Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Multiple ISPs BGP path selection

I currently have two ISPs that serve our corp Inet traffic. We are bringing our website in house and adding a high bandwidth (>200Mb) ISP connection that I want to dedicate to hosting the website only. No Corp traffic should flow through it. We already have separate firewalls for the website. I have plenty of IPs (2 class Bs, sorry everyone... plan to sell one+ back) but I would like to be able to use the two current ISPs as backups to the new one. Attaching diagram of current setup. Will break connectivity from Web FWs to current routers. How do I accomplish this without the Website using the corp ISP links and vice versa (except in case of ISP outage)

3 REPLIES
Hall of Fame Super Silver

Re: Multiple ISPs BGP path selection

Hello Jeffrey,

the key point is that you have plenty of public IP addresses:

If you can "waste" a /23 IP prefix:

the idea is to dedicate at least a /24 to the web server(s) IP subnet.

To get the desired behaviour:

the /24 subnet is advertised only to the new ISP.

An aggregate address /23 is created and it is advertised with your AS path prepended out current ISPs.

the combination of less specific route (/23 instead of a /24) + a longer AS path )(the result of prepending) should provide what you are looking for.

/24 is the minimum size that can be advertised on the Internet.

You could try to send /24 also out current ISPs with AS path prepending but this doesn't assure that 100% of return traffic will be via the new dedicated ISP.

Hope to help

Giuseppe

Community Member

Re: Multiple ISPs BGP path selection

OK, if I understand correctly, you are saying this:

Advertise one /24 for the web servers, and one /24 for the Corp Internet. On the server router, prepend for the corp subnet, and on the corp routers, prepend for the server subnet.

How do I ensure that outbound traffic originating from the Web servers/FWs to the Internet ONLY uses the new ISP and corp uses the old?

Hall of Fame Super Silver

Re: Multiple ISPs BGP path selection

Hello Jeffrey,

good note:

>> How do I ensure that outbound traffic originating from the Web servers/FWs to the Internet ONLY uses the new ISP and corp uses the old?

I think you should add PBR to the picture to route based on the source if possible traffic coming from the web server.

BGP cannot do this job alone.

Hope to help

Giuseppe

137
Views
0
Helpful
3
Replies
CreatePlease to create content