Home page logo
/

nanog logo nanog mailing list archives

Re: Redundant Routes, BGP with MPLS provider
From: William Herrin <bill () herrin us>
Date: Fri, 31 Aug 2012 11:49:52 -0400

On Thu, Aug 30, 2012 at 2:17 PM, Tribble, Wesley
<WTribble () sterneagee com> wrote:
What is the best method to Instruct the provider's
network to prefer the Primary Data Center routes
over the DR site?  Keep in mind that I am only
peering with the provider over BGP and I have no
visibility to the underlying MPLS architecture or
configuration.

Hi Wesley,

For an Internet-based system, here's how you would do it. The private
MPLS-based network you describe won't be quite the same but it'll be
similar.


* Announce with a AS path length from the DR site that has at least 3
prepends. Get your own RIR-assigned AS number for this; you can use
private AS numbers but this will eventually confuse someone debugging
a connectivity problem.

* Local pref the accepted routes to