I am coming to you cap in hand to ask for some advice. My knowledge of BGP is rather limited and I am a bit stuck with a design that the customer is asking for. So I wondered if I could ask for some advice here? You may see this post on other forums too, I'm just trying to spread the net a bit further.
Anyway, here goes....
We have a large site that is very critical to our customer. The building is made up of two, well technically three parts: building A, building B and a link block connecting them. However, for the purposes of this design we are only looking at it as two buildings. The customer has asked: "Can we treat them as two separate buildings from a networking/LAN/WAN point-of-view, and in the (unlikely) event we have a total WAN failure in either building, the other can act as a backup"? OK, we said, and so begins the effort.
A bit of background: We currently run our own MPLS core network. All sites connect to the MPLS core via a WAN service provided by a large UK based ISP. All sites connect into the core using eBGP, a pretty standard method I'm sure you'll agree. At all other sites what we do is run OSPF between the CE routers and redistribute eBGP into OSPF. In normal conditions the CEs install the eBGP routes into the routing table. If/when we lose a WAN link, the CE then installs the OSPF routes via it's adjacent neighbour into their routing tables, thus we have resiliency.
With this design we'll have the following:
- Each building to have 2 x 6509 aggregate switches
- All 4 x 6509's physically connected in a full mesh
- The 6509's in each building running OSPF, with eBGP redistributed into it. Now, do we want a complete full mesh of OSPF, i.e. all 4 x 6509's as OSPF neighbours?
- Each building to have 2 x CE routers, peering via eBGP to the core
- Each site it's own BGP AS (private AS). So from the point-of-view of the core there are two separate sites.
My knowledge of all the BGP attributes and all the wonderful things you can do with them is quite limited. So my questions really to you guys are:
1. If the sites are two separate AS's and therefore two separate buildings, they would ordinarily reach each other via the core. In this scenario I guess they would need to peer directly via the LAN right? So be eBGP neighbours to each other?
2. In normal conditions, we would want the building A's CE's to only advertise building A's network and building B's CE's to only advertise its network to the core. But in the event we lose the complete WAN in building A, how would we then enable building B to advertise building A's network and vice versa, thus each building backs up the other?
I'll leave the questions there. I'm sure I haven't been quite as clear about my intentions as I could have been, excuse me. I've attached a topology diagram to show the design.
Thank you Jeff. Yes, OSPF between the buildings was my instinct but was just unsure of the BGP workings. However, a reply on another forum has put me on the (hopefully) right path which I will pursue next week.
but here is a best practice way you can use it if you like to !
first of all your 6509 are doing OSPF full mesh peering which is ok and fine however if you aggregate each site 6509 to a VSS pair then you will have simpler routed network and less ospf neighboring + redundant one virtual switch
for the BGP and OSPF what you need to do is that you advertise both LANs of Site A and site B from both Sites CEs
however you need to use some BGP attributes to make Site A CE only prefered for LAN A and Site B CE only preferred for LAN B network you can use BGP AS prepending
and in the case of one site is down the other will be used because will be the only path
Well actually the advice from the other forum was the same - to advertise both networks from both pairs of CE's and then use the BGP AS-Path prepend tool to control how the core routes to the prefixes.
marwanshawi - thank you for your advice. VSS would be nice and this was suggested but the customer refused.
Tomorrow I shall have a go and let you all know the outcome.
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.