Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Edge network design

Unanswered Question
Sep 2nd, 2013
User Badges:

I have two cisco ASR 1002 routers.  I also have 2 ISPs.  I do not want to load balance between both ISPs, but I want to fail over to one if the primary ISP suffers a failure.  One thing I don't want to have happen is, if our primary router fails we would then have to fall back to our secondary ISP.  I would prefer to keep using ISP 1 on the secondary router.

The proposed diagram I have is atached.  I am using a L2 connection to reach each ISP on both routers.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
shillings Mon, 09/02/2013 - 14:13
User Badges:
  • Silver, 250 points or more

Personally, I wouldn't want to use the switches inside your firewalls to link your outside ASRs to each ISP.

I know the ASRs are under your control and you want to provide as much resiliency as possible, but there will be several more single points of failure along each circuit before traffic reaches any redundant infrastructure within each ISP network.

An alternative approach is ask your primary ISP if they can provide a redundant service. You'd need a third ASR though, and perhaps a pair of layer-3 switches as well, depending upon the design constraints.

Jeremy Gibbs Tue, 09/03/2013 - 08:36
User Badges:

Currently we don't have the budget for another ASR and Level3 cannot provide that link without another substantial cost.  We could look into BGP fast fail over (I forget what it's called) with our ISPs.  That way we could fail back to our primary without incurring another long outage.

shillings Tue, 09/03/2013 - 09:34
User Badges:
  • Silver, 250 points or more

IP SLA echo works well for outbound traffic to the Internet. Your primary ASR could Ping various routers within your primary ISP cloud and, if all echo requests fail for a pre-set period, then route all your outbound traffic via the secondary circuit.

Once connectivity is restored, you can also configure a delay period before traffic is restored to the primary link, and that way help mitigate against a flapping link.

IP SLA echo should be quicker than BGP and is also able to look further into the ISPs cloud. For example, if they lose their core or all transit and peering links, but their edge router connected to your network stays up, then the default route being advertised to your ASR might not be withdrawn, and your outbound traffic would be blackholed. However, if you're running an intemittent ping to their core routers, plus a couple of specific websites, then you can detect these outages. I can't imagine Level3 getting into such difficulty, but you never know. I've known at least one nationwide carrier suffer a major outage like this, several years ago.


This Discussion

Related Content