BGP at multisite corporation with redundant links

BGP at multisite corporation with redundant links

Post by Ernie Oport » Sun, 21 Jan 2001 06:45:23



We are in the process of requesting our ASN and will be getting our
equipment in the near future.  The plan is for each of three sites to
have redundant links with a common ISP at each of those sites as one of
the links.  The other link at each site would be a large regional ISP
as a backup link.  Each site is connected to the others through VPNs
through these same links, so if both links go down, its probably not
beneficial to have site B think it can route to site A internally.

When requesting the ASNs, am I supposed to be requesting one for each
site, or one for the corporation?  I do not want traffic for site A
routed to site B.  I just want to make sure that if link 1 at site A
goes down, traffic automatically flows through link 2.  And so on for
the other sites, but not necessarily that they communicate other than
through the VPNs which would only be up anyway if the links were
healthy.

Am I right to assume that I cannot get any load balancing between the
two ISPs so that we effectively bond the two links at each site?

--
http://www.shokk.com
ICQ-17933910  Ernie "Shokk" Oporto

Sent via Deja.com
http://www.deja.com/

 
 
 

BGP at multisite corporation with redundant links

Post by Barry Margoli » Sun, 21 Jan 2001 07:21:05




Quote:>We are in the process of requesting our ASN and will be getting our
>equipment in the near future.  The plan is for each of three sites to
>have redundant links with a common ISP at each of those sites as one of
>the links.  The other link at each site would be a large regional ISP
>as a backup link.  Each site is connected to the others through VPNs
>through these same links, so if both links go down, its probably not
>beneficial to have site B think it can route to site A internally.

>When requesting the ASNs, am I supposed to be requesting one for each
>site, or one for the corporation?  I do not want traffic for site A
>routed to site B.  I just want to make sure that if link 1 at site A
>goes down, traffic automatically flows through link 2.  And so on for
>the other sites, but not necessarily that they communicate other than
>through the VPNs which would only be up anyway if the links were
>healthy.

Since you will be routing between the sites using VPNs, you can treat them
as one network, and should only need one ASN.  Treat the VPN tunnels as if
they were private WAN links.  As long as site B's router doesn't advertise
any of site A's networks, traffic for A will not be routed through B.

If you don't use VPNs, you would probably have to get a unique ASN for each
site.  This is because eBGP uses ASNs to prevent routing loops -- if a
route contains AS 10 in its AS path, it won't be advertised to a peer in AS
10.  So site A wouldn't know how to get to site B's networks.

However, if you're not getting full routing tables from the ISPs, you could
get away without this.  Since you'll have a default route, it will be used
to reach the other site's networks, even though you're not learning them
via BGP.

Quote:>Am I right to assume that I cannot get any load balancing between the
>two ISPs so that we effectively bond the two links at each site?

It's hard to get even load balancing, but you should be able to get some
load sharing.  If a site advertises its address block to both ISPs, doesn't
pad the AS path to either, and both ISPs are at the same tier, you can
expect traffic to come in through both (the sending sites will use
whichever ISP is closer to them).  And if you get them to send you full
routing tables, you can choose the best outbound path for traffic, and it
will probably be shared across both links.

--

Genuity, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.

 
 
 

BGP at multisite corporation with redundant links

Post by Vincent C Jon » Sun, 21 Jan 2001 09:54:31


You may want to develop an alternative plan in case you can only get 1
ASN. With only about 30,000 unassigned ASN's left in the world, it may be
hard to get three simply so you can save money with VPNs. But you never
know...

Good luck and keep us informed!

Vincent C Jones



Quote:>We are in the process of requesting our ASN and will be getting our
>equipment in the near future.  The plan is for each of three sites to
>have redundant links with a common ISP at each of those sites as one of
>the links.  The other link at each site would be a large regional ISP
>as a backup link.  Each site is connected to the others through VPNs
>through these same links, so if both links go down, its probably not
>beneficial to have site B think it can route to site A internally.

>When requesting the ASNs, am I supposed to be requesting one for each
>site, or one for the corporation?  I do not want traffic for site A
>routed to site B.  I just want to make sure that if link 1 at site A
>goes down, traffic automatically flows through link 2.  And so on for
>the other sites, but not necessarily that they communicate other than
>through the VPNs which would only be up anyway if the links were
>healthy.

