Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
807
Views
0
Helpful
3
Replies

Migrating 2 datacentres to PI address space & BGP with single ASN?

colin_cashin
Level 1
Level 1

‎01-13-2014 05:59 AM - edited ‎03-04-2019 10:03 PM

Hey folks

I'm looking for feedback on the following scenario:

Current setup:

2 data centres with 2 different colo providers in North America with provider assigned ipv4 /24 prefixes. No BGP peers - just default routing from data centres to colo provided blended IP transit service.

New setup:

Recently secured /22 ipv4 address block so moving to provider independence in both DCs. Single 32-bit ASN assigned also. Plan to carve assignment into 2 x /23 blocks  - one for each DC -  and announce 2 x /24 prefixes from each DC. Deploy 2nd IP transit provider in each DC for carrier resiliency and move from default routing to BGP peering (multi-homed) with providers in each DC.

Simple enough so far. My query is with regard the ASN. We have no plans to connect the external border network in each DC and have no direct connectivity to achieve this. Our public facing services do not require failover between the DCs either however services in one DC may need to communicate with services in the other via public IPs. So does it make more sense to apply for a 2nd ASN and create 2 automonous systems or from a routing policy perspective what implicatons would having the same AS effectively split in 2 and announcing differnet prefixes introduce? Hope this makes sense..

Labels:
0 Helpful
3 Replies 3

Jon Marshall
Hall of Fame
Hall of Fame

‎01-13-2014 09:35 AM

Colin

If i understand correctly you are going to have each DC advertise out it's own subnets but not each others. If this is the case then yes you can do it but you need extra configuration. The issue is that the AS PATH is used for loop prevention so if an EBGP router receives a route advertisement and sees it's own AS in the path it will not accept the route. So on your DC BGP routers you would need to add -

router bgp

neighbor allowas-in where x is the number of occurences of your own AS in the path.

Obviously because you are overriding the loop protection measure you need to be sure you are not creating a routing loop but from what you have described that is highly unlikely.

In fact this is quite a common setup with an MPLS VPN setup where a customer uses the same AS for multiple sites and peers with the provider using their own AS. I appreciate this is not MPLS but the principle is the same.

With the above configuration each DC will receive and accept the route advertisements for the other DC via the provider connections and should be able to route between each other.

How are you proposing to use your secondary connections. Is it just for backup in case the primary link fails or are you looking to load share at each DC ?

Jon

0 Helpful

colin_cashin
Level 1
Level 1
In response to Jon Marshall

‎01-14-2014 03:02 PM

Hey Jon

Thanks for the detailed response. I had figured this might be the only implication so I'm glad this aligns with my thinking!

I always like to ask an expert before moving on with assumptions. Good to know the bgp config options to achieve this.

To answer your question, the secondary links will act as backup in each DC only.

C

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to colin_cashin

‎01-14-2014 03:07 PM

Colin

I always like to ask an expert before moving on with assumptions.

Not sure that applies to me but thanks for the compliment

Jon

0 Helpful
Customers Also Viewed These Support Documents