08-19-2003 11:38 AM - edited 03-02-2019 09:43 AM
I've been asked to design a failover scenario for our Internet access. Today we are using a single ISP and are running BGP protocol back to them and EIGRP w/HSRP on the LAN interface. When second ISP is added(off-site recovery center), what options do I have for offering instantaneous failover?
08-19-2003 04:54 PM
A good number of different ones.... Really too many to answer here. Take a look at:
http://www.cisco.com/warp/public/459/40.html
http://www.cisco.com/warp/public/459/27.html
As starters. I have a and chapter on this in the new BGP book that should be published in December or January through Addison Wesley, to give you an idea of how much material there is here. Running NAT on both sides, with a firewall in each direction, and swapping out to a different default route when one link fails is a good plan, as long as you can accept the session drops when you switch. If you can't stand session drops, then you'll need something much more complex, where both sets of addresses are advertised through both ISPs.
You'll have to ask each ISP to punch holes in their aggregates, and make certain you are getting at least a /24 from each one for address space. You'll also need to set up iBGP between your border routers, and tune the timers a bit, perhaps, to get the convergence speeds you want. If you are using NAT on both sides, then you need some way to coordinate the NAT pools, so sessions don't drop.
Russ.W
08-21-2003 06:53 AM
Thanks, that helped on the inbound side. Regarding the outbound traffic from internal users, is EIGRP or some other link state protocol easier to set up for instantaneous recovery?
My internal network is using EIGRP and I have a default gateway setup for outbound traffic.
08-21-2003 07:22 AM
Injecting a default into EIGRP from BGP, or through statics, should give you very fast switchover, as long as you are injecting it on both links. If you tune your metrics right, you can make the backup link a feasible successor of the primary link in all places in your network, and the switchover should be in the milliseconds.
Unfortunately, I don't know of any links on tuning the metrics this way.
Russ.W
08-21-2003 08:19 AM
Some of the issues you are facing are discussed in my book "High Availability Networking with Cisco" currently available dirt cheap on Amazon marketplace (under $10). A few things to be aware of... HSRP failover defaults to 10 seconds, but is only useful between multiple routers on a single LAN. BGP on the Internet can require up to several minutes to converge, depending upon the number of AS in the path.
If using EIGRP, make sure the alternate path is a feasible successor (note that this is not always easy, and in some configurations may be impossible). Consider using OSPF instead. See Chapter 2 of my book for how to tune routing protocols for faster failover. Note also that tuning timers is usually only possible if you control both ends of the link. Most ISPs are not willing to tune BGP timers and even if they do, it only helps speed detection of failure of your link, not propagation of that failure to the rest of the Internet, and makes you more prone to be dampened.
Good luck and have fun!
Vincent C Jones
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide