Emergency backup for a small net


We have a small ISP customer that wants to run a circuit to another local
ISP and the ISPs would use that pipe only in the case of primary link
failure. The two ISPs would split the cost, etc.

The obvious solution would be for both ISPs to set up BGP peering with
their upstreams and not announce anything in normal operation. The
upstreams would continue to statically route the smaller ISPs' blocks and
the smaller ISPs would default to their upstreams. The smaller ISPs would
also put in a default pointing at each other with a higher cost. Then in
the case of primary link failure the ISP who still has a path to the net
would begin announcing the other ISP's block(s) to their upstream. The
upstream would in turn see this as a valid announcement and propagate it
to the world. Therefore specificity should draw all the traffic to the
correct place.

The problem is both ISPs are small and have /24s from their providers. The
/24s would be filtered by many, leading to only partial connectivity in
the case of failure. (Partial connectivity is better than no connectivity,
I guess...)

Another possible solution I thought of is to use NAT. The small ISPs would
use RFC1918 internally and use a block from their provider to translate
into. When the primary link fails they switch over to using a block from
the other ISP's provider. They would also have to use very low TTLs for
their DNS zones and be prepared to switch the DNS zones to point to the
other block. Does the NIC consider this efficient utilization
to have a block lying around that only gets used when a link fails?

An important thing to remember here is that the backup link will not be
used in normal operation. This is not multihoming. They do not want load

I would be interested to hear others' thoughts on this. If you reply
privately I will summarize any interesting replies to the list.



You would probably run into some big problems with those /24
announcements if they were obtained from different upstream providers. If
they are CIDR, you are saved. [If they work now, they'll work then --

Just have both networks BGP announce both sets of routes, the "alternate"
in either case will have a longer AS path and therefore not be prefered
[you can prepend to insure this]. If they are not CIDR, you are faced
with making illegal announcements on someone else's backbone].

If they both use you as their upstream, you can solve the matter for them.

Wouldn't your method require manual intervention for the BGP session
to be turned up? If you are their upstream, wouldn't it just be simpler
for your NOC to handle the fallover?


Ok, here is a diagram (with apologies to those of you using broken
mailers that don't use a constant-width font):