I am on a fact finding mission in regards to becomming dual homed to the internet. I currently have a registered ASN associated with my own Class C address space with my primary provider located at my corporate office. I have a secondary provider at a remote location that we have been using simply for VPN type access but want to expand this to be a redundant link in the event our primary link goes down. The ASN & address space at the remote location is provided by the secondary provider.
The questions I have are regarding two different fronts. The first being what I need to do on the internet side and the second being changes within the core so that traffic can be routed properly when the primary link is down.
In regards to the Internet front, would the best practice be to split my class C and request a second ASN and use that with my registered address space at the secondary location? Do I simply proceed using both my registered ASN / Address and the provider ASN / Address? I posted a note to ARIN inquiring about best practice but they were semi-helpful on that front. I am also thinking that these will basically become load balanced for inbound traffic when I start adding the secondary space into DNS? Is there a way I can load entries so that the secondary paths have a higher cost? My concern here is over subscribing the secondary link as it is smaller than the primary. These are just a few that have come to mind. I am sure there will be more as I work through the design.
In regards to the core, how do I get network status information from my internet router, through my pix and to the core? I use BGP with my ISPs and BGP on my MPLS cloud and EIGRP in the cores of the remote locations for redistribution of my VLANS into the MPLS cloud. I figure can add another EIGRP or RIP to get network status of the internet not sure how to handle the handoff through the pix. Is it simply a pass through or is there more to it? I am thinking that I also need to remove the network 0.0.0.0 that I am injecting into BGP between the MPLS network and the core but at the same time I want to keep all internet traffic going out through corporate unless that path drops and then use the secondary. Once again thinking of some type of high cost mechanism compared to manual changes to handle the internet bound traffic.
I will put together a diagram and attach to hopefully make things clearer. basically I have Internet router connected to pix connected to core 4506. Off the core 4506 are two(2) routers with unique paths to the MPLS cloud. On the remote I have router off the MPLS cloud connected to a 4506. From that 4506 to a pix to the router supporting my secondary internet.
>>No, you don't need a second public ASN it is good that you have already one even if you are not multihomed.
I thought that all ASNs needed to be unique unless at the same physical location. Would I not need this so that say www.myweb.com would be able to resolve to either the primary location or secondary location? That is why I was thinking of splitting the Class C and have part at primary with 18.104.22.168 pointing to www.myweb.com and 22.214.171.124 at secondary pointing to www.myweb.com as well.
I have been looking at the actual configs and working on a diagrahm. I just noticed that I already have the same ASN number at both the corporate location and the remote location. but I do not appear to be doing a prepend and I gather that is because I am using different IP address space for the two?
It looks like I just need to figure out the prepend stuff and work with my secondary provider to make sure that traffic can be routed over them using my registered address space.
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...