IX2 - Data Center Colocation Service Provider Based in Los Angeles

noc

07-25-2004, 02:47 AM

Looking for a "sanity check" on BGP failover interface config ideas.

The configuration we have now: Routers S, C, N1 and N2 in AS2 are fully
meshed and BGP peer with ISP router in AS1. (Router N1 and N2 run HSRP
between their "inside interfaces").

First time ASCII art user, please view in a fixed-width font such as
Courier.

Router S
+---------+ |
| | |
| +------------------+ |
| | | |
+---------+ | |
| |
| |
Router C | |
+---------+ | |
| | | |
| +------| | |
| | | | AS2 | AS 1
+---------+ | +---+----+ |
+------+
| | | | |
|
+-------+ +----+-----+
|
| | | |
|
AggSwitch1+--------+ |
+------+
Router N1 | | ISP
Router
+---------+ | |
| | | |
| +------+ | |
| | | | |
+---------+ +--+--+ | |
| +--------+ |
+---------+ +--+--+ |
| | | N Agg Switch1 |
| +------+ |
| | |
+---------+
Router N2
-----------------------------------------------------------------------------

We want to achieve failover using the layer 1-2 architecture shown
below.
Can failover be achieved with iBGP, or do we need to use a dynamic
routing
protocol like OSPF to achieve failover? A second ISP connection is not
an option.

Router S |
+---------+ |
| | |
+--------------+ +------------------+ |
| | | | |
| +---------+ | |
| | |
| | |
| Router C | |
| +---------+ | |
| | | | |
| +-----------+ +------| | |
| | | | | | AS2 | AS1
+---+--+-+ +---------+ | +---+----+ |
+------+
| | | | | | |
|
| | +-------+ +----+-----+
|
| | | | | |
|
+---+----+ +---+----+ |
+------+
| AggSwitch2 Router N1 AggSwitch1 | | ISP
Router
| +---------+ | |
| | | | |
| +-------+ +------+ | |
| | | | | | |
| +--+--+ +---------+ +--+--+ | |
+---+ | | +--------+ |
+--+--+ +---------+ +--+--+ N AggSwitch1 |
N AggSwitch2| | | | |
+-------+ +------+ |
| | |
+---------+ |
Router N2

Thanks

Paul Piecuch
IT Services Manager
North Seattle Community College
ppiecuch@sccd.ctc.edu

Prince By-Tor

07-25-2004, 02:47 AM

On Sat, 17 Jul 2004 12:19:28 -0700, noc <noc@sccd.ctc.edu> wrote:

>Looking for a "sanity check" on BGP failover interface config ideas.
>
>The configuration we have now: Routers S, C, N1 and N2 in AS2 are fully
>meshed and BGP peer with ISP router in AS1. (Router N1 and N2 run HSRP
>between their "inside interfaces").

[ Snip Diagrams ]

>We want to achieve failover using the layer 1-2 architecture shown
>below.
>Can failover be achieved with iBGP, or do we need to use a dynamic
>routing
>protocol like OSPF to achieve failover? A second ISP connection is not
>an option.

[ Snip Diagrams ]

OK. Assuming that your "aggswitches" are layer 2 devices, what you've
done will work...but then, I'm not sure what you are trying to achieve
failover FOR.

Your new scenario will certainly give you layer 2 resilience on your
internal network (between S, C, N1 and N2) in the event of cable or
switch failure. And iBGP is fine.

However, you do not get any more redundancy in terms of your ISP
connection, but then it sounds like that was expected. Any reason you
cannot also connect the ISP router to AggSwitch2? You don't seem to
be firewalled or anything, and at least this way if AggSwitch1 dies
you still have your ISP connection.

--me

noc

07-25-2004, 02:48 AM

Hello;

I have hopefully answered your questions below:

Prince By-Tor wrote:

> On Sat, 17 Jul 2004 12:19:28 -0700, noc <noc@sccd.ctc.edu> wrote:
>
> >Looking for a "sanity check" on BGP failover interface config ideas.
> >
> >The configuration we have now: Routers S, C, N1 and N2 in AS2 are fully
> >meshed and BGP peer with ISP router in AS1. (Router N1 and N2 run HSRP
> >between their "inside interfaces").
> >
> >We want to achieve failover using the layer 1-2 architecture shown
> >below.
> >Can failover be achieved with iBGP, or do we need to use a dynamic
> >routing
> >protocol like OSPF to achieve failover? A second ISP connection is not
> >an option.
> >
> OK. Assuming that your "aggswitches" are layer 2 devices, what you've
> done will work...but then, I'm not sure what you are trying to achieve
> failover FOR.
>

The aggswitches are layer 2 only. Achieving failover provides business
continuity by having a failover path for data should a site's link to the
ISP AggSwitch go down ( all paths between sites and ISP are metro fiber ).

>
> Your new scenario will certainly give you layer 2 resilience on your
> internal network (between S, C, N1 and N2) in the event of cable or
> switch failure. And iBGP is fine.
>
> However, you do not get any more redundancy in terms of your ISP
> connection, but then it sounds like that was expected. Any reason you
> cannot also connect the ISP router to AggSwitch2? You don't seem to
> be firewalled or anything, and at least this way if AggSwitch1 dies
> you still have your ISP connection.
>
> --me

When we deployed in 2000, we had a single ISP providing our multi-site
installation with one GigE single-mode fiber connection, with plans to add
an additional ISP in a different AS in the future. Aggswitch2 had already
been purchased as was metro fiber.
Budgets fell and did the political landscape changed which were both
deciding factors in the overall connection(s) scenario.

Our business managers would like to see some failover plan that leverages
the additional equipment and the quasi-owned metro fiber.

Thanks for your help on this potentially tricky config issue.

Paul Piecuch
IT Services Manager
North Seattle Community College
ppiecuch@sccd.ctc.edu <also available at noc@sccd.ctc.edu>