BGP with two different ISP on different routers

vaib7av.shirkul · ‎06-29-2011

Hi All,

We have 3845 Router which is using for only Internet connectivity with one ISP(X)

Customer has only one Vlan, Public AS number, and Public IP pool.

Scenario:

User--> L2Access-SW--> L3 (6500) SW--> Firewall (5520) --> IPS--> 3845Router.

Now we have another ASR Router, which also has Internet connectivity from another ISP(Y).

Now the issue is we would like to use both ISP in active/active scenario.

So what will be the solutions?

Giuseppe Larosa · ‎06-29-2011

Hello,

first of all a L2 LAN switch is needed for accomodating the IPS outside port and the two BGP border routers.

these three ports have to be associated to the same Vlan

for security reasons you should use a dedicated switch

If both the FW and the IPS are deployed in HA pair you should use two LAN switches and have the Vlan to span on both and to connect one border router to external SW1 and the second router to SW2.

the ASA firewall can have two default routes with different IP next-hops one pointing to 3845 and one pointing to ASR.

But the two next-hops have to be out the SAME L3 interface (firewall constraint)

Because the customer has its own BGP AS number and its own IP public pool the ASR will advertise it to ISP2.

An iBGP session between the two border routers is recommended.

The ASR is more scalable so for BGP you need to verify if you are receiving full BGP tables you need to think carefully about what to do for the C3845.

return traffic distribution will be unrelated to outbound traffic distribution with no real issues.

Hope to help

Giuseppe