I need your help expert opinions. we are building two new DC (Primary & Sec) with DC external boundary network. Diagram attached.
Primary DMZ with layer 3 hope running ospf and facing the provider using BGP and redistribution is happening on this box, furthermore we have ext fw's and again down below layer 3 hop and then LB, down below again layer 3 hop with Int fw's connected and then ends with aggregation layer in Area X and both Area X are the same in the diagram, which is then connected with the Core Layer 3 routers in Area 0.
? If my primary BGP/MPLS links fails, how would the router in the Core knows to divert the traffic to 2nd DC via DC interconnect link ?
? Can I use tracking on the Core router to track the top end ext L3 router if it fails, but then I have L3 ext FW's , L3 DMZ , L3 int and L3 Agg routers, what if any one of them fails ? Can I use track for each of them ie if any L3 fails then traffic should be diverted to 2nd DC ?
? How about the incoming traffic ? Assume that SP started advertising the BGP routes after failure ie inbound traffic via 2nd DC WAN link, coming all the way to Core L3 router but then it needs to send it to the primary DC via DC interconnect ?
? Any other area to be looked at to avoid any asymmetrical routing issue ?
Your help will be appreciated
Thanks Sam for your quick response.
1. that means that i need to increase the OSPF link in the core connecting to other DC ? Also I can put a transit link on my top boundary router ie if the primary MPLS link goes down then the traffic will be diverted to the 2nd DC via transit link ?
2. Why do you need tracking if every device is participating in the routing domain? There's built-in info sharing and tracking w/ BGP and OSPF. (Can you elaborate a bit more please ) ?
3) For incoming, you probably want to have the secondary site attach a community or prepend the AS to slightly devalue the networks. Check w/ your MPLS provider to see if they have a community to use for that or just prepend your AS a couple of times to make the as-path longer. If you every go active-active, you can just rely on the providers RR's to handle best path.(Agree with you :)
4. why wouldn't you want mutual redistribution as traffic will be flowing both ways ? We can use route-maps and tag the traffic in both DC's and not to permit the traffic to avoid the loops. Are you agree with me ?
1. Yes, or the transit link in case of only MPLS WAN is down, if the whole Primary DC is down then yes .. DCI Interconnect link will be used.
2. Yes, No need to use tracking, if my Core router delete the primary route from its routing table, then it will eventually use the backup route.
4. Reason to do the mutual redis is that I want both sites be similar ie route the traffic in similar fashion. The other solution I am proposing is to use BGP in both DC's ie iBGP and use eBGP between our router and provider router ? If you can comment on this solution ?