Solved: Floating Static Routes vs BGP Default Route

mitchell helton · ‎08-09-2017

Hey there!

We're looking to move to doing BGP with our ISPs as we host some public facing services on site. This would be multi-homed via a single local router to two ISPs.

So that's the reason we're looking to do BGP for inbound purposes.

For outbound, we're currently using floating static routes and PBR to utilize both providers. As I was thinking through the design of moving to BGP and started labbing this up, I think I like the idea of ECMP with IP SLA for outbound.

My question is, would it be an unusual or discouraged design to do BGP with our two ISPs for inbound purposes (advertise them our public IP space) but for outbound use ECMP instead of having them send us a default route?

I was reading through this (specifically the section of load sharing with a single local router and multiple ISPs), and I'm not completely opposed to the idea - in fact I'd rather use dynamic routing, but here's my concern. We've had numerous outages through one of our providers where they have a fiber cut, internal failure, etc and our interface facing them stays up. And even a few hops inside of their network is still 'up', but the traffic fails before it makes it outside of their network to the rest of the internet. During a failure like this, how would anything other than IP SLA with static routes catch this failure? I'm concerned if we used their advertised default routes we'd run the risk of being blackholed during this type of outage.

Hope this makes sense. I appreciate your help and look forward to your thoughts!

Thanks!!

mitch

Jon Marshall · ‎08-09-2017

For the specific example you give if the only route is the default then yes if the provider network fails within it's AS then only IP SLA would catch this assuming you were still receiving the default.

But then the obvious answer would be to get a more reliable provider if possible.

Personally I pretty much always recommend dynamic routing over static and IP SLA but if you really are tied to that provider then it may be worth considering.

Alternatively you could receive more routes from the provider but it depends on your router really.

There is no right or wrong answer.

Jon

View solution in original post

Jon Marshall · ‎08-09-2017

For the specific example you give if the only route is the default then yes if the provider network fails within it's AS then only IP SLA would catch this assuming you were still receiving the default.

But then the obvious answer would be to get a more reliable provider if possible.

Personally I pretty much always recommend dynamic routing over static and IP SLA but if you really are tied to that provider then it may be worth considering.

Alternatively you could receive more routes from the provider but it depends on your router really.

There is no right or wrong answer.

Jon

mitchell helton · ‎08-09-2017

Thanks so much for the advice and help!

And regarding the reliable provider bit, that's a whole 'nother can of worms. ;)

paul driver · ‎08-09-2017

Hello

I agree with Jon, Dynamic routing would be a better solution, with perform egress path manipulation via bgp weight PA and ingress path manipulation with as-path prepending.

Regards failure within the ISP cloud then you can always implement your ip sla tracking with embedded event manager (EMM) which if applicable can be set to shutdown the bgp peering automatically if the tracking is initiated thus providing an automatic failover to the less preferred ISP

You can even Load share between the two ISP's if applicable and still apply the above failover

res
Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

mitchell helton · ‎08-10-2017

Thanks for the advice!