Hi guys, Looking for some direction on how to add a second site to my current Multi home BGP network architecture.
So, My current topology is Single site and BGP Multi homing with 2 ISPs, and 2 Routers with a /24 Provider Independence address space and AS number.
We also have servers that are public accessible through this site using a HA ASA FW for NAT&ACL's and remote VPN users connecting on ASA as well.
The ASA outgoing ifs has been assigned an IP address from the /24 PI subnet and has a default route towards the HSRP VIP IP address configured on our Internet border routers which they also have IP address from the /24 PI subnet.
So, static routing route point to corporate edge routers HSRP and HSRP configured on edge routers inside interface.There is no IGP or iBGP running between ASA and our Border routers. Only static routing.
Each Internet border router has an eBGP peering with an upstream provider and iBGP between them and as far as the BGP routing policy is concerned is actually pretty simply. We accept full Internet routing table from both providers and we only advertise our PI subnet. No other special Inbound/Outbound treatment. We let BGP choose the best path by default.
Works well and is currently in production.
Additional, I have a second corporate site with it's own HA ASA FW and one ISP line with a /24 PA subnet and the two sites are connected with a redundant L3 dedicate line running an IGP between them.
The second site local core switch has a default route to ASA and ASA itself has a default route to ISP. So, the local users and servers are able to access the web from this local ISP.
Let's say the first site is the primary one because that's where the main DC and Public accessible servers are located and the other one is the secondary with some users and servers. Each site can access Internet through the Local ISP Lines/Providers.
I want to change the current topology from Single Site, Dual Router, PI-space, Multihoming to Two ISPs to a Dual Site, Dual Router on each site, PI-space, Multihoming to Two ISPs.
My main goal is to add site redundancy and to be able to have Public accessible servers on both sides associated with this public /24 PI subnet having in mind the above routing policy.
The /24 PI subnet will be advertised from both sites.
Primary entry and exit point to/from the Internet will be the Primary DC.
Secondary entry and exit point to/from the Internet will be the Secondary DC in case a major failure occurs on Primary DC (ISP Lines, Core routers, FW etc).
Last choice will be the DR site which is directly connected with the primary with a dedicate line.
In a high level and as far as i understand, some steps towards this would be the below.
Site A:
Change my Inbound BGP routing policy : Alter the default Local preference on the received routes from this ISP's to a value higher than 100.
Site B:
Install one or two border routers and establish an eBGP peering with the local ISP.
My border routers will advertise the /24 PI address space using static route pointing to NULL 0 and the this static will be redistribute to the BGP process.
Apply the below policies:
Outbound BGP routing policy : Prepend my AS Path so i can influence the incoming traffic to be less desirable than the Primary OR use BGP conditional advertisement. Not sure yet which is best,
Inbound BGP routing policy : Assign a low Local preference on the received routes from ISP so i can influence the outgoing traffic to be less desirable than the Primary.
My firewall will have a default router towards the HSRP VIP of my border routers and will also NAT over this PI space when necessary. Not sure if i can have all the NATs in place so i can be ready to route traffic from the servers on Site A.
Site A & B:
Establish an iBGP Full mesh Core between my Corporate BGP routers with next hop self attribute enable.
Not sure if it is necessary to run an iBGP full mesh on my firewalls as well.
Sorry for the long post but i wanted to give you the big picture. If anyone can provide some more ideas or and advise/direction on this, it would be great.
Thanks
