One BGP ASN, One /24 net, Two Sites

aronjsmith · ‎12-13-2007

My company owns a class-B network. This network is currently being sent to the Internet via individual /24 nets. We have one ASN.

There is a need to put two separate DNS systems up, but we may not be able to obtain new ASNs. Each site will advertize the SAME /24 nets as eachother.

My concern is that our main site, and each of these two new sites, do not have in-band connectivity to eachother.

Given that the query-response nature of UDP/DNS is the only service planned for deployment at the new sites, I'm not overly worried about route fluctuation on the Internet core breaking a long-running TCP session by suddenly switching which site is getting the packets.

My concern is that some ISP out there may think they can reach our "site-a" via "site-b" simply because the same ASN is in use multiple times -- yet they are really three separate autonomous systems from a pure routing standpoint.

Thoughts?

mheusing · ‎12-13-2007

Hi,

The "flaw" in the suggested design is the use of official duplicate IP addresses, if I understand your scenario correctly. Take this and the fact, that BGP only announces the best path for a given route, one can conclude, that every single AS in the internet will only have connectivity to one site with the duplicate /24 at any given time.

Which path is prefered is SOLELY the decision of the admins in an AS and thus might be changed at any time without further notice.

Just as a side note: to my knowledge DNS uses TCP for zone transfers.

For me those points strongly suggest that you use different subnets in the different locations unless there are specific requirements for the design at hand. Yet I somewhat doubt, that the same requirements could not be met with separate IP subnets in the different sites.

My 2 cents.

Regards, Martin

Robert Ho · ‎03-16-2009

hey all, we have a customer with a very similar situation. each site will run bgp with a differnet isp. both sites have duplicate setups using the same IP block. site A will be active. site B will only receive traffic if site A fails altogether. AS path prepending at site B will be implemented so that it will only be preferred if site A fails.

in theory, all those in the Internet cloud should have 2 entries for that /24 block. one active in the routing table and the other only in the bgp table. i am hoping that they would accept the prefix from both locations.

any input would be appreciated.

Giuseppe Larosa · ‎03-16-2009

Hello Robert,

>> AS path prepending at site B will be implemented so that it will only be preferred if site A fails.

this is an hope not a sure fact.

prepending is a way to try to influence return path to your AS but actually this happens only in part.

If someone sends back the traffic to site B two ways communication is broken.

You should use BGP conditional advertising on siteB to be sure that it is used only when siteA fails.

see

http://www.cisco.com/en/US/docs/ios/12_0/np1/configuration/guide/1cbgp.html#wp9071

Hope to help

Giuseppe

Robert Ho · ‎03-16-2009

hi Giuseppe,

site B will be dormant and will only send out traffic unless site A fails altogether. the failure of site A will occur if its ebgp session goes down or there is complete power failure. hence, there will be no prefix advertisement via bgp from site A.

our concern is the internet cloud. we just need to assure that those in between will re-route traffic if site A fails. pls keep in mind that both site A and site B are in 2 different physical locations. thanks for the help.

Giuseppe Larosa · ‎03-16-2009

Hello Robert,

I was speaking of return traffic from Internet not of what site B is sending out

Suppose someone that prefers siteB receives traffic from siteA: it will try to send traffic back to siteB where no server is ready to accept it.

Because you cannot be sure that someone will not see SiteB preferred to site A you haven't 100% coverage of internet.

So from this comes the suggestion to use conditional BGP advertising so that siteB starts to advertise when siteA fails.

Hope to help

Giuseppe

Robert Ho · ‎03-16-2009

hi, we will do whatever it takes to assure that site B is not the preferred path from the Internet. AS Path prepending is the most simple yet effective implementation. are you stating that it may not work?

Giuseppe Larosa · ‎03-16-2009

Hello Robert,

>> Path prepending is the most simple yet effective implementation. are you stating that it may not work?

not for every possible ISP in the internet.

If someone rises the local preference of ISP-2 learned routes the As path length becomes meaningless

see

http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094431.shtml

Hope to help

Giuseppe

Mohamed Sobair · ‎03-16-2009

Hi Gui,

Where is he going to implement "BGP Conditional Advertisment"? Do you mean On both routers?

The best approach is to connect his edge routers through IBGP?

HTH

Mohamed

Giuseppe Larosa · ‎03-16-2009

Hello Mohamed,

my understanding is that the two sites share no direct connection between them.

I agree the best solution would be that of using a L2 transport service like a point-to-point EoMPLS service and to run IBGP and other protocols over them to make this direct link.

then when the iBGP session fails siteB should start to advertise the /24 prefix to ISP-2.

You are right I didn't specify how siteB could monitor siteA health.

Note: the part of internet that can prefer ISP-2 in any case (regardless of prepending) is made of all those ISPs that have a peering agreement with ISP-2

Edit:

another possible way would be that of checking in SiteB the existance of siteA advertisement of the /24 address block.

When the /24 vanishes it triggers siteB advertising of the same /24 prefix.

Hope to help

Giuseppe