BGP Design question

Unanswered Question
Sep 22nd, 2009

Hello,

I have a question regarding BGP Design.

Here's my setup:

BGP Enabled MPLS WAN

Site A is my primary location with all my servers and whatnot and it has internet connection via ISP-A. Site A advertises a default route to all other locations via default-originate.

Site B is the secondary site, serves as DR location, and has internet connection via ISP-A as well, but from a different location.

Routing at Site A is static and done by a pair of 4507R. one of the 4507R is also the BGP speaker for Site A.

BGP Speaker at Site B is a 3750.

Remote branches (17 in all) all access internet via the primary location. The routers at each branch just use a default-route advertised by site-a for connectivity.

Internet connection is NOT part of the MPLS cloud, it is separate and all traffic needs to be funneled through Site A or Site B.

All of the above is adjustable if needed.

My ultimate goal is to find an easy way to re-route internet traffic from site A to site B in the even that ISP-A at site A is down. It has happened twice in the past few months where ISP-A is down at Site A, but MPLS network is still up and ISP-A is still up at site B.

I figure I could remove the default-originate from the 4507 at site-a and add default-originate into the BGP config at site-b, but is there any way to do this automatically?

Can I have Site A and Site B do default-originate and then adjust the metric for the default route from Site B?

I have read the link regarding conditional advertisment in BGP based on a prefix being in the routing table or NOT in the routing table, but with static routes being used, that doesn't really help me.

I've thought about using an IGP at Site A, but the thing is, Site A is our "datacenter" site, but all the Layer 3 is done on the pair of 4507R, there is maybe one other Layer 3 device, otherwise there are a few other bigger Layer 2 switches. Also, I only have one connection to the MPLS network at Site A, Everything has to go through one of the 4507s anyway.

If I dont use the default-originate option, and I just advertise network 0.0.0.0, would that accomplish the same thing? If I do it this way, can I adjust the metric such that Site A is more desirable than Site Bs 0.0.0.0 network? I imagine I would then be able to just remove the default-route from the 4507 at Site A, and allow the default from Site B to take over...But, on another thought, i would probably have to use an IGP like OSPF or EIGRP to communicate to the other 4507 that its default route has changed.

What if I use route-tracking on the 4507 connected to the MPLS... I could ping out to the internet somewhere, maybe our ISP next-hop, then if it fails x times, remove the default route and allow the default route from Site B to take over.

I apologize if my thoughts seem jumbled, its still early :P. I'm trying to think and type.

Thanks!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Giuseppe Larosa Tue, 09/22/2009 - 05:37

Hello Ryan,

with some cooperation with MPLS provider both Site A and Site B can advertise a default route on the MPLS L3 VPN with Sitea's route preferred.

That is MPLS provider can increase the local preference of default route received from siteA CE so that it is used by all other sites.

network 0.0.0.0 advertises a default route in BGP if a default route is present in the local node routing table.

So it is an improvement in comparison to neighbor default-originate that sends a default route regardless of the presence of net 0.0.0.0/0 in local node routing table.

So using network 0.0.0.0 + reliable static routing for the default static route should provide an automatic way to remove the primary default route from BGP.

Tests should be done to verify the correct behaviour at fault and at restore of default static route on siteA device.

About the second C4507 at SiteA if it hasn't any external connection it should be fine just pointing to the other C4507.

What to do depends on who is connected to :

internet link C4507_1

MPLS link: again C4507_1 or C4507_2

if C4507_2 connects to MPLS link it needs to be able to accept default route from MPLS provider when primary internet connection at C4507_1 fails.

At the same time if the primary route comes back the device has to be able to restore the previuos default route via C4507_1.

I would think of using an iBGP session between C4507_1 and C4507_2 with C4507_2 that prefers with a local preference settings or weight the default route coming from C4507_1 when present.

This should be an improvement to current scenario that doesn't provide automatic recovery for primary internet session failure.

Hope to help

Giuseppe

rtjensen4 Tue, 09/22/2009 - 06:04

Hi Giuseppe,

Thanks for the feedback. The internet is actually not connected to either C4507_1 OR C4507_2. The 4507s connect to the firewalls which connect to another switch then the internet router. There's no direct communication between the internet and the 4507s. I'd like to avoid running iBGP between C4507_1 and C4507_2 if I can avoid it in this situation.

Giuseppe Larosa Tue, 09/22/2009 - 08:22

Hello Ryan,

in this case each C4507 can have a default static route using object tracking for the primary internet connection.

However, an iBGP session is low cost because one device is already running BGP and I would prefer it to adding another routing protocol to the scenario.

Another note:

if you are using an MPLS L3 VPN service you cannot see two default routes at remote sites but just one.

However, PE nodes can see both default routes and if PE of siteA has increased the local preference is preferred by all sites facing PE nodes.

This requires cooperation with MPLS SP.

if the MPLS service is not a L3 VPN but a L2 VPN or a collection of links you can see both default routes in your remote site routers

In this second case routing is performed by you without MPLS SP taking part in it.

Hope to help

Giuseppe

Laurent Aubert Tue, 09/22/2009 - 06:05

Hi,

You could redistribute your default route instead of using the default-originate command. You can attach a route-map which set a different local-pref on site a an b (higher LP is preferred)

Now to detect your link to ISP-A is down, adding an object tracking to your default route is a good solution.

There are several variation of this solution but the goal stays the same:

1- Both sites must announce a default-route with a different LP so remote sites can prefer site a over site b

2- Site a must have a way to withdraw their default route if there is no connectivity anymore with ISP A.

HTH

Laurent.

Actions

This Discussion