Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
62
Views
0
Helpful
0
Replies

Designing a Campus Internet Edge

Ex-Engineer1968
Level 1
Level 1

‎10-24-2024 07:20 AM - edited ‎10-24-2024 07:22 AM

Hello, everyone. Thank you ahead of time for your attention and sharing your expertise. Greatly appreciated! 

It’s been a while since I designed an Internet edge… so many ways to approach it.

I have 2 ISPs, 2 collapsed core L3 Cisco 9500 switches, and 2 firewalls that can run BGP and OSPF.

I could use static routes and keep it simple or run routing protocols.

Or I can do this to create a dynamic failover of what are basically 2 separate/independent paths to their respective ISPs. But traffic will always go out the primary ISP unless that connection fails.

I would have liked to embed the drawing in the dialogue box, but it only allows me to attach! Sorry! 

Does what I wrote below make sense? Are my assumptions correct?

Please bring up drawing so that you can follow along. 

ISP-1 PATH – INBOUND CONTROL PLANE/OUTBOUND DATA PLANE

  • ISP-1 advertises a default route to L3 switch-1 using eBGP
  • L3 Switch-1 and L3 Switch-2 do an iBGP peering. At L3 Switch-1, we configure Local Pref of 200 for default route learned from ISP-1. That gets passed onto L3 Switch-2 via iBGP.

DATA PLANE NOTE: So, any outbound traffic going out to the Internet that reaches L3 Switch-2, will be forwarded to L3 Switch-1.

  • L3 switch-1 redistributes default route into OSPF (default originate command?) and into FW-ACT-1. The next hop for the default route would be an interface on the L3 switch
  • FW-ACT-1 passes the default route via OSPF to Core 1. Since there is no OSPF adjacency between Core 1 and Core 2, each core switch will only have the route it learned from its northbound FW. BUT, in the event that the dynamic default route is lost because of a northbound failure, Core 1 SHOULD have a default static pointing to Core 2 (adjust AD to 200).
  • So, any traffic received at Core 1 destined for the Internet will go northbound to FW-ACT-1.

 

ISP-2 PATH INBOUND CONTROL PLANE/OUTBOUND DATA PLANE

  • ISP-2 advertises a default route to L3 switch-2 using eBGP
  • L3 Switch-2 learns about default route and Local pref from L3 Switch-1 via iBGP peering. 

DATA PLANE NOTE: So, any outbound traffic going out to the Internet that reaches L3 Switch-2, will be forwarded to L3 Switch-1.

  • L3 switch-2 redistributes default route into OSPF (default originate command?) – Next hop for default route would be an interface on the L3 switch
  • FW-ACT-2 passes the default route via OSPF to Core 2. Since there is no OSPF adjacency between Core 1 and Core 2, each core switch will only have the route it learned from its northbound FW. BUT, in the event that the dynamic default route is lost because of a northbound failure, Core 2 SHOULD have a default static pointing to Core 2 (Adjust AD to 200).
  • So, any traffic received at Core 2 destined for the Internet will go northbound to FW-ACT-2.

Does this make sense? Are my assumptions correct?

 

Preview file
62 KB
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card