cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
198
Views
0
Helpful
1
Replies

Design question

pronin_sergey
Beginner
Beginner

Hello guys,

 

our company has the following design.

 

  • Three datacenters in different countries.
  • In each DC there is a core. It is usually stacked 3750X switches.
  • OSPF runs on the cores to exchange internal routes
  • Two borders in each DC. It might be Cisco, Juniper or even Linux. Borders run multimode BGP with various providers. 
  • Each DC announces its own /24 network.
  • There is a full mesh iBGP between borders on virtual interfaces, that are built over internal OSPF.

 

Question is:

 

Is it a good design or not?

1) I would like to move iBGP to cores and configure route reflectors on them. Is it a good idea?

2) We have a public prefix /21. Instead of announcing /24 in each DC I would like to announce /21 in all DCs + /24 in each. But I don't know what to do with the firewalls in each DC. They are stateful.

 

--

Regards,

Sergey

 

1 Reply 1

Vasilii Mikhailovskii
Rising star
Rising star

Hello.

If run full-table BGP, I would say it might be a bad idea to run BGP inside your network.

If you learn only 0.0.0.0/0 via BGP, then it's easier to redistribute it into IGP per DC.

Regarding public prefixes - /21 vs specific /24s might be a good idea; if you have DMZ, then the challenge is to route traffic to proper DMZ (you may try it with different VRF).

PS: it's hard to say if it's good design or not, we need to know what are the original business requirements and where different services will be located.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: