Re: BGP Design - Page 2

NetworkGuy! · ‎07-02-2018

Hi

I have the present scenario and would like to ask for any suggestions / best practises

There is two buildings and 1 ISP Circuit/ routers in each building. I would like to do BGP multihoming - I want building A to be primary and building B to be secondary. both buildings are connected to each other by internal fibres

I want all traffic to go through Building 1 (if things are well) but if the fibre breaks, and if router in Building 1 goes down, then all traffic through Building 2.

But if the fibre breaks, then I want all local traffic to go through local routers - is this possible? ISP prepared to do bgp config as my design

1/ would cross peering between the circuits help? (like R1 has BGP peer to ISP Circuit 1 and 2 and R2 has BGP peer to ISP circuit 1 and 2)?

2. or can i design as Active/Active - how will incoming traffic behave? no issue with public address - I have many public ip address available

3. any other design recommendations even if its something which is out of the box! ?

chrihussey · ‎07-05-2018

But are both pairs of fibers in the same cable? So if the fiber is cut then connectivity between the cores and ISP routers will be lost. So both buildings will be separated. The likelihood of a fiber cut preventing the internet routers from communicating, but the cores being OK would be pretty remote? Correct?

1- Understand about transit VLANs. The question then becomes is the infrastructure duplicated in each building? For example, redundant firewalls, HSRP addresses, etc. So you need to determine if connectivity between buildings is lost can each building operate on its own with the gateways and firewalls operating? There may be some instances that would fail, but the majority would have service until the situation was remedied.

2- If the connectivity is lost between the buildings, and provided the instance in #1 can be met and the loss of connectivity means that R1 only advertises a specific /25 to the ISP and R2 advertises another, then anything to the internet should come back through the proper router, so yes active/active.

3- Again, if R1 & 2 advertise both /25s in normal operation to to the ISP with R1 preferred, but when IBGP is lost due to loss of connectivity, then R1 would only advertise one of the /25s and R2 would advertise the other until connectivity is restored.

NetworkGuy! · ‎07-05-2018

no both fibres are in differen cables

so in normal operation I want all traffic to go through R1 and if fibre between routers fail then go through R2 but if the fibre between core switches then I want traffic to pass by locally - is this possible?

yes both firewalls are capable of passing traffic and has rules - basic rules to allow internet connectivity atleast!

I can use /25 on each firewall - what should the ISP config look like?

NetworkGuy! · ‎07-06-2018

any thoughts?

chrihussey · ‎07-06-2018

Here's the basic concept:

!
R1
!
router bgp 65000
network 192.168.1.0 mask 255.255.255.128
network 192.168.1.128 mask 255.255.255.128
!
!(Route to firewall & advertised via IGP to R2)
ip route 192.168.1.0 255.255.255.128 10.10.1.1
!

!
R2
!
router bgp 65000
network 192.168.1.0 mask 255.255.255.128
network 192.168.1.128 mask 255.255.255.128
!
!(Route to firewall & advertised via IGP to R1)
ip route 192.168.1.128 255.255.255.128 10.10.1.1
!

So if connectivity between R1 & 2 is lost then R1 no longer has the route advertised from R2 and will stop advertising it to the ISP, conversely R2 loses the advertised route from R1 and no longer advertises that route to its ISP.

As previously discussed, in normal operation, by using local preference and as prepending R1 is the preferred path in and out.

Regards