BGP Multipath Failover Design

jgorman1977 · ‎03-23-2010

In our proposed design, we will be hosting VM's at our DC, and using our Corp office as the redundant path. We are peering to the same ISP and splitting the /24 into two /25's. The two offices are connected via 100MB Metro Ethernet. I am unsure of how to utilize that 100MB Metro link. What is the best way to route traffic back and forth in case of a failure? Attached is a rough design.

Thank you all in advance.

Giuseppe Larosa · ‎03-23-2010

Hello Jason,

I would suggest to go on on an existing thread rather then opening a new thread for each new question.

Said this, the use of the link is decided by the iBGP session and/ or the IGP protocol you are using.

To be noted one link may be not enough for all fault scenarios you would need a path from Corp to hosting also if the hosting router fails totally.

So I would add cross links for this.

But I see also there are ASA before the two campuses

you would need two ASA failover pairs one in Corp and one in hosting

the secondary ASA should have its outside interface cross connected to the other border router (Corp ASA standby to Hosting router, Hosting ASA standby to corp router)

Hope to help

Giuseppe

jgorman1977 · ‎03-24-2010

Giuseppe,

Since we are using the ASA security contexts, I will most likely use 1 5540 at the DR and 1 5540 at the Corp. I will not use the 5510 as we won't have enough security contexts. The ASA configuration will have to mirror, correct?

Thanks,

Jason

Giuseppe Larosa · ‎03-24-2010

Hello Jason,

in any case each ASA can have only one outside interface.

a failover pair needs a connection between the two ASA.

So you would need two links between the two campuses:

one for iBGP session between edge routers

one link for failover and stateful between ASA

Hope to help

Giuseppe