Hi Jon, Thanks for the answer. 

Here are my answers to your Qs:

1. Yup my plan is one iBGP peering only and is using POP2 as transit. Basically an iBGP mesh to each other..

2. No FW, on our current 1st POP we use ACLs and host based FWs. We use FW for VPN termination only to private Mgmt network.

Mark

1) Don't think this will work unless you either -

a) use an IGP between your POPs ie. redistribute BGP into the IGP

or

b) more likely make POP2 a router reflector and then the other POPs are route reflector clients.

The issue is a BGP router that learns routes via IBGP cannot then advertise these routes to another IBGP peer.

2) Only mentioned this because currently you are prepending the same number of AS entries from each backup POP. This means if the POP that is connected to the network fails then traffic could come in via either of the backup POPs ie. it would be load balanced to an extent.

If you have stateful devices at these sites you could have connectivity issues.

Other than that can't see anything else that would cause an issue.

Any other questions let me know.

Jon

Hi Jon, my bad for not giving enough info...full BGP routes are received to the edge router. Currently thats how we do it on our 1st POP.. Then from edge we run OSPF as IGP to reach our production servers.. currently we announce a Net-A (/24) prefix.

Forgot to mention my plan is to build the same network design on other POPs and run IGP so I can play the cost of the iBGP links to avoid assymetric routing (so return traffic to internet is not exiting at different POP)..  Another way that I think to avoid complexity-- I will only announce the corresponding Net address to each POP and not use iBGP to leak other POP's net (if its eBGP goes down) to a live POP. Maybe we will just use EoMPLS just to have mgmt acccess to other POP devices. We will build the redundancy on our application (user accessing  our servers from public) to use either of the 3 IP located from each POP. If one POP fails then it means our application has intelligence to use the available POP that has lowest latency from the user.

Thx,

Mark

-

Hi Jon, pls find below answers... For now we only have the 1st POP, and I want to get some opinion from others before we finalize our design :-)

1.)The plan is to only have EoMPLS. We plan to use this for backup of databases, data and other stuff like moving files from one POP to another.

2.) They would have direct connection (EoMPLS). We plan to use private addressing on this P2P, then provide routing to Mgmt network. (sorry for the confusion on the 1st diagram, the iBGP was full  mesh to each other)

3.) The application would not use VPN, basically it's all using the Public IP that is located on the POP. The redundancy would be a special function on the application to check the availability of each IP (1 IP from POP1, 1 from POP2, etc..). Then we would also provide latency check to these IP dest., so the fastest RTT would be used by the app). The application is from a user in the public Internet. They use Internet to access our services on our servers.

===========

PS. I attached a clearer picture (to illustrate the 2nd design option), wherein I eliminated the iBGP/EoMPLS from the picture, and just put the logic of redundancy on the application. The POP would be an independent site that announces its own prefix (net-A/24 for POP1, etc. etc).

Would that be a better solution ? It's simpler for us to maintain too. Dont bother the inter-POP private communications/Mgmt network, we will figure out that later..

By the way, all POPs are providing the same services, basically they are just back up to another POP, if one POP goes down due to natural disaster, Data Center down, etc..

Thx/Rgds,

Mark

That's a very good point Jon. I will probably test first the one with iBGP in GNS3 to play around with the route leaking between POPs. But, since we're sure we could always provide the intelligence on the client/application, I think we might stick with the 2nd design :-)

 Thanks a lot for your insight! Appreciate it.

Mark

No problem.

I think my confusion came because i assumed if a POP went down the application still needed to get to the same server in the failed POP.

I didn't realise you were running the same service in each POP in which case your solution is by far the easiest to do.

Glad we got there in the end :-)

Jon

I eliminated the idea of iBGP bec of the thought it would be impractical to use the other POP as a transit using EoMPLS ( imagine if POP1 is in USA and POP2 is in Australia, then the client/app is in Sydney, then the POP2 eBGP goes down. We dont want the traffic to go from the client in Sydney --internet-- US and back to Sydney using iBGP).

If the eBGP went down, we just totally consider the POP as not available.. We'd probably put more eBGP links (like dual link or multi-home eBGP on each POP) to make the POP more stable :-)

We'd probably put more eBGP links (like dual link or multi-home eBGP on each POP) to make the POP more stable :-)

That makes a lot of sense and is certainly a lot simpler :-)

Jon

Mark

Just a quick follow up.

Following on from point 2) your setup would mean asymmetric routing could happen ie, inbound and return traffic could via different backup POPs but doesn't necessarily mean that is a bad thing.

One thing I didn't ask about was how are you handling the routing to the internet ?

Are you receiving a default route at each POP from the ISP and are you advertising these to the other POPs ?

Jon

Hi Jon, my bad for not giving enough info...full BGP routes are received to the edge router. Currently thats how we do it on our 1st POP.. Then from edge we run OSPF as IGP to reach our production servers.. currently we announce a Net-A (/24) prefix.

Forgot to mention my plan is to build the same network design on other POPs and run IGP so I can play the cost of the iBGP links to avoid assymetric routing (so return traffic to internet is not exiting at different POP)..  Another way that I think to avoid complexity-- I will only announce the corresponding Net address to each POP and not use iBGP to leak other POP's net (if its eBGP goes down) to a live POP. Maybe we will just use EoMPLS just to have mgmt acccess to other POP devices. We will build the redundancy on our application (user accessing  our servers from public) to use either of the 3 IP located from each POP. If one POP fails then it means our application has intelligence to use the available POP that has lowest latency from the user.

Thx,

Mark

-