>Am I right to assume that I cannot get any load balancing between the
>two ISPs so that we effectively bond the two links at each site?

>--
>http://www.shokk.com
>ICQ-17933910  Ernie "Shokk" Oporto

>Sent via Deja.com
>http://www.deja.com/

--
Dr. Vincent C. Jones, PE              Author of the Addison-Wesley book
Computer Network Consultant           High Availability Networking with
Networking Unlimited, Inc.            Cisco, follow the web link below.
14 Dogwood Lane, Tenafly, NJ 07670
http://www.networkingunlimited.com

-----= Posted via Newsfeeds.Com, Uncensored Usenet News =-----
http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
-----==  Over 80,000 Newsgroups - 16 Different Servers! =-----

 
 
 

BGP at multisite corporation with redundant links

Post by briaus.. » Sun, 21 Jan 2001 12:57:31


VPNs are only connecting the three sites together.  The VPN is only
known to the company's network itself, not the Internet as a whole.  As
far as the ISPs are concerned, they are still three separate networks.

BGP requires a continuous network to function correctly.  One ASN for
three separated sites wouldn't work.  Your scenario requires three ASNs.

The only way to make this work (that I can think of right now) is to
connect your three sites together with its own network.  Instead of
having two ISPs at each site, use one ISP at each site and link the
networks together with leased lines.  If your ISP goes down, the site
still has the leased line back through another site to the ISP.  If your
leased line goes down, your VPN still has a route back.  Problems might
arise, however, since your networks are now announcing their ASNs in two
different places.  Messy.

Of course, money plays a major part here since long haul circuits aren't
cheap.



> You may want to develop an alternative plan in case you can only get 1
> ASN. With only about 30,000 unassigned ASN's left in the world, it may
be
> hard to get three simply so you can save money with VPNs. But you
never
> know...

> Good luck and keep us informed!

> Vincent C Jones



> >We are in the process of requesting our ASN and will be getting our
> >equipment in the near future.  The plan is for each of three sites to
> >have redundant links with a common ISP at each of those sites as one
of
> >the links.  The other link at each site would be a large regional ISP
> >as a backup link.  Each site is connected to the others through VPNs
> >through these same links, so if both links go down, its probably not
> >beneficial to have site B think it can route to site A internally.

> >When requesting the ASNs, am I supposed to be requesting one for each
> >site, or one for the corporation?  I do not want traffic for site A
> >routed to site B.  I just want to make sure that if link 1 at site A
> >goes down, traffic automatically flows through link 2.  And so on for
> >the other sites, but not necessarily that they communicate other than
> >through the VPNs which would only be up anyway if the links were
> >healthy.

> >Am I right to assume that I cannot get any load balancing between the
> >two ISPs so that we effectively bond the two links at each site?

> >--
> >http://www.shokk.com
> >ICQ-17933910  Ernie "Shokk" Oporto

> >Sent via Deja.com
> >http://www.deja.com/

> --
> Dr. Vincent C. Jones, PE              Author of the Addison-Wesley
book
> Computer Network Consultant           High Availability Networking
with
> Networking Unlimited, Inc.            Cisco, follow the web link
below.
> 14 Dogwood Lane, Tenafly, NJ 07670
> http://www.networkingunlimited.com

> -----= Posted via Newsfeeds.Com, Uncensored Usenet News =-----
> http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
> -----==  Over 80,000 Newsgroups - 16 Different Servers! =-----

Sent via Deja.com
http://www.deja.com/
 
 
 

BGP at multisite corporation with redundant links

Post by Berni » Sun, 21 Jan 2001 13:58:17


One other thing to consider is that leasing two lines for each site
doesn't necessarily give you fault tolerance.  Although you have
designed the primary/backup scheme with separate providers, have you
considered that the leased line runs (99% of the time) to the same
exact CO, and that the odds are heavily that the two lines also run in
the same conduit.  If this is the case, you have no "backhoe"
redundancy and no CO redundancy.  These are things to consider when
you are mistakenly believe you are paying for true redundancy through
multiple lines.  The only thing you gain by this is protection from
ISP failure which might not be worth the cost of the extra line.

Basically, I noticed that you desire fault tolerance by purchasing
multiple leased lines per site.  Neither telco nor your ISPs will
bother to mention this because it means more money for them.  This is
just something else to think about.  Also if you follow the suggestion
about leased lines between your three sites, you still will be going
through the same CO (and probably the same conduit), so you won't get
any additional redundancy with this method either.  

>VPNs are only connecting the three sites together.  The VPN is only
>known to the company's network itself, not the Internet as a whole.  As
>far as the ISPs are concerned, they are still three separate networks.

>BGP requires a continuous network to function correctly.  One ASN for
>three separated sites wouldn't work.  Your scenario requires three ASNs.

>The only way to make this work (that I can think of right now) is to
>connect your three sites together with its own network.  Instead of
>having two ISPs at each site, use one ISP at each site and link the
>networks together with leased lines.  If your ISP goes down, the site
>still has the leased line back through another site to the ISP.  If your
>leased line goes down, your VPN still has a route back.  Problems might
>arise, however, since your networks are now announcing their ASNs in two
>different places.  Messy.

>Of course, money plays a major part here since long haul circuits aren't
>cheap.



>> You may want to develop an alternative plan in case you can only get 1
>> ASN. With only about 30,000 unassigned ASN's left in the world, it may
>be
>> hard to get three simply so you can save money with VPNs. But you
>never
>> know...

>> Good luck and keep us informed!

>> Vincent C Jones



>> >We are in the process of requesting our ASN and will be getting our
>> >equipment in the near future.  The plan is for each of three sites to
>> >have redundant links with a common ISP at each of those sites as one
>of
>> >the links.  The other link at each site would be a large regional ISP
>> >as a backup link.  Each site is connected to the others through VPNs
>> >through these same links, so if both links go down, its probably not
>> >beneficial to have site B think it can route to site A internally.

>> >When requesting the ASNs, am I supposed to be requesting one for each
>> >site, or one for the corporation?  I do not want traffic for site A
>> >routed to site B.  I just want to make sure that if link 1 at site A
>> >goes down, traffic automatically flows through link 2.  And so on for
>> >the other sites, but not necessarily that they communicate other than
>> >through the VPNs which would only be up anyway if the links were
>> >healthy.

>> >Am I right to assume that I cannot get any load balancing between the
>> >two ISPs so that we effectively bond the two links at each site?

>> >--
>> >http://www.shokk.com
>> >ICQ-17933910  Ernie "Shokk" Oporto

>> >Sent via Deja.com
>> >http://www.deja.com/

>> --
>> Dr. Vincent C. Jones, PE              Author of the Addison-Wesley
>book
>> Computer Network Consultant           High Availability Networking
>with
>> Networking Unlimited, Inc.            Cisco, follow the web link
>below.
>> 14 Dogwood Lane, Tenafly, NJ 07670
>> http://www.networkingunlimited.com

>> -----= Posted via Newsfeeds.Com, Uncensored Usenet News =-----
>> http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
>> -----==  Over 80,000 Newsgroups - 16 Different Servers! =-----

>Sent via Deja.com
>http://www.deja.com/

--Bernie
 
 
 

BGP at multisite corporation with redundant links

Post by briaus.. » Sun, 21 Jan 2001 14:18:55


Good point that I hadn't considered.

One thing I have done in the distant past was require circuits going to
two CO's for a corporate WAN.  The only single failure point was the
underground conduit running from the street to the building.  Of course,
the corporation was located in a major metro area that had two LECs,
both of which happened to be in T-1 local loop range.

Could look at microwave connections to a local CO or ISP as well.  Heh,
that won't be terribly cheap either.

In article



> One other thing to consider is that leasing two lines for each site
> doesn't necessarily give you fault tolerance.  Although you have
> designed the primary/backup scheme with separate providers, have you
> considered that the leased line runs (99% of the time) to the same
> exact CO, and that the odds are heavily that the two lines also run in
> the same conduit.  If this is the case, you have no "backhoe"
> redundancy and no CO redundancy.  These are things to consider when
> you are mistakenly believe you are paying for true redundancy through
> multiple lines.  The only thing you gain by this is protection from
> ISP failure which might not be worth the cost of the extra line.

> Basically, I noticed that you desire fault tolerance by purchasing
> multiple leased lines per site.  Neither telco nor your ISPs will
> bother to mention this because it means more money for them.  This is
> just something else to think about.  Also if you follow the suggestion
> about leased lines between your three sites, you still will be going
> through the same CO (and probably the same conduit), so you won't get
> any additional redundancy with this method either.

> >VPNs are only connecting the three sites together.  The VPN is only
> >known to the company's network itself, not the Internet as a whole.
As
> >far as the ISPs are concerned, they are still three separate
networks.

> >BGP requires a continuous network to function correctly.  One ASN for
> >three separated sites wouldn't work.  Your scenario requires three
ASNs.

> >The only way to make this work (that I can think of right now) is to
> >connect your three sites together with its own network.  Instead of
> >having two ISPs at each site, use one ISP at each site and link the
> >networks together with leased lines.  If your ISP goes down, the site
> >still has the leased line back through another site to the ISP.  If
your
> >leased line goes down, your VPN still has a route back.  Problems
might
> >arise, however, since your networks are now announcing their ASNs in
two
> >different places.  Messy.

> >Of course, money plays a major part here since long haul circuits
aren't
> >cheap.



> >> You may want to develop an alternative plan in case you can only
get 1
> >> ASN. With only about 30,000 unassigned ASN's left in the world, it
may
> >be
> >> hard to get three simply so you can save money with VPNs. But you
> >never
> >> know...

> >> Good luck and keep us informed!

> >> Vincent C Jones



> >> >We are in the process of requesting our ASN and will be getting
our
> >> >equipment in the near future.  The plan is for each of three sites
to
> >> >have redundant links with a common ISP at each of those sites as
one
> >of
> >> >the links.  The other link at each site would be a large regional
ISP
> >> >as a backup link.  Each site is connected to the others through
VPNs
> >> >through these same links, so if both links go down, its probably
not
> >> >beneficial to have site B think it can route to site A internally.

> >> >When requesting the ASNs, am I supposed to be requesting one for
each
> >> >site, or one for the corporation?  I do not want traffic for site
A
> >> >routed to site B.  I just want to make sure that if link 1 at site
A
> >> >goes down, traffic automatically flows through link 2.  And so on
for
> >> >the other sites, but not necessarily that they communicate other
than
> >> >through the VPNs which would only be up anyway if the links were
> >> >healthy.

> >> >Am I right to assume that I cannot get any load balancing between
the
> >> >two ISPs so that we effectively bond the two links at each site?

> >> >--
> >> >http://www.shokk.com
> >> >ICQ-17933910  Ernie "Shokk" Oporto

> >> >Sent via Deja.com
> >> >http://www.deja.com/

> >> --
> >> Dr. Vincent C. Jones, PE              Author of the Addison-Wesley
> >book
> >> Computer Network Consultant           High Availability Networking
> >with
> >> Networking Unlimited, Inc.            Cisco, follow the web link
> >below.
> >> 14 Dogwood Lane, Tenafly, NJ 07670
> >> http://www.networkingunlimited.com

568-7269

> >> -----= Posted via Newsfeeds.Com, Uncensored Usenet News =-----
> >> http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
> >> -----==  Over 80,000 Newsgroups - 16 Different Servers! =-----

> >Sent via Deja.com
> >http://www.deja.com/

> --Bernie

Sent via Deja.com
http://www.deja.com/
 
 
 

BGP at multisite corporation with redundant links

Post by pernell jacob » Sun, 21 Jan 2001 23:38:40


Is this what you are saying? The only situation where a company can
get away with using only one ASN is if the remote sites have internal
connectivity with each other? If this is the case, can you go into a
little more detail how VPN can overcome this?

Quote:>> >BGP requires a continuous network to function correctly.  One ASN for
>> >three separated sites wouldn't work.  Your scenario requires three
>ASNs.

