cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2245
Views
32
Helpful
14
Replies

Two different locations having same AS number and IP address range

Hi everyone,

One of our customers currently has his Data centre in London and is planning to establish another data centre in Amsterdam as a disaster recovery in case something goes wrong with his DC in London. Is there any way to use the same AS number and IP address range for both datacentres in a manner that BGP in each location is advertising the same IP range, but with London's having a higher priority (using BGP's attributes)?

What do you think?

Thanks in advance...

Moath.

14 Replies 14

Jon Marshall
Hall of Fame
Hall of Fame

Moath

It depends on your topology. Are you sites connected via an MPLS WAN and each site ie. London and Amsterdam peer with their local PE router.

If so then yes you can do this using MED where you give a better preference to the routes being advertised from the London DC.

Jon

Hi Jon,

I keep reading your posts all over the forums as i do admire you. Thanks for your reply.

One of the challenges is that routes having the shortest AS_path are prefered even before MED is validated. So we dont want clients that are closer to Amsterdam to connect to the DC there (unless London's is down).

If the 2 data centres are to be connected to different ISPs, will MPLS WAN still be a valid choice?

Hello Moath,

MPLS WAN makes even more sense with this DR site.

the MPLS provider can use local preference to make the primary site the preferred destination for the subnets for all other enterprise sites.

The PE can increase the local preference inbound on the eBGP session with the CE and have it propagated.

However, in a DR design you need to take in account application requirements: sometimes a manual switchover is preferred to give time to the DR site servers to synchronize / update their DBs

Hope to help

Giuseppe

Guiseppe

Your last point is very well made. We looked into advertising the same IP's out of 2 DC's but the problem is that if you get a minor outage at the main DC site then everything goes to the DR site. If the DC site then comes back up it falls back to the DC.

Your applications may not be able to keep up with this and so as Giuseppe says you need to consider how your applications would handle an automatic switchover.

Jon

Hello,

From your description I understand that the data centers can communicate only over the Internet (no other private physical line between them).

One option is to use AS path prepending for prefix advertised from the Amsterdam site. For more information have a look at section "Use of set as-path prepend Command" of: http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800c95bb.shtml.

This means that other ASs will see the AS path being longer for prefix received from Amsterdam site and might not prefer it for sending traffic to you (control your incoming traffic). You might get some incoming traffic though (not absolute control, but is ok in many cases).

There exists a BGP Conditional Advertisement feature, but I think it is hard (if not impossible) to get it to work properly in your scenario. For more information have a look at:

http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a0080094309.shtml#configs

The problem is the following: you would want to advertise your network from Amsterdam if you do not receive the same network from London. But, your routers cannot accept this update, because it contains their own AS in the AS path (BGP loop prevention). There exists an allowas-in BGP neighbor command option used in MPLS/VPN environment, but I do not know if it can be used in general and I cannot think of some other way that might help with this issue. (If you used another network in non-exist map, that would be yet another approximation.)

I would go for the prepend option, unless someone knows a better feature that escapes me.

Kind Regards,

M.

p.s. I was very focused writing and missed the point where MPLS came into play. I have to read this thread again :-)

Maria,

Its more likely that the data centers can communicate only over the Internet.

Is MPLS a must in for our case?

Hello,

Communication over the Internet is sufficient for your isolated topology to work (even with same AS and network). The Internet has no way of knowing that your sites are isolated (no private circuit between them) and your AS will appear as a single AS multihomed to 2 providers announcing same network via both providers, which is a valid setup. If you use the prepend solution in this scenario, it will probably work in most cases (some incoming traffic may appear in secondary site).

I am not perfectly sure I undertood why MPLS was brought into the discussion. Do you require some additional way (besides the plain Internet) to physically/logically connect your sites?

Kind Regards,

M.

Moath

Thanks for the compliment, much appreciated.

I was envisaging an single AS as your MPLS WAN and then each site connects to that AS. Also as Maria quite rightly pointed out you would have need to use the allowas-in feature if all your sites used the same AS. The last place i worked had a setup like this.

But if the AS_paths are going to be different depending on which site they come from then i agree with Maria in that AS path prepending might be your best option.

Jon

Thanks Jon, Guiseppe and Maria.

I will further investigate your comments and get back to you soon.

Thanks guys.

Moath

I have one more concern.

For the ISPs to advertise our PI subnet via BGP, does it have to be a /24? or can it be smaller such as /25, /26, etc...?

Thanks.

Hello,

A /24 is normally ok. A smaller prefix is normally not acceptable.

Kind Regards,

M.

p.s. In prefix-list's of ISPs you see often the "le 24" (meaning 24 or smaller number for prefix length is expected).

Hi again,

Disaster recovery plans require servers in both DCs to synchronise. How can we assure connectivity between the 2 sites in this case?

Hello Moath,

here is the point where an MPLS provider can be handy:

it can provide a L2 EoMPLS path between the two sites (that can be used as a L3 path or you can use an MPLS VPN).

Again this depends on servers/applications.

And that L2 eoMpls can provide the connection between the two data centers.

I don't think that connecting two datacenters over the internet is a good choice about security: the requirements of privacy and confidentiality would call for the use of forms of encryption and this can lead to performance issues (reduced limited throughput).

What managers would accept to have billing DB traffic mirrored over the internet ?

So even if Internet connections look like attractive, and there are BGP tools for doing it, there are other factors to consider in your choice.

Hope to help

Giuseppe

Giuseppe,

Now I get your point. It should not come as a surprise that I am not any kind of manager :-)

Kind Regards,

M.