a lot of fun. It’s easy to accidentally make routers do things the vendor hadn’t intended (What do you mean subscriber services aren’t designed to work with mc-ae? Is that why dhcp sync only works with vrrp and mpls and not mc-ae with unnumbered interfaces?) I’ll try not to cover what others have said, but there are a few things to consider on dealing with your ISPs. They may run RPF filtering, so even if you don’t want them to route traffic for a network to you, if you might send traffic from that network out, they’ll need a route, so always send the aggregates to everyone you send outbound traffic to. If you have trouble getting a network added to a peer, you may have to not send any outbound their way. Many ISPs run local prefs to prefer directly connected networks over more costly paths. This will override AS prepends. Some may let you change it with a community. Some will not. If you must force traffic, use a more specific route. Even if others filter it out, it should still get enough distance to force traffic the way you want. If your redundancy is slightly oversold and you need rough load balancing, more specific routes are the way to handle that, but try and minimize their use. We do have routing table bloat. Jack
If you want, post your IP block(s), ASN and your upstreams' ASNs, a number of
people will be able to see if you're prepending correctly. Also feel free to
contact your upstreams' BGP support, you're paying them, and they may explain
what they support too if it's not written down publicly.
IMHO, this is exactly the thing NANOG is here for, helping others run BGP.
If you want, post your IP block(s), ASN and your upstreams' ASNs, a number of
people will be able to see if you're prepending correctly. Also feel free to
contact your upstreams' BGP support, you're paying them, and they may explain
what they support too if it's not written down publicly.
IMHO, this is exactly the thing NANOG is here for, helping others run BGP.
Wholeheartedly agree — I would *much* rather someone send a message to NANOG asking for help, instead of haphazardly doing BGP to the detriment of their customers and the internet as a whole. Helping someone may be a small “inconvenience” but sure as hell beats another AS7007 incident.
IMHO, this is exactly the thing NANOG is here for, helping others run
BGP.
where does one go for is-is help? the mtu issie can be painful!!!
randy
I don’t think a mailing list would be of help… perhaps a local tavern instead!
IMHO, this is exactly the thing NANOG is here for, helping others run
BGP.
where does one go for is-is help? the mtu issie can be painful!!!
I don’t think a mailing list would be of help… perhaps a local tavern
instead!
actually, the mailing list, particularly saku among others if i remember
aright, helped a lot.
randy
I think here would be good too. I recently had to do this between a Cisco
3945e and a Juniper, and from my unrevised notes:
vlan {
unit 405 {
family iso {
# holy shit this is important. CISCO and Juniper will not talk unless the
MTU is set
mtu 1492;
}
}
}
Hi guys,
I’ve been on the list for as long as I cannot even remember.
So just you know, I’m not new at this.
This is no easy task, that’s why I came here looking for help.
I’m sorry if I brought anguish to the experts on the list!
I thought I could bring something that someone may have experienced before.
I haven’t solved this yet, but at least I’ve received some valuable suggestions and I Thank you!
About all the details of the connections, numbers of peerings, PNI’s and IXP’s I have left them out, since I figured this additional information could make things worse.
ISP 1 ====20KM========20KM==== ISP2
The ISP connections are all 10G.
I don’t believe these routers are DFZ capable.
All the routers are well capable and already receive the full routes.
The connections between these routers are 40G.
Best regards,