Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Internet redundancy, but can't obtain a /24 and ASN for BGP

We are looking to obtain Internet redundancy from two or three sepearte carriers (2 fiber, and a 4g lte).

My research indicates we would need to apply to ARIN for our own /24 block of IP addresses and then pay for an AS Number.  All ISP's were in talks with support this and BGP.  This way if a fiber gets cut or a pole gets hit and both fibers go down LTE can fail over and our busness can still function. 

It's important to note here that we host services (web site, mobile web site, e-mail, lync, third party vpn's, etc...)  Hence the want for BGP so people can still "find us" if a link goes down.  I think redundant outbound internet is simple, it's just allowing the rest of the world to "come in" which adds complexity.

So after reading articles on ARIN, it sounds like the request for a /24 (which is required for ASN and BGP) are pretty strict.  They want 50% usage in a year.  We don't have that many IP's.  Sure I could stretch it and say some are for research or make many multiple external IP's or do 1:1 or 2:1 external IP to internal IP mapping, etc... but I need a simple, workable solution to this problem.

I'm posting here because were using all Cisco stuff.  ASA firewall pair, 2800 series routers, 3750x core switching running ip routing, etc...

Any ideas are appreciated for Internal / External redundancy if we cannot get a /24 out of ARIN?

Hosted solutions maybe, where each last mile ISP connection is on it's own Cisco router VPN'd to a 3rd party, and that 3rd party handles it all?

10 REPLIES

Internet redundancy, but can't obtain a /24 and ASN for BGP

You could use an external service to provide global load balancing down both of your internet links, like Akamai. These services run checks to your servers and will forward to either/both public IP addresses of your externally facing resources.

Internet redundancy, but can't obtain a /24 and ASN for BGP

Hello.

I guess you could try some sort of external DoS protection service.

They announce the addresses themselves and builds GRE to your equipment.

If you buy prefix from the service provider and build 3 tunnels (over primary ISP, over secondary and LTE), I guess you could solve your problem.

New Member

Re: Internet redundancy, but can't obtain a /24 and ASN for BGP

Yeah our main ISP who we have today and who we have a few scattered /29's with, said we could bring in other providers and VPN to their data center and they could handle the failover.  Here's my concerns:

1.  Were still tied to that ISP.  Yes we are in a contract, but I just wish we could own our own /24 so we could be free if a single ISP's shackles when that contract expires.

2.  For LTE failover, how much monthly bandwidth will it take to maintain that VPN connection?  LTE is pay as you go and you have to buy in data buckets.  The overage charges are pretty big.  I guess we need to know how many GB/s per month it takes to maintain a VPN connection.

Hall of Fame Super Silver

Internet redundancy, but can't obtain a /24 and ASN for BGP

Keeping the VPN up should not take much bandwidth. To determine how much you would start by determining what will be the lifetime of the Security Association (assuming that it is IPSec). Then in the interval of the lifetime you need 1 packet (perhaps a 100 byte ping) of "interesting" traffic and the number of packets to do the crypto negotiation. That would be a quite small amount of traffic. I would be much more concerned about trying to estimate how often you would need to use this backup and the amount of traffic going over it during that time. This would be the significant part of the expense.

HTH

Rick

Re: Internet redundancy, but can't obtain a /24 and ASN for BGP

Why not just look at a dns load balancer?

Sent from Cisco Technical Support iPad App

Internet redundancy, but can't obtain a /24 and ASN for BGP

you can find resellers who will sell you  /24 net and AS

New Member

Re: Internet redundancy, but can't obtain a /24 and ASN for BGP

What if we apply two or three IP addresses for each name?

Like if you do an nslookup on google.com, you get 5 different IPv4 addresses back.  So say hypothetically we have two providers, one gives us 1.1.1.1 and another gives us 2.2.2.2.

Say today with Provider A, we have a webserver sitting at 1.1.1.1 and DNS lookup reflects that.

What if we put another DNS record and patch provider 2's supplied IP address 2.2.2.2 to that same webserver internally through our ASA 5500 series (I guess that could do it, or a router in front of it)....

Now if you resolve webserver.domain.com it returns 1.1.1.1 and 2.2.2.2.  How would the client looking for "webserver.domain.com" connect in?  Would it use 1.1.1.1 or 2.2.2.2?  What if the physical connection for 1.1.1.1 was down... would the client know to try 2.2.2.2?  Or based on it's ISP would it just connect to the IP that has the shortest path (most efficient) route?

How about other VPN's, like we have some provider issued Cisco 2800 series VPN's in our rack to 3rd parties.  I would surely communicate to them the new IP addresses, but if 1.1.1.1 dropped would the VPN resume on 2.2.2.2 in this case?  I guess I want to see if some kind of DNS round robin scenereo would work and if one link goes down, what is the time to failover (does it look at the TTL, or since there's already multiple IP's returned for that DNS name, does the client know to just try the other IP's returned)?

Would it be advisable to invest in load balancing hardware (not sure if Cisco makes one)... like an F5, Barracuda, Esessa, etc... ?

New Member

Re: Internet redundancy, but can't obtain a /24 and ASN for BGP

I found something that sounds really slick called the Peplink

http://www.peplink.com/knowledgebase/understanding-inbound-load-balancing/

I think this may be what I'm looking for.  I have an inquery into them for more information.

New Member

I have the same problem/need

I have the same problem/need for redundant Internet circuits, but we don't have our own ASN or /24 prefix.

What did you end up doing?

Is there any other way to achieve this?

New Member

We ended up getting two

We ended up getting two Ecessa PL600 load balancers in an active/standby failover configuration.  Works great! Their support is excellent and I highly recommend them.

689
Views
0
Helpful
10
Replies
CreatePlease login to create content