Home page logo
/

nanog logo nanog mailing list archives

Re: Disaster recovery using as-prepend?
From: Warren Kumari <warren () kumari net>
Date: Fri, 17 Feb 2006 17:50:35 -0800


On Feb 17, 2006, at 1:25 PM, Christopher L. Morrow wrote:

On Fri, 17 Feb 2006, Todd Vierling wrote:


On Thu, 16 Feb 2006, Warren Kumari wrote:

If your primary is connected to ISP_A and the backup is connected to ISP_B, customers connected to ISP_B MAY still flow to your backup DC (ISP_B will probably set local preference on all customer routes - you should be able to override this behavior with communities but not all providers support this (or
honor it 100% of the time!))

And in addition to that, even multihomed customers of ISP_B may choose the prepended route for a number of different reasons; for instance, ISP_B might be a cheaper pipe for them, or there may be a smart-ish routing device or
scheme in play that overrides normal BGP decision making.

I might be crazy, but couldn't you just prepend the route enough to
effectively poison it at ingress to 'backup-isp' ? so they kept chosing
the remote path and never really accept the route from local until the
remote path is gone?


Not really - horrendous ASCII art below:

                          Customer
                        /                  \
                      /                     \
                 ISP_A ---------ISP_B
                    \                      /
                    \                    /
                  DC1         DC2

Assuming DC is AS_65530, ISP_A is AS_655301 ISP_B is AS_655302 and DC_2 prepends 5 (or some other "large" number) times:

Under "normal" conditions:
ISP_A sees:
        192.0.2.0/24 -- 65530 i   (direct from DC1)
ISP_B sees
        192.0.2.0/24 -- 65530 65530 65530 65530 65530 i (direct from DC2)
        192.0.2.0/24 -- 65531 65530 i (ISP_A -> DC_1)  <= Best due to AS_PATH
Customer sees:
        192.0.2.0/24 -- 65531 65530 i  (ISP_A -> DC1)  <=Best due to AS_PATH
        192.0.2.0/24 -- 65532  65531 65530 i (ISP_B -> ISP_A -> DC1)

If ISP_B sets Local-Pref on customer routers:
ISP_A sees:
        192.0.2.0/24 -- 65530 i   (direct from DC1)
ISP_B sees:
192.0.2.0/24 -- 65530 65530 65530 65530 65530 i (direct from DC2) <- Best due to Local-Pref
        192.0.2.0/24 -- 65531 65530 i (ISP_A -> DC_1)
Customer sees:
        192.0.2.0/24 -- 65532 65530 65530 65530 65530 65530 i (ISP_B  -> DC2)
        192.0.2.0/24 -- 65531 65530 i (ISP_A -> DC_1) <- Best due to AS_PATH

This means that any traffic that enters ISP_B (eg: Customer is singly homed to ISP_B, their connection to ISP_A goes down or they adjust local_pref to prefer ISP_B) will go to DC2. The problem is that Local-Pref trumps basically all other conditions in the BGP decision process - if ISP_B adjusts it it will be prefered in their network no matter how many times you prepend.

Warren





  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault