cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
387
Views
0
Helpful
3
Replies

BGP Multi-homing in two geographic locations with multiple ISPs

Iain
Level 4
Level 4

Hello,

I have a question for which I have not yet been able to get a satisfactory answer. Thus far I haven't been able to talk to anyone who has experience with multi homing BGP in separate geographic locations with separate ISPs. Any assistance you might be able to offer would be greatly appreciated!

What we have (current config):

We are a University with two locations (main campus in the state of Missouri and sister campus in the state of Arizona).

Both sites have their own ISP (through dissimilar providers)

The sites are connected by an internal WAN link (long haul circuit)

The private network of the Missouri campus can be summarized as 10.1.0.0 /16

The private network of the Arizona campus can be summarized as 10.2.0.0 /16

We are running NAT with PIX 515e firewalls

The networks are setup with a hub and spoke design (single Cat6509s at each hub)

Public IP Addressing

Missouri campus has /26

Arizona campus has /24

What we want to do in the near future:

Our University is predicting significant growth in the area of online education. Therefore the reachability of our online resources (mostly web content) will be much more critical. To address these needs, we plan to mirror web content between both sites. The goal is to be able to sustain a complete ISP failure at either campus location. It seems we will need to get a new addressing space, an AS, and start running BGP.

However, there are several pressing design-related questions which I have not been able to deal with.

1.) If my web servers are behind a firewall / NAT, how will the BGP edge router be aware of changes in reachability of these NATed addresses? For example: In the event of a firewall failure the entire server subnet would become unreachable. I want to be able to ensure that there is enough sensitivity built-in to the routing design that if the server subnet (behind the firewall) becomes unreachable it will trigger a change in the routing table.

2.) This is a more basic, but where do I start when looking for a new address space? Do I go directly to ARIN? Again, any practical advice in this area would be extremely helpful.

3.) What makes the most sense as far as traffic flow? Is load balancing feasable in such a senario?

Thanks, Iain

PS See attached network diagram

3 Replies 3

mounir.mohamed
Level 7
Level 7

Dear lain,

Regarding point (1)

The solution will be so easy if the BGP router connected to the PIX directly because in this time all you need to add static route for the servers subnet pointing on the PIX interface then used network command under the BGP process so if there is failure between the router and PIX the Giga or Fast Ethernet interface status will be changes to up-down so the route will be removed from the routing table and become unreachable from the BGP point of view so the BGP will stop advertising this network BUT all the above will be not useful if there are switch between the PIX and the BGP-RR if NOT so go on

Regarding Point (2)

Please follow the below URLs to start your relation with ARIN all you need to create NIC-Hndl which include you e-mail and name and address then complete the IPV4 or IPV6 tempelete AS (PI) provider requester requester and send it to ARIN via FAX or E-mail, also the same steps shall be used for AS request

http://www.arin.net/registration/guidelines/ipv4_assignment.html

http://www.arin.net/registration/guidelines/asn.html

Regarding Point (3)

Load balancing mainly will be done through application layer for example about web servers the DNS could be used to add 2 A records for www.123.edu one pointing to one of the servers in ISP-A and another A record pointing to one IP from ISP-B also this can be done after changing your address space and so one

Please rate helpful posts.

Best Regards,

Mounir Mohamed

Dear Mounir,

Regarding your answer for point (1)

This isn't a viable solution as the edge router connects to a switch which has a connection to the outside interface on the PIX. It isn't possible to bypass this switch as it is providing connections for video conferencing equipement, etc.

Regarding your answer for point (2)

I called the ARIN "help desk" and they are telling me that the smallest IP block they assign is a /22. And in order to be eligible for this I have to prove that we are utilizing an entire /23 of public addresses! Is this some kind of twisted scare tactic?

Regarding your answer for point (3)

This is definitely something I would be interested in. Is there a name for this type of configuration? Do you have any recommended resources for learning about such DNS configurations?

Thanks so much for your time!

- Iain

Dear,

Do not be worry from ARIN request they only make sure that you will utilize most if the assigned address you request just provide them with your address scheme.

The DNS configurations is so easy and there is a lot os resources on the internet for both Unix and Microsoft OS just go one and search on google.

Please rate helpful posts.

Best Regards,

Mounir Mohamed

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: