cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5105
Views
3
Helpful
12
Replies

Multi-homed BGP two physical locations

choylee
Level 1
Level 1

Hello,

We have one AS and our IP addresses in PI (provider independente)

We have two routers connected to two ISPs in multi-homed mode and it works properly.

The routers R1 et R2  are located in the same datacenter (site A)

ISP_1          ISP_2

   |                  |

   | eBGP       | eBGP

   |                   |

   |     iBGP     |

  R1--------------R2

   |                  |

          LAN

We want to add a new router R3 connected to new ISP_3 in the same AS  on different location (site B)

We need that the routers are connected in full mesh for the iBGP.

Is it mandatory to have a private link (lan to lan or other) between site A and site B ?

Is there a another way ?

Many thanks

Regards

1 Accepted Solution

Accepted Solutions

Hi,

If the backup site will have servers that replicate the ones at the primary site, there will need to be some kind of replication in place between the two sites, right? This, to me, indicates that you will need some kind of link between the two sites. If both sites use the same /24, are you going to use private addressing to replicate between the two sites?

As far as using AS path prepend to decide which point of entry will be used for your specific /24, I have to say that this approach is not ideal, especially if both sites advertised the same prefix. The issue with this approach is that AS path length comes after the local preference in the BGP best path selection process and that service providers in general will set a higher local preference on routes received from customers than peers or transit, which means that a given sercice provider will choose a bgp prefix with a longer AS path coming from a customer rather than a shorter AS path coming from a peer or transit. Certain service providers allow their customers to set the local preference they use in their network via a community is sent by the customers. Another way to address this is to use bgp conditional advertisement, which would cause the backup site to advertise the /24 only if the primary site is down. This would require running ibgp between the two sites though.

Regards

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

View solution in original post

12 Replies 12

Harold Ritter
Cisco Employee
Cisco Employee

Hi,

Why do you plan tu use iBGP between the two sites? What are the routing policies that you are trying to put in place?

Regards

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

In fact it was my question.

Currently, we have only R1 and R2 in multi-homed mode in production and we want to add a R3 routers in the same AS.

Three routers R1 R2 and R3 will belong to the same AS and they advertise the same network x.y.z.w/24 to ISP1, ISP2 and ISP3. This is Multi-homed mode.  We are not in full table mode with these ISP but each router receive the default route of each ISP.

Is it mandatory to have a private link (lan to lan or other) between site A and site B (for iBGP)?

Is there a another way ?

Many Thanks



Hi,

It is not absolutely mandatory to have iBGP between the two sites. It largely depends on the routing policies that you want to apply to this AS. I suppose that these two sites will not operate in complete isolation from one another and that there is a communication need between the two? If so, were you planning to use IPsec tunnels for that purpose. Can you please provide more information on the interaction between the two sites. I suppose one will be use as the primary site and the other as a DR? Or will they be both active at the same time?

Regards

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Hi choylee,

Site A and site B does require to be interconnected either by a private connection as you said or by an IPSec tunnel.
A mesh iBGP can be used to sync the routes among all routers.
Site B has to use much lower local preference with respect to the default route and higher as-path prepend for the inbound traffic.

1question : Is your site A&B a VPN hub location or just a site accessing Internet.
It is important to know while deciding site B as a DR site.

- Hiraman

Sent from Cisco Technical Support iPad App

Hi Hiraman,

There is no hard requirement for these two sites to be connected either via a private link or VPN link. I have customers running multiple sites belonging to the same AS without being connected to one another, other than via Internet, and with no iBGP mesh. The need for a private or VPN connection and iBGP mesh comes from customer requirements.

Regards

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

I understand.

We give you some details

On site A,

For now, my customers access to PROD server with the BGP public ip address x.x.x.x/24 by R1 or by R2. The downstream comes to R1(ISP1) or R2(ISP2) following the clients localization and the upstream is managed by the HSRP on R1 and R2.

The BGP configuration give priority to ISP2 for the downstream on the site A

R02 ( local-preference 200 )

R02#show ip route

Gateway of last resort is @_ISP2 to network 0.0.0.0

B*    0.0.0.0/0 [20/0] via @_ISP

R01 (local-preference 150,  as-path prepend ASN ASN)

R01#show ip route

Gateway of last resort is @Loopback0_ISP2 to network 0.0.0.0

B*    0.0.0.0/0 [200/0] via @Loopback0_ISP2

If the ISP2 is down then all the traffic move on to ISP1 and vice-versa. I have iBGP between these two routers.

It has been working properly for two years.

Today, my main purpose is to secure my business in order to have another site if the site A is down ( for example an electrical downtime )

I wonder how can I design the new architecture with this new site B on different location.

For now I just have the new router R3. I didn 't started to set up the BGP session with the new ISP3 and we don't have the private link or vpn tunnel between A and B yet. But everything is possible.

We would like to access to the PROD server  x.x.x.x/24 without interruption from Internet.

How would you do it ?

Many thanks

Regards

Hi Choylee,

Now I have a pretty good picture of your network.
So it is not a VPN but a single site with a requirement to access public Servers (does that belongs to you).

I assume that your client LAN network is directly connected or geographically local to Site A (no SSL)
In that case your client subnet should span across both the sites (site A & B) perhaps by a private line, for the client network to use site B, when site A is down.
Furthermore, you expect your client to be online even after site A (only routers+wan) is completely down for electrical maintenance or issue.
Then it doesn't make sense in building interconnects or IPSec on routers at site A & B.

You may have to redesign LAN switching based on a question : how are you going to setup your client base at site B?

- Hiraman

Sent from Cisco Technical Support iPad App

Hi,

If the backup site will have servers that replicate the ones at the primary site, there will need to be some kind of replication in place between the two sites, right? This, to me, indicates that you will need some kind of link between the two sites. If both sites use the same /24, are you going to use private addressing to replicate between the two sites?

As far as using AS path prepend to decide which point of entry will be used for your specific /24, I have to say that this approach is not ideal, especially if both sites advertised the same prefix. The issue with this approach is that AS path length comes after the local preference in the BGP best path selection process and that service providers in general will set a higher local preference on routes received from customers than peers or transit, which means that a given sercice provider will choose a bgp prefix with a longer AS path coming from a customer rather than a shorter AS path coming from a peer or transit. Certain service providers allow their customers to set the local preference they use in their network via a community is sent by the customers. Another way to address this is to use bgp conditional advertisement, which would cause the backup site to advertise the /24 only if the primary site is down. This would require running ibgp between the two sites though.

Regards

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Yes, you're right.

It's single site with a requirement to access public Servers (does that belongs to me).

For now, all my clients (http client) is connected from Internet (SDSL) and access to the PROD server ( web server).

PROD server has a BGP IP Public address behind this routers R1, R2.

So, R1,R2 and R3 going to advertise the same BGP public network (x.x.x.x/24). Then the client could come from Interntet to R1 or R2 or R3 following his location (and router configuration : AS path length ......etc).

Our providers don't allow to use the local-preference attribut.

We only use the local-preference in iBGP for the outgoing route.

Yes, I'm going to use a private addressing ( Lan_to_Lan or VPN) to replicate the two sites because I will have the same server on two sites ( IP floating with heartbeat or another mechanism between the servers).

So, as you said , this architecture requires iBGP between the two sites.

Thanks

Regards

The issue with this approach is that AS path length comes after the local preference in the BGP best path selection process and that service providers in general will set a higher local preference on routes received from customers than peers or transit, which means that a given sercice provider will choose a bgp prefix with a longer AS path coming from a customer rather than a shorter AS path coming from a peer or transit. 

 

May someone explain this more?

 

Thanks,

 

 

Never mind, I understand this now

Hi Harold,
I do agree with you fully on running dis contiguous AS#.
Infact I also implemented such designs, but every time at least the LAN was contiguous (geographically at one location)
Could you please share your design concept?

-Hiraman

Sent from Cisco Technical Support iPad App

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco