Design question

pronin_sergey · ‎07-03-2015

Hello guys,

our company has the following design.

Three datacenters in different countries.
In each DC there is a core. It is usually stacked 3750X switches.
OSPF runs on the cores to exchange internal routes
Two borders in each DC. It might be Cisco, Juniper or even Linux. Borders run multimode BGP with various providers.
Each DC announces its own /24 network.
There is a full mesh iBGP between borders on virtual interfaces, that are built over internal OSPF.

Question is:

Is it a good design or not?

1) I would like to move iBGP to cores and configure route reflectors on them. Is it a good idea?

2) We have a public prefix /21. Instead of announcing /24 in each DC I would like to announce /21 in all DCs + /24 in each. But I don't know what to do with the firewalls in each DC. They are stateful.

--

Regards,

Sergey

Vasilii Mikhailovskii · ‎07-05-2015

Hello.

If run full-table BGP, I would say it might be a bad idea to run BGP inside your network.

If you learn only 0.0.0.0/0 via BGP, then it's easier to redistribute it into IGP per DC.

Regarding public prefixes - /21 vs specific /24s might be a good idea; if you have DMZ, then the challenge is to route traffic to proper DMZ (you may try it with different VRF).

PS: it's hard to say if it's good design or not, we need to know what are the original business requirements and where different services will be located.