I am working with a large CISCO shop who has multi site configurations across their geographically spanned data centers.
we are using our service provider for default routes for our edge routers.
we are integrating with Microsoft azure cloud services and established expressroute between our datacenter and azure. Expressroute uses MPLS and BGP for route advertisement
I am.trying to understand what are the impacts of changing default route from existing service provider to azure and what level of efforts are required and how complex it can be with both technology, performance , latency etc..
There are certainly many things to consider. Here are a few that come to mind.
- Do some base line measurements to determine traffic volumes and verify that the new path for the default route has sufficient capacity to carry the traffic (and ought to have room to grow).
- I assume that you are doing address translation based on your current exit point. As you change the default route and there is/are different exit point(s) will the address translation need to change?
- Do you have some devices (servers etc) that are accessible from the Internet? If so the Internet has a way to get to those devices. Will the access to those devices change when the default route changes? (If you have firewalls or anything else that is doing stateful inspection then you need response traffic to go out the way the request comes in. In changing the default route you are probably changing the path that response traffic will take. You either need to change the way that responses come in or you need something (perhaps Policy Based Routing) that will send responses out the way that they came in)
- Are you announcing your IP address space to the Internet? When you change the default route will you need to change anything about how you advertise your IP address space.
- Are you filtering inbound and outbound traffic at your network edges? When you change the default route will there need to be changes in the traffic filtering?
- Do you currently have anything in place to detect or prevent data exfiltration? If so what changes will be needed in policy to accommodate azure?
- Do you currently have failover mechanisms in place to reduce the impact of circuit/equipment failure? How will these failover mechanisms change as you change default route? Or will you need different failover mechanisms as you transition to azure?
There are certainly other considerations but these will give you a starting point.
If you are working in a large multi site geographically spanned environment with multiple exit points to the Internet then you are working in a pretty complex routing environment. Changing the default routes is likely to become a complex effort. Without knowing more about your environment it is difficult to estimate the impact of these changes.
we are running voice and data networks within our datacenter and the configuration is evolving since years with constant changes and modifications to fit the requirements
with service provider advertising default route, we wanted to analyze the impact on layer 2 and layer 3 routing impact
I have been working on cisco networks over a decade bit never experienced changing default route as it involves load of decision making on performance and validation
would be of great help if you can point major seas of concern before changing default route
There are certainly many things to consider. Here are a few that come to mind.
- Do some base line measurements to determine traffic volumes and verify that the new path for the default route has sufficient capacity to carry the traffic (and ought to have room to grow).
- I assume that you are doing address translation based on your current exit point. As you change the default route and there is/are different exit point(s) will the address translation need to change?
- Do you have some devices (servers etc) that are accessible from the Internet? If so the Internet has a way to get to those devices. Will the access to those devices change when the default route changes? (If you have firewalls or anything else that is doing stateful inspection then you need response traffic to go out the way the request comes in. In changing the default route you are probably changing the path that response traffic will take. You either need to change the way that responses come in or you need something (perhaps Policy Based Routing) that will send responses out the way that they came in)
- Are you announcing your IP address space to the Internet? When you change the default route will you need to change anything about how you advertise your IP address space.
- Are you filtering inbound and outbound traffic at your network edges? When you change the default route will there need to be changes in the traffic filtering?
- Do you currently have anything in place to detect or prevent data exfiltration? If so what changes will be needed in policy to accommodate azure?
- Do you currently have failover mechanisms in place to reduce the impact of circuit/equipment failure? How will these failover mechanisms change as you change default route? Or will you need different failover mechanisms as you transition to azure?
There are certainly other considerations but these will give you a starting point.
