We have a headquarters location where we currently use BGP to multihome to two Internet providers. We have a /16 IP network. We run an active/standby scenario, where the less preferred Internet connection gets used only if the preferred one fails. We will be adding a disaster recovery site at a different location.
1. Can we add the DR site, configuring it to be the least preferred BGP path such that it gets used only if both connections at the headquarters site fail?
2. Can we advertise a specific subnet of the /16, such that traffic for the subnet always gets routed to the DR site, but the rest of the /16 gets routed to headquarters, unless headquarters fails, in which case all traffic goes to the DR site?
The most common approach I've seen is to use AS Prepending to make a particular site "less" preferred. To make a site "less" preferred over another, just prepend you AS more times.
For example, if your current backup site is prepending your AS 3 times, make your new DR site prepend is 4 or more times. This works well to direct most users to your primaary site with one exception. Customers who use the ISP that is connected to your new DR site (assuming only one ISP at that site) probably will still prefer the new DR site over the internet route. To redirect those users, you would have to make that route less preferred using a better method like local preferrence.
If you ISP supports RFC 1998 communities for local preference, then you can force that route to be less preffered just by setting a community, like this: xxxx:70 (the xxxx would be your ISP's AS and 70 would be the local-pref you want assigned to that route.) If that isn't supported, than you would have to contact your ISP to have them depreffer your local route.
For your second question, the answers is yes. IP works on a longest match rule, so as long as you advertise a prefix that is long enough to be carried by everyone (a /24 is your safest bet as some large carriers drop /25's) than that longer match route will be preferred.
See attached diagram: I need to do the following: (NOTE: The Firewall and the EIGRP are connected to VRF-C / REMOTE SITE and TRANSIT routers are in the same location) For VRF-B to Communicate with VRF-C, the traffic has to go through the tr...
Community Live- ISR1100X-4G and ISR1100X-6G Platform Overview and Architecture
(Live event - Tuesday, 23 March, 2021 at 10:00 am Pacific/ 1:00 pm Eastern / 7:00 pm Paris)-
This event will have place on Tuesday 23rd, March 2021 at 10:00 hrs PDT&...
Cisco Secure Network Access is helping IT to bridge the gap between what is essential to the business and what the network delivers and to build the next-generation campus network for an unplugged and uninterrupted experience.
Learn more about how these w...
(view in My Videos)
Community Live- New Additions to the Catalyst 8000 Family
(Live event - Tuesday, 23 February, 2021 at 10:00 am Pacific/ 1:00 pm Eastern / 7:00 pm Paris)-
This event had place on Tuesday 23rd, February 2021 at 10:00 hrs PDT...
This event had place on Tuesday 23rd, February 2021 at 10hrs PDT
Designed for an intent-based network, the Cisco Catalyst 8000 Edge Platforms family offers best-in-class networking and security combined. The platforms, available in b...