Failover internet routing - 2 different sites

louis0001 · ‎12-03-2017

I want to add some resilience to our network for the internet.

We currently have a network of 50 site all connected via MPLS using BGP routing.

2 of these sites (A & B) are our core sites which are also linked to each other via 100mb PtP and both have internet breakouts using 100mb

SITE A (primary) = Our main site and all traffic enters here and breakout to the internet
SITE B (failover) = Our backup site used for replication etc via 100mb PtP from SITE A

We use EIGRP to advertise BGP networks into our core switches which then forward to the internet.

So basically, I want all traffic to reroute and enter SITE B MPLS if SITE A MPLS goes down

We're currently breaking out by advertising 0.0.0.0 at SITE A MPLS which then routes to our core switch core switch at SITE A which then forwards to our firewall at SITE A and onto the internet.

Could it be achieved by doing the same at SITE B but adding weight or local preference to the BGP?

Julio E. Moisa · ‎12-03-2017

Hi

Are Site A and B redistributing the BGP routes into EIGRP to propagate them to internal network?

Because you could play with the metrics, imagine this case:

Site A

router bgp 100

...

router eigrp 100

redistribute bgp 100 metric 100000 10 255 1 1500

Site B

router bgp 100

...

router eigrp 100

redistribute bgp 100 metric 100000 50 255 1 1500

The internal network will prefer the lowest metric first in this case Site A, if site a is down all the internet traffic will be reroute to Site B.

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

louis0001 · ‎12-03-2017

Hi Julio,

they are to a degree. The whole network had BGP and used static routes to propagate these to the core switches where our 2 main data sites are. So every time a new network was created at a remote site, we had to enter the static route into the core switches.

Now as I was sort of lazy (and prefer a bit of automation), I used EIGRP to propagate the routes in BGP to the core switches so any new remote network that crops up is automatically propagated to the routes in the core switches. Or should I say core switch at SITE A because I haven't done it yet at SITE B. Just a case of me getting there.

Now the firewalls we use at core both sites are Sophos UTM's as the ASA's at the time 5520's weren't cutting it and Cisco didn't have an all in one solution at the time that we were after.

So I can't use anything dynamic eg EIGRP to them but that's easy because we just use a gateway of last resort to them.

In our BGP SITE A, we advertise 0.0.0.0 so any remote site will route all traffic to that if unknown ie internet bound traffic. I'm thinking of advertising a 0.0.0.0 from SITE B which routes to SITE B core switch which has gateway of last resort set to SITE B firewall.

I'm not sure EIGRP metrics will help because the remote sites will route to SITE A via BGP (they don't use EIGRP as it's only used at the core to get the routes from the core BGP routers)
Now if I turn SITE A MPLS router off, there will be no internet breakout and I want that to occur at SITE B. So I think I have to advertise another 0.0.0.0 in SITE B mpls router so that remote traffic knows to route there instead but only when SITE A isn't advertising it's 0.0.0.0

Basically, these two core sites are treated as seperate entities and know nothing of each other unless using the MPLS network. The PtP between them is solely used for replication traffic and a few other bits so for the most part of this, can be ignored for this exercise.

So ultimately, all traffic to SITE A via BGP under normal operation and then via SITE B should SITE A disappear of the BGP table.....