cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1023
Views
4
Helpful
3
Replies

BGP Routing Clarification Needed

mario11584
Level 1
Level 1

I am new to BGP and I've done quite a bit of reading on it lately but still feel a little (maybe a lot) confused. I have a diagram and running config (from my Cisco 3925e router) attached of my partial setup. Here are a few questions:

  1. Does my router need to be inline between the ISP and my Brocade switches? Can I keep it the way it is currently (shown in the PDF)? I have VLANs configured on the switches for each of the ISPs for failover/redundancy on the firewalls. I have my router connected to these VLANs. One interface per ISP/VLAN.
  2. How does my block of /24 come into play? We're setting up BGP so we have a highly available network in case of ISP outages. I don't understand how the IPs my ISP gives us, and the IPs we purchased from ARIN and will use with BGP, work with each other and help us acheive the redundancy we need. I believe this is where my confusion of BGP is the greatest. I think I start to understand it and I read something else that just confuses me.
  3. Does my BGP configuration look accurate for accepting default routes only? What's the advantage to getting the default routes versus the full routing table? What would you recommend? I believe our 3925e is more than capable of handling the full routing table.

Your thoughts on this are very much appreciated. Thanks in advance!

3 Replies 3

Edison Ortiz
Hall of Fame
Hall of Fame

1) I wouldn't defined the router to be inline but basically is a key component in the WAN bubble.

Your router provides network reachability for the assigned /24 subnet to the rest of the world.

I'm assuming your router is also providing NAT for the internal network?

Overall, your design is sound. I wouldn't change a thing.

2) Your assigned /24 subnet allows your internal network to reach the internet with a valid public IP address.

It also allow you to provide services such as WWW, Email, FTP, VPN to your external customers.

The redundancy comes into effect when both ISPs have network reachability towards your network while learning

this /24 subnet via BGP. At high level, BGP uses an internal path algorithm and chooses a preferred route after

comparing several attributes.

http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094431.shtml

In short, customers on Veracity will more than likely reach your network via the Veracity link (preferred metrics)

while customers on Integra would do the same on their own network. Other networks connectivity will be dictated based on how their connection is towards Veracity or Integra.

The redundancy comes into play when you lose one link and it's still known via another link.

This redundancy is provided with BGP and the way is advertised from router to router.

3) Default route is fine. However you are limited on the amount of traffic engineering you can do for traffic leaving your network. For instance, if you receive full or partial routes from both ISPs, BGP would prefer exiting via the Veracity link towards Veracity customers and the same can be said for Integra customers.

With the default route, the only option you have is having one link being primary while the other one as secondary.

You could implement multipath with BGP but I don't recommend it for ISP connectivity.

Edison, thanks so much for your response. As of right now I do not have NAT setup on the router. So, I would need to have an interface/subnet on my router configured with the /24 subnet, and have NAT translate from the /24 to my private IP range? Is that correct?

This is how I understand BGP traffic would route through my router:

1.) Traffic destined to my /24 is routed from one of my ISPs to my router which was learned via BGP advertisements.

2.) My router switches the traffic from the directly connected ISP interface to the /24 interface (network I am advertising to my ISPs via BGP)

3.) /24 interface will translate traffic from one of my /24 public IPs to a private IP address on my network

4.) Traffic is then passed on the internal network

Does that sound about right?

Thanks again!

You would have an interface with such subnet if you are planning to deploy a DMZ.

Your internal facing interface will hold your private IP subnet range.

1) Correct

2) Correct

3) Correct

4) Correct

Review Cisco Networking for a $25 gift card