Single AS BGP into 2 different 6500s

Unanswered Question
Oct 2nd, 2007

I need to build out a network where I will have 2 different ISP using a single AS number for BGP. I will connect each ISP into its own 6500.

The 6500's will then be connected into the core of the network. What the best strategy for this?

I am looking for ideas for making sure my 6500s are well load balanced from the inside-out. Should I use GLBP, HSRp. Ospf for internal routing?

Any ideas or suggestions, please let em know.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mmandel Tue, 10/02/2007 - 14:37

You will need to configure external BGP with the MED (multi-exit-discriminator). Setup the same values for internal->external load-balancing.

I suggest OSPF for your interior routing.

merritt81 Tue, 10/02/2007 - 15:33

I would suggest using some IGP, EIGRP or OSPF, and inject default routes from both edge switches.

I would assume it is safe to say both switches will be connected into the core using the same media types. That being said, now there are two default routes with equal cost in your network. Your IGP should accept these routes as equal cost paths and enter both of them into your RIB's. Load balancing is now achieved out to the edge of your network.

To achieve load balancing for traffic entering the two ISP networks, configure eBGP between each ISP and iBGP between the two edge 6500's. While doing this ensure you apply appropriate filters so you do not make yourself a transit network.

Finally, to load balance outbound traffic across both ISP uplinks, configure maximums paths 2 under your BGP processes so that you can accept more than one BGP route in your route table. Depending on your ISP's you may need to apply more advanced BGP configuration to get both routes into your table. This also doubles the size of your table, so ensure you have the memory to do this.

Note that this does not achieve ingress load balancing from both ISP's although it should achieve ingress load balancing once the traffic reaches your edge 6500's.

cisconoobie Wed, 10/03/2007 - 12:51

Can I leave the 2 6500's as the core and have each ISP BGP connection come directly into each switch?

Something like the attached picture for cost savings.

Attachment: 
mmandel Wed, 10/03/2007 - 13:36

Well.. you're forgetting your edge routers, you should have a router connected to each of your ISP's. Also, what about a firewall?

Usually you have a DMZ VLAN setup, in that case you connect your two ISP edge routers to the DMZ VLAN, which can be on the 6500's.

cisconoobie Wed, 10/03/2007 - 13:52

I will have a fiber ethernet handoff from each "lit" ISP. I wanted to put each connection into its own 6500 and maintain redundancy.

Your saying create a dmz vlan on both 6500's where each connection will go into?

mmandel Wed, 10/03/2007 - 13:57

You got it. Create DMZ VLAN, and assign the ports coming from the ISP connections.

Just leave the VLAN with an un-assigned IP address. Also, you would want to put your Firewall's Outside Public connection into this VLAN.

btw, lol at the scribbles, you need to get visio for your diagrams.

cisconoobie Thu, 10/04/2007 - 10:10

I just want to make sure I totally understand what you mean. I'm used to having actual routers like 3800s receiving a single isp connection and then connecting them into an outside switch which then connects to the internal network.

But here instead of buying high end bgp capable routers and another outside switch, I want to connect these isp connections directlty into 6500s.

So for ex.

I will have a single connection from ISP1 to Switch A = 6506 on (DMZ VLAN 100)

Then another single connection from ISP2 to Switch B = 6506 on (DMZ Vlan 100)

Any special way these 6500s will be connected?

I wanted to also do NAT on these 6500 routers.

I connect the distribution layers via OSPF.

I dont mean to sound like a nooblet.

Actions

This Discussion