I've inherited the support of two internet-facing 7206VXR routers used as the BGP tier / Internet ingress-egress point of my organisation. We have three ISP services split between two data centres and an iBGP peering between the two 7206s. Each ISP has two BGP sessions - one to the 7206 that their circuit is connected to and another to the 7206 in our other data centre. What I'm trying to understand is why they have been configured this way and what benefits (if any) it gives over just having a single eBGP session between each ISP and the local 7206 and the iBGP session between the two 7206s (which are both within our one AS)?
I've attached a high-level diagram that shows what I'm trying to explain!
thanks in advance
Interesting question & network setup. Perhaps the orginal desgin took the BGP rule of "All peers must be fully meshed" to the maximum.
or perhaps they just wanted tripple redundancy for receiving internet routes.
There is nothing wrong with the design technically - but logically the only thing wrong with it from my point of view is that it is more complicated than it needs to be.
Both Routers may implement the same (bgp-)polices,
so even iff one router fails, the other one enforces that policy,
not just having one isp as the default-gateway,
so all the memory for the full-tables is simply useless.
Also, you may implement differnet polices on the two router,
and let the firewall send traffic for differnent destinations to the one oth the other router.
(o.k., this tends to be complicated, esp. to debug )