>> >The only way to make this work (that I can think of right now) is to
>> >connect your three sites together with its own network.  Instead of
>> >having two ISPs at each site, use one ISP at each site and link the
>> >networks together with leased lines.  If your ISP goes down, the site
>> >still has the leased line back through another site to the ISP.  If
>your
>> >leased line goes down, your VPN still has a route back.  Problems
>might
>> >arise, however, since your networks are now announcing their ASNs in
>two
>> >different places.  Messy.

>> >Of course, money plays a major part here since long haul circuits
>aren't
>> >cheap.

-----= Posted via Newsfeeds.Com, Uncensored Usenet News =-----
http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
-----==  Over 80,000 Newsgroups - 16 Different Servers! =-----
 
 
 

BGP at multisite corporation with redundant links

Post by baustin2.. » Mon, 22 Jan 2001 02:58:47


http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/vpn.htm for a
background on VPN definition.

Basically, the VPN structure is a trusted relationship between two or
more separate networks or clients.  The networks themselves are shared
via a public infrastructure aka the Internet.

A VPN will NOT overcome the continuous network requirement since the
routing of the packet still occurs on the public infrastructure.  The
VPN merely allows more security and the illusion that a remote network
is actually part of your internal network (for the most part).

BGP requires one continuous network due to the way it advertises routes.
 BGP itself is not actually a routing protocol, it's merely a pointer on
where the IP actually is.  If you have access to an Internet router
that's running BGP and do a "show ip bgp route x.x.x.x", the destination
shown is not your next hop (as in other routing protocols such as OSPF)
but your final destination leaving YOUR ASN into another network.  Most
ISPs (from my personal experience) use BGP for external routing and
another routing protocol, such as OSPF or IS-IS, for internal routing.
BGP tells you where to go, OSPF tells you how to get there.  (Yes, BGP
can be used for internal routing but it takes too much work from my
experience)

So what happens with three separate networks?  (Where's a whiteboard
when you need it?)

Each network is announcing the same ASN but with different routes inside
them.  BGP, however, doesn't care.  It knows that to get to 10.1.1.0/24,
it needs to get to ASN 32994 so it sends the packet to the nearest point
that connects to that ASN.  (I am, of course, making up IPs and ASNs).
Once the packet gets there, however, the local network checks its
routing table and finds that, yes, the destination is in its ASN (from
other BGP announcements coming in from other networks) but it has no
INTERNAL route to that destination.  Even if the packet is sent back out
to the other network, it STILL comes back since its the closet point for
the ASN from the other network.  Essentially you either get a routing
loop, TTL expirations, or destination unreachable.

Looking at the problem again, I can see a couple of options that MIGHT
work if all the conditions are right.  They all require some degree of
assistance from the ISPs, though, since the BGP announcements from
them would have to be tuned to move the networks toward the correct ASN
gateways.  I'm not sure that the ISPs would actually go for it without a
sizable fee.

The other problem is that I don't know if ASNs are regulated in such a
way that requires a single continuous network.  The IANA or other
authority might simply say it can't be done because we don't want it to
be done.

Best bet: work with your main ISP's engineers to see what can be done.
Creativity is part of the solution process and I've seen some pretty
creative thinking by a lot of those engineers!



Quote:> Is this what you are saying? The only situation where a company can
> get away with using only one ASN is if the remote sites have internal
> connectivity with each other? If this is the case, can you go into a
> little more detail how VPN can overcome this?

> >> >BGP requires a continuous network to function correctly.  One ASN
for
> >> >three separated sites wouldn't work.  Your scenario requires three
> >ASNs.

> >> >The only way to make this work (that I can think of right now) is
to
> >> >connect your three sites together with its own network.  Instead
of
> >> >having two ISPs at each site, use one ISP at each site and link
the
> >> >networks together with leased lines.  If your ISP goes down, the
site
> >> >still has the leased line back through another site to the ISP.
If
> >your
> >> >leased line goes down, your VPN still has a route back.  Problems
> >might
> >> >arise, however, since your networks are now announcing their ASNs
in
> >two
> >> >different places.  Messy.

> >> >Of course, money plays a major part here since long haul circuits
> >aren't
> >> >cheap.

