08-20-2002 01:19 PM - edited 03-02-2019 12:48 AM
I have two separate Internet connections through two different providers connected via two separate routers. My Internet mail and Web IP addresses are provided by provider A. I want to ensure that redundant access to my email and Website are provided via provider B in the event that my WAN connection to provider A goes offline. I am using HSRP to provide redundancy for outbound traffic from my LAN. I assume I must apply for a public AS#. Or, can I borrow/lease one from one of my providers? Also, can anyone help me with the bgp configuration on my (C2611/2620) border routers? Do I want default routes only from my service providers? Do I need to set local preferences on my border routers given that I am using HSRP internally? Lots of questions. Any assistance would be greatly appreciated. And any reference materials you could suggest would also be greatly appreciated.
Thanks,
Dan
08-21-2002 10:03 AM
A lot of questions... so here a few answers:
Solve the HSRP (inside users finding the gateway to the internet) challenge independent of the BGP (gateway routers finding a path to the ISP) challenge. Also make sure you solve the BGP routing challenge in both directions (from the Internet and to the Internet).
Yes you will need BGP for web services (mail could be handled by multiple MX records in DNS). Note that even with BGP, your site can go down for over a minute any time a link goes down as it can take time for link problems to get detected and new routes propagated.
Defaults routes will do the job. If your ISPs support them, I prefer conditional default routes so I can route around problems inside the ISP. Keep in mind that using redundancy to improve availability can be at odds with using redundancy for higher bandwidth. There is more on this topic (and others) in chapter 8 of my book, High Availability Networking with Cisco. See my web site for more on the book and example listings from the book.
Good luck and have fun!
Vincent C Jones
09-04-2002 12:05 PM
As I said, I am trying to provide redundancy to my network from two separate ISP's on two separate routers. The HSRP config is not really an issue, but I'm a relative novice to bgp. I think I understand the basic bgp configuration tasks, but I'm grappling with some of the more subtle configuration issues.
These are Cisco 2600 routers and I don't want to burden them too much with BGP-related tasks. I want to limit the bgp routing updates to only those necessary to provide the redundancy I need. I want to be able to force the primary path for inbound traffic through ISP-A (who owns my email and web server IP addresses) and reroute through ISP-B if needed. I also want to prevent my network from being used as a transit network for other Internet traffic.
Below is a copy of my bgp configs. I need to confirm my configurations for route filtering. etc. Router A and Router B share a common Ethernet segment (210.140.64.160/27) internally.
Router A
Router bgp 100
no synchronization
network 210.140.64.160
neighbor 210.140.64.189 remote-as 100
neighbor 210.140.64.189 next-hop-self
neighbor 208.174.168.1 remote-as 300
no auto-summary
Router B
router bgp 100
no synchronization
network 210.140.64.160
neighbor 210.140.64.188 remote-as 100
neighbor 210.140.64.188 next-hop-self
neighbor 67.96.254.133 remote-as 400
neighbor 67.96.254.route-map bw out
no auto-summary
!
access-list 1 permit 210.140.64.160
route-map bw permit 10
match ip address 1
set as-path prepend 100
09-05-2002 05:31 AM
To prevent transit AS:
router bgp 100
neighbor x.x.x.x route-map notransit out
route-map notransit permit 20
match as-path 20
ip as-path access-list 20 permit ^$
ip as-path access-list 20 deny .*
If you are using 2600's I may be tempted (heavily) to only accept default routes from the providers and set a higher preference on the link you want to use for outbound traffic (or leave preference equal and let HSRP or MHSRP decide).
You can't force another AS to use one link over another, you can only influence them (their policy will override what you try to do, so it pays to cooperate and be friendly). Also, with prepending I would add more than one instance of your AS.
Hope it helps
Steve
09-05-2002 09:52 AM
In addition to Steve :
You should add default static routes with lowest admin weight towards ISP1 and higher on ISP2 as well. or Talk to your ISP to advertise default static routes to you and than apply preference to select the one through ISP1.
HSRP is just fine and have to do nothing with external world . moreover you can tag serial interface to some value in HSRP , when the link will be down decrement the priority by some value for the primary .
I guess you don't need public AS , Talk to your ISPs they will provide you a solution . they can strip private AS while advertising your networks to NAP or other ISPs.
Hope this make sense .
Regards,
09-08-2002 03:44 AM
Thanks to everyone for their generous replies.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide