Could someone please explain the differences between accepting full routes, accepting default only, or partial routes plus default as an enterprise running BGP? I've heard these options thrown around but I'd like to have it explained in plain language what these options can/should do over either of the others.
If you run BGP with an ISP (or with multiple ISPs) it is clear that you should advertise your address space to them. It it a decision that you will need to make what (or how much) they should advertise to you. The options are generally considered, as you correctly note, full routes, partial routes plus default route, and default route only. The big difference is in the amount of detail that you will have available as you make a routing decision (and therefore the chances that you will make the "optimum" routing decision).
If your BGP neighbor (ISP) advertises full routes you will have the maximum amount of detail available as you make a routing decision (and theoretically the most accurate "optimum" routing decision) because they are advertising to you every entry in the Internet routing table. And this will requite a large amount of memory in your router to contain the complete Internet routing table.
If you want to reduce the amount of memory required (and also reduce the amount of CPU required to process routing updates) you might opt to have the ISP advertise to you partial routes (this is usually the routes originated from that ISP and routes originated from customers of that ISP) and a default route. This is beneficial since it allows you to route over the most efficient path for destaintions within a couple of AS hops of you and to use the default route for other destinations. It reduces the amount of memory required and the amount of CPU and still lets you optimize some of your routing decisions.
And the most simple thing for your router is for the ISP to advertise to you only a default route. In this situation you know whether the ISP is available to forward traffic (if you are receiving a default route from them) or is not available. It reduces to the minimum the requirement for memory and CPU but does reduce the chances that you will make the optimum routing decision.
If you are running BGP with a single provider then there is not much reason to have them advertise more than a default route, since you only have a single option of where to route outgoing traffic. But when you run BGP with 2 or more ISPs then this decision becomes more important.
Rick, thank you for the thorough explanation regarding the differences between route announcements...
Another question I have pertains to running ibgp. We are in the process of obtaining our AS number and an additional ISP circuit in order to multihome. That being said, I need a better understanding of what running ibgp between the two internet routers connecting us to our ISPs buys us. What are we losing by not running it? What are the benefits of running it?
First I need a bit of clarification. You say that you are obtaining your own AS number and an additional ISP circuit. Is the additional ISP circuit from a different ISP (not just a second circuit from the same ISP)? And also will the second circuit terminate on the same router or on a different router?
I would suggest that it is more simple and easy if both circuits terminate on the same router (no requirement for IBGP). This means that you need to run BGP only on one router. But some people would argue that you do not have as good redundancy if both ISP circuits are on the same router.
The question about IBGP suggests that you will have 2 routers running BGP to your providers and I will answer it in that context. In this case your routers running BGP will need to have a BGP session to the external BGP peer (EBGP) and will also need to have a BGP session with your other (internal) BGP router (IBGP). The explanations of IBGP can get complicated but I wil give you a fairly simple explanation of why you need to do this.
For my explanation lets assume that your ISPs are ISP1 and ISP2 and that your routers connecting to them are R1 and R2. And lets assume that both providers are advertising some network to you (perhaps it is 18.104.22.168/24). R1 has learned this prefix and needs to inform R2 that it has learned it. Perhaps R2 has also learned a route for that network from ISP2. So R2 needs to inform R1 that it has learned it. Then your BGP will decide whether it prefers to go through ISP1 or ISP2 to get to that network (lets assume that it prefers ISP1). Then ISP1 loses its route to that network and advertises to R1 withdrawing the route. So R1 needs to inform R2 that it can no longer get to 22.214.171.124 and that now they need to use the path through R2. You must have a BGP session between R1 and R2 (IBGP) so that this routing information can be shared. You can not send the information that BGP on R2 will need by sending it through some Interior protocol like OSPF or EIGRP. There must be a BGP session between R1 and R2 for the appropriate information to be shared.
Your assumption is correct. The second circuit will terminate on a different router from another provider. Once again, great explanation! Thank you.
To explore further, I'd like to pick your brain by asking if you've worked with organizations that have multiple firewalls at the edge that do the nat'ing for the organization, as well as a caching device such as BlueCoat that also does nat'ing. We currently use route maps to direct traffic to each of the exit points(Checkpoint firewalls) out to our dmz/internet network. From there, our internet router currently has a static that points to our provider.
Part of my questions begin with asking you for an example of some high level designs you've seen with this type of setup. My intentions are to load-share with both of the links, but this setup is getting more and more complicated the more I think of it. We have support from both our sales engineer, as well as someone from the firewall side, but I'd like other points of view to be able to share.
Hopefully my intentions and explanations are clear. If not, please let me know so that I can restate.
One issue I've seen with firewalls and/or proxies, trying to effective use multiple outbound paths if there are multiple routers seen as gateway routers. (There's also the slightly different issue of effectively using multiple inbound paths.)
If the outbound firewall or proxy just points to one virtual gateway, even GLBP will see the firewall/proxy as one host and direct all the traffic from it to one gateway. If the firewall or proxy can route to multiple virtual gateways (and load balance its traffic), fine and good. Otherwise, you might need an outbound load balancer or another router between the firewall/proxy and your Internet routers.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...