BGP Multipath Failover Design

Unanswered Question
Mar 23rd, 2010
User Badges:

In our proposed design, we will be hosting VM's at our DC, and using our Corp office as the redundant path.  We are peering to the same ISP and splitting the /24 into two /25's.  The two offices are connected via 100MB Metro Ethernet.  I am unsure of how to utilize that 100MB Metro link.  What is the best way to route traffic back and forth in case of a failure?  Attached is a rough design.


Thank you all in advance.DR.jpg

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Giuseppe Larosa Tue, 03/23/2010 - 13:02
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Jason,

I would suggest to go on on an existing thread rather then opening a new thread for each new question.


Said this, the use of the link is decided by the iBGP session and/ or the IGP protocol you are using.


To be noted one link may be not enough for all fault scenarios you would need a path from Corp to hosting also if the hosting router fails totally.


So I would add cross links for this.

But I see also there are ASA before the two campuses

you would need two ASA failover pairs one in Corp and one in hosting

the secondary ASA should have its outside interface cross connected to the other border router (Corp ASA standby to Hosting router, Hosting ASA standby to corp router)


Hope to help

Giuseppe

jgorman1977 Wed, 03/24/2010 - 12:27
User Badges:

Giuseppe,


Since we are using the ASA security contexts, I will most likely use 1 5540 at the DR and 1 5540 at the Corp.  I will not use the 5510 as we won't have enough security contexts.  The ASA configuration will have to mirror, correct?


Thanks,


Jason

Giuseppe Larosa Wed, 03/24/2010 - 12:52
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Jason,

in any case each ASA can have only one outside interface.


a failover pair needs a connection between the two ASA.


So you would need two links between the two campuses:

one for iBGP session between edge routers

one link for failover and stateful between ASA


Hope to help

Giuseppe

Actions

This Discussion