cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
601
Views
0
Helpful
3
Replies

Edge network design

Jeremy Gibbs
Level 1
Level 1

I have two cisco ASR 1002 routers.  I also have 2 ISPs.  I do not want to load balance between both ISPs, but I want to fail over to one if the primary ISP suffers a failure.  One thing I don't want to have happen is, if our primary router fails we would then have to fall back to our secondary ISP.  I would prefer to keep using ISP 1 on the secondary router.

The proposed diagram I have is atached.  I am using a L2 connection to reach each ISP on both routers.

3 Replies 3

shillings
Level 4
Level 4

Personally, I wouldn't want to use the switches inside your firewalls to link your outside ASRs to each ISP.

I know the ASRs are under your control and you want to provide as much resiliency as possible, but there will be several more single points of failure along each circuit before traffic reaches any redundant infrastructure within each ISP network.

An alternative approach is ask your primary ISP if they can provide a redundant service. You'd need a third ASR though, and perhaps a pair of layer-3 switches as well, depending upon the design constraints.

Currently we don't have the budget for another ASR and Level3 cannot provide that link without another substantial cost.  We could look into BGP fast fail over (I forget what it's called) with our ISPs.  That way we could fail back to our primary without incurring another long outage.

IP SLA echo works well for outbound traffic to the Internet. Your primary ASR could Ping various routers within your primary ISP cloud and, if all echo requests fail for a pre-set period, then route all your outbound traffic via the secondary circuit.

Once connectivity is restored, you can also configure a delay period before traffic is restored to the primary link, and that way help mitigate against a flapping link.

IP SLA echo should be quicker than BGP and is also able to look further into the ISPs cloud. For example, if they lose their core or all transit and peering links, but their edge router connected to your network stays up, then the default route being advertised to your ASR might not be withdrawn, and your outbound traffic would be blackholed. However, if you're running an intemittent ping to their core routers, plus a couple of specific websites, then you can detect these outages. I can't imagine Level3 getting into such difficulty, but you never know. I've known at least one nationwide carrier suffer a major outage like this, several years ago.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: