Solved: Summarization at the ISP

tbthurman · ‎09-30-2014

Our main DC site has a /25 public IP range (starting with 207.x.x.x), and our DR site has a /26 public IP range (starting with 209.x.x.x). Both are assigned from the same ISP, and are advertised back out with BGP. There is a distance of about 50 miles between the two locations. We also have a PTP circuit between the two sites.

I noticed on the ASA that some static NAT rules at the DR site use the DC public IP range. The edge routers at both locations are advertising both public IP ranges, but prepend the AS path of the opposing public IPs. I'm assuming this was done for a DR scenario and that the line of thinking is that the DR site would assume the DC public IPs through BGP advertisement.

Would this even work? I was under the impression that even though we are advertising the assigned IPs back to the provider, that the IP ranges are somewhat locally assigned. I realize this would work if we actually "owned" our IP ranges, but this is not the case.

Richard Burts · ‎09-30-2014

There are probably aspects of your situation that I do not yet understand. But it seems to me that what you describe would work ok. You have two sites advertising two prefixes and prepending the prefix associated with the other site. You are advertising prefixes assigned to you back to the ISP who assigned them.

So in normal operation the ISP will receive two advertisements for each prefix with one advertisement having a longer AS path than the other. The ISP will choose the shorter AS path, and traffic will flow to the site with which the prefix is associated. But if one site goes down then the ISP receives two advertisements, one with a longer AS path, and will forward both prefixes to the site that is still up.

Why would this not work?

HTH

Rick

HTH

Rick

View solution in original post

Richard Burts · ‎09-30-2014

There are probably aspects of your situation that I do not yet understand. But it seems to me that what you describe would work ok. You have two sites advertising two prefixes and prepending the prefix associated with the other site. You are advertising prefixes assigned to you back to the ISP who assigned them.

So in normal operation the ISP will receive two advertisements for each prefix with one advertisement having a longer AS path than the other. The ISP will choose the shorter AS path, and traffic will flow to the site with which the prefix is associated. But if one site goes down then the ISP receives two advertisements, one with a longer AS path, and will forward both prefixes to the site that is still up.

Why would this not work?

HTH

Rick

HTH

Rick

tbthurman · ‎10-01-2014

You described out situation accurately.

I agree that it would work in theory, but I figured the advertisements might be affected by the summarization of the routes at the ISP level. If our ISP advertises the 209 prefix for a particular geographic location and the 207 prefix at another geographic location, wouldn't that cause an issue if we tried to advertise an IP that is associated with the other location, due to route summarization?

I have also read that most ISPs tend to filter advertised routes that are smaller than a /22. Even if our ISP advertised our /25 routes, other ISPs would filter them out.

All that being said, I really don't know that it wouldn't work until we test it.

Richard Burts · ‎10-01-2014

Summarization at the ISP level is a good thing (and is what will allow your routes to work since a /25 and a /26 are too small to advertise into the Internet). But you advertise your prefixes to the ISP, the ISP summarizes and advertises the summaries to its upstream. And now the whole Internet knows how to get to 207.x.x.x

I do not understand your comment about advertising into geographic locations. How does it cause an issue if you advertise an IP that is associated with the other location? If the locations were completely separate it would be a problem to advertise the IP associated with the other location. But your description says that there is a PTP link between the locations. So if the ISP did forward a packet with destination address 207.x.x.x to your DR site, your PTP link would allow you to forward it to the correct place would it not?

HTH

Rick

HTH

Rick

James Lasky · ‎10-02-2014

As far as I understand 207 and 209 nets are owned by your ISP (not by you, I mean that from IANA point of view are PA nets) ) and this ISP is the only one announcing towards the internet, hence I do not see any problem (also because nets smaller than /24 on internet are not announced).

Internally your ISP will know /27 and /29 hence it will route in the right location.

On internet all the world will now these nets as /22 (or whatelse) and will route always towards your ISP partner.

Which is the problem ?

HTH

tbthurman · ‎10-03-2014

Thanks for the explanation. I guess it was my misunderstanding of BGP. I thought that if other ISPs would filter out our routes, then no traffic could get back. I now see that they would send the traffic to the AS assigned to my ISP, and my ISP would know how to route the traffic to us.

Appreciate the help.

BGP - Can you advertise the same public IP range from two different locations? (not at the same time)