> -----= Posted via Newsfeeds.Com, Uncensored Usenet News =-----
> http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
> -----==  Over 80,000 Newsgroups - 16 Different Servers! =-----

Sent via Deja.com
http://www.deja.com/
 
 
 

BGP at multisite corporation with redundant links

Post by Vincent C Jon » Mon, 22 Jan 2001 01:21:22




Quote:>Is this what you are saying? The only situation where a company can
>get away with using only one ASN is if the remote sites have internal
>connectivity with each other? If this is the case, can you go into a
>little more detail how VPN can overcome this?

A few more comments, than I'll sit back and watch quietly...

There are several ways you can approach your design, and a wide range of
challenges you will need to consider (shameless plug... buy my book High
Availability Networking with Cisco and read it cover to cover... you
would be amazed at the various ways a network can fail and what it takes
to make redundant connections and equipment work to maintain
communications during typical, yet alone abnormal, failures. See
http://www.networkingunlimited.com/bookpages.html for more info).

As has been noted, you will either need an ASN for each location
(unlikely, given the scarcity of ASN's and the precedent it would set)
or you need solid connectivity between your sites so they can all be
advertised with the same ASN. You are going to need to really think
through just what you want to accomplish and what your budget is and
what different levels of communications efficiency and robustness are
worth.

For example, if you don't want private links between your sites, you
could use the same two providers at each site and provide independent
VPNs over each of the two providers between each of your sites. Then
use your real ASN to advertise an independent set of public addresses
that can to be accessed from the outside world.

Alternatively, forget BGP for public access and just use VPN's between
your sites for internal communications. Put the stuff that must be
accessed from the outside in a service center which is equipped to
provide the level of connectivity you need for your public offerings.
The problems which must be solved for an e-commerce web server and the
problems which must be solved for users to surf can be solved in
different ways. High availability of your VPN connections is yet another
set of problems to be solved, with a bit of both.

Good luck and have fun!

Vincent C Jones

--
Dr. Vincent C. Jones, PE              Author of the Addison-Wesley book
Computer Network Consultant           High Availability Networking with
Networking Unlimited, Inc.            Cisco, follow the web link below.
14 Dogwood Lane, Tenafly, NJ 07670
http://www.networkingunlimited.com

-----= Posted via Newsfeeds.Com, Uncensored Usenet News =-----
http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
-----==  Over 80,000 Newsgroups - 16 Different Servers! =-----

 
 
 

BGP at multisite corporation with redundant links

Post by David Schwart » Mon, 22 Jan 2001 05:03:03



> Each network is announcing the same ASN but with different routes inside
> them.  BGP, however, doesn't care.  It knows that to get to 10.1.1.0/24,
> it needs to get to ASN 32994 so it sends the packet to the nearest point
> that connects to that ASN.  (I am, of course, making up IPs and ASNs).
> Once the packet gets there, however, the local network checks its
> routing table and finds that, yes, the destination is in its ASN (from
> other BGP announcements coming in from other networks) but it has no
> INTERNAL route to that destination.  Even if the packet is sent back out
> to the other network, it STILL comes back since its the closet point for
> the ASN from the other network.  Essentially you either get a routing
> loop, TTL expirations, or destination unreachable.

        It sure does have an internal route to that destination, through the
VPN tunnel. So it should encapsulate the packet and put it in a tunnel
that goes to the other part of the AS. Just remember that your VPN
tunnels need to be redundant and need to have their endpoints numbered
inside blocks owned by your providers, not you.

        DS

 
 
 

BGP at multisite corporation with redundant links

Post by baustin2.. » Mon, 22 Jan 2001 15:32:00





> > Each network is announcing the same ASN but with different routes
inside
> > them.  BGP, however, doesn't care.  It knows that to get to
10.1.1.0/24,
> > it needs to get to ASN 32994 so it sends the packet to the nearest
point
> > that connects to that ASN.  (I am, of course, making up IPs and
ASNs).
> > Once the packet gets there, however, the local network checks its
> > routing table and finds that, yes, the destination is in its ASN
(from
> > other BGP announcements coming in from other networks) but it has no
> > INTERNAL route to that destination.  Even if the packet is sent back
out
> > to the other network, it STILL comes back since its the closet point
for
> > the ASN from the other network.  Essentially you either get a
routing
> > loop, TTL expirations, or destination unreachable.

