I am looking into a multi-homed solution using two different ISPs and using a Cisco 2921 router at the edge to connect to the two ISPs. Current connection is a T-1 connection the proposed additional connection would be a Comcast Ethernet connection. I have never used BGP before and therefore been trying to teach myself as much as I can. I have run multiple simulations yet I still have a few things I do not understand.
Currently the T-1 connects to the ASA via Ethernet, and the outside interface is the public IP address. The proposed new setup is a Cisco 2921 at the edge connected to the two ISPs and then the ASA firewall on the internal connection. With respect to the edge ports that connect to the two ISPs, will they use private IP addressing with the ISPs and the public address stays on the outside interface of the firewall? Or will they each have their own Different public IP address?
My next point of confusion is where and how do I transition from the inside network to the outside network and vice versa? The BGP configuration will utilize default routes only. Do I redistribute those default routes from BGP into EIGRP? For the EIGRP routes do I simply redistribute EIGRP into BGP? This seems to be my biggest point of confusion because I would not think that I would want my internal routes exiting my network. Once I get these two questions clarified I think I will have a better understanding of what I need to do. Thanks in advance.
If I understand this correctly, your new configuration will have a 2921 connected to two ISPs (Is this two different internet service providers or the same one providing redundant connections?), the 2921 will connect to the ASA, which will then connect to the LAN.
My other question is, do you have public web sites, or other services, or is this just for internet access only?
If it were me, I would have the default route on the LAN be the Inside interface on the ASA. I would then have the default route on the ASA match the IP address assigned to the interface going from the 2921 to the ASA. Once the traffic gets to the 2921, you then have some decisions to make on the 2921. Personally, I would run IP SLA Tracking to provide redundancy.
First of all thank you for your response. The 2921 will connect to two different ISPs. Our website is hosted elsewhere so that is not a factor. You are dead on with the IP SLA that is what I am planning on doing. Using the highspeed unreliable Ethernet feed for most traffic and failing back over to the T-1 if that connection goes down.
So if I understand you correctly I will have 3 default routes.
Route 1. From my LAN going to the inside interface on my ASA
Route 2. From my ASA to the Public IP address assigned to the interface of my 2921 going to ISP 1
Route 3. From my ASA to the Public IP address assigned to the interface of my 2921 going to ISP 2
So if the above is correct there is no need for any type of redistribution for the traffic to flow to and from the Internet, just the default routes?
That is correct on the default routes. Yeah, you should just need the default routes. If both ISPs are going to throw down a default route for each ISP, than have which ever one you want as the primary and the other as the backup.
In your situation I recommend against using BGP. It is too complicated and expensive, including the onus of obtaining an AS number, to be practical. especially considering that yoru Internet-reachable service are hosted elsewhere.
Just run regular NAT based load-balancing and you will have redundancy and performances, without incurring complications.
I understand that there are added complications and that is why I am trying to learn all the ins and outs of BGP. You may be right I may not need it. I definitely see that it is more complicated than OSPF and EIGRP, but if I run from something because it is difficult I will never become a Network Engineer. Besides my company is growing rapidly and I don't want to implement something because it is simple only to change it a short time later. Also I am still in the testing phase and I am still aways away from implementation.
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...