Great work everyone, I read this forum often. I have a question, that I cannot seem to get a straight answer from anyone.
We have two locations, location A, has two ISP's (1,2), and location B has ISP 1.
I am attempting to find a solution where I can have all traffic inbound (outbound is not as important) to our class C come in over ISP 1, then if that link goes down, fail to ISP 2 in location 1, then if the building goes away (power, etc) fail to location 2 (Who has ISP 1). I assume BGP Is the solution, and I need to prepend the class C first at primary Location 1 ISP 2, then secondary location ISP 1. If this solution is not feasible, we can just keep one ISP at both locations. Also note, there is a 10M link between both locations. We would like location 2 to send traffic back to location 1 if the ISP has failed. I am attaching a diagram to clarify, as I know this sounds confusing.
Is it possible to have the traffic come inbound over only one link at a time, our customers have a hardcoded IP, and can only come in that way. We are in the process of changing that, but it will take some time.
2 Cisco 3640's with 128MB RAM.
2 Checkpoint Firewalls
2 Cisco 2621's with 64 MB RAM
Sounds like you have pretty good handle on the solution.
You will have do the prepend and go to some of the looking glass sites to see if you are getting the results.
You just have to make sure that ISP1 will send traffic to ISP2 even when he has a path in the second building.
In the simplist method you would advertise the network to isp1 in building 1 with no prepend, with the as prepended 1 time to isp2 and it prepended 2 times in building 2 to isp1. It will all depend how many as hops there are between isp1 and isp2 and that can vary if they have multiple peering points. You may end up prepend it 5 times in building 2. You will have to do some testing.
Most big ISP's allow you to see the BGP routing in their network either from private or public looking glass sites.
Thanks for the vote of confidence, I have a general understanding, but am not sure how to implement it. Is there a sample config that shows prepending. How do I determine if there multiple hops, etc? How do I go about this testing? Any suggestions?
There may be a better link than this one. This one is showing using the continue feature
Just ignore that for now and don't put it in. It just shows a number of asprend option. This one has different match option. If you do not specify a match it will match everything and then set the aspath on all the routes. This one is a multistep route-map. you can ignore that also and just use 1 step unless you need more.
All you do is apply a different routemap with different prepends to each neighor. It is as simple as neighbor x.x.x.x route-map yyyyy out
Testing is the challenge since this is the internet. You may want to call your main isp and ask them about their peering relationships with the other ISP.
A couple websites I use all the time
Way in the bottom you will find looking glass sites and many allow you to enter bgp show commands so you can see the aspaths
This site I use to try to figure out who is peering with who and how AS are connected.
There is no easy way to see how your traffic is passing the internet. You can get most of it to go the way you want but there will always be some that slip though the wrong path.
There's another couple of options besides as path prepend:
o Ask your providers if they support RFC1998. If so, you can send a community that sets your provider's local preference such that one ISP is always preferred over the other. When your link with the one fails, all the traffic will converge on the existing link.
o Use BGP conditional advertisement.
Either of these will handle the inbound traffic. For outbound traffic, just set your local preference on the inbound side, and build an iBGP session between the routers.
Do you have a sample config, or something to read. Can you point me in the direction on how to build an iBGP session? I am not sure I fully understand the difference.
Shows how to configure conditional advertisement. I would really ask the provider about RFC1998 support first, though, as this is bound to converge faster than conditional advertisement is.
Building an iBGP session is just like building an eBGP session, you're just peering with the other router in your network, so the AS number on the local router and on the peering router is the same (rather than different, as on an eBGP session).
Does anyone have a real-world sample configs showing at least two different providers?
I have read the BGP examples, and they make sense, I am just looking for something that is out there and works. Does this work in the real world? The only reason I ask, is a lot of people say 'most' data will make it to you on one path, but some may not.
Thanks for everything though, I have definitely been pointed in the right direction.
No--you can ask work with both providers to use a single private AS number. You can also get a public AS number, but if the providers will work on this one point, then it's easier not to.