>    It sure does have an internal route to that destination, through
the
> VPN tunnel. So it should encapsulate the packet and put it in a tunnel
> that goes to the other part of the AS. Just remember that your VPN
> tunnels need to be redundant and need to have their endpoints numbered
> inside blocks owned by your providers, not you.

>    DS

Are you saying that the packet should be destined for the other site's
serial IP rather than their internal network?  That's the only way it
would work that I can think of.

Regardless of who owns the blocks, they're still advertised by the ASN
that has the network.  The only networks that wouldn't be advertised by
the corporate site but would be by the ISP would be the /30 transport
networks.  A problem might arise, however, if the ISP is using private
addresses for transport networks as some regional ISPs are doing now.
That wouldn't be advertised but would be routable as long as both sites
are on the same network.

[Light click] Ok, I see what the next message was referring to (Vincent
Jones) regarding same ISPs for every connection.  Routing to the serial
IP would insure that the packet doesn't have to leave the AS and staying
inside the AS means that even private addresses would work (most
likely).

Sent via Deja.com
http://www.deja.com/

 
 
 

BGP at multisite corporation with redundant links

Post by Barry Margoli » Wed, 24 Jan 2001 03:09:30



>Each network is announcing the same ASN but with different routes inside
>them.  BGP, however, doesn't care.  It knows that to get to 10.1.1.0/24,
>it needs to get to ASN 32994 so it sends the packet to the nearest point
>that connects to that ASN.

That's *not* how BGP works.  ASNs are used for shortest-path determination
and loop prevention.  But each route adverti*t has its own next-hop
attribute; BGP doesn't route to the "nearest point that connects to that
ASN".

This is why it should work for this organization to use a single ASN for
all their locations.  Since they won't be using eBGP to learn the routes
between the sites (they'll be routing them internally via the VPNs), it
shouldn't be a problem.

--

Genuity, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.

 
 
 

BGP at multisite corporation with redundant links

Post by Brian Austi » Wed, 24 Jan 2001 04:37:18






> >Each network is announcing the same ASN but with different routes
inside
> >them.  BGP, however, doesn't care.  It knows that to get to
10.1.1.0/24,
> >it needs to get to ASN 32994 so it sends the packet to the nearest
point
> >that connects to that ASN.

> That's *not* how BGP works.  ASNs are used for shortest-path
determination
> and loop prevention.  But each route adverti*t has its own
next-hop
> attribute; BGP doesn't route to the "nearest point that connects to
that
> ASN".

> This is why it should work for this organization to use a single ASN
for
> all their locations.  Since they won't be using eBGP to learn the
routes
> between the sites (they'll be routing them internally via the VPNs),
it
> shouldn't be a problem.

> --

> Genuity, Burlington, MA
> *** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to
newsgroups.
> Please DON'T copy followups to me -- I'll assume it wasn't posted to
the group.

I think I'm going to go slap the guy that taught me BGP...then study up
on it myself.

I sit corrected.  Thank you.

--
Brian Austin, CCNA

"I make no claims to perfection or expert knowledge.
I simply relate my personal education and experience."
-- Me

Sent via Deja.com
http://www.veryComputer.com/

 
 
 

1. To BGP or not to BGP (multihoming with ISPs over uneven links speed)?!?

I have two providers, of whom one offers me a DS3, and the other a T1. I
was thinking of using BGP, but I am not sure if there are ways of load
balancing in such a way that inbound and outbound traffic happen in the
same proportion as the port speed I have with each. If not - what other
options would you see being available for such a setup? My last resort is
to use the T1 as backup (passive), and run all traffic exclusively over
the DS3, under normal circumstances ... but this would be such a waste ...

TIA,
Papi

2. Windows and PM API (was PMWord pulled from OS/2)

3. Redundant BGP connections

4. domain and subdomain on one server?

5. Redundant ISP Circuits - BGP

6. Rental properties

7. redundant link, HSRP?

8. Hanging on Shutdown/restart/logoff

9. Redundant Internet Link

10. Redundant Linked Edge Devices - Some theory on Dual Homing, please

11. how to configure Spanning tree to enable redundant links with two cisco switch

12. load balance redundant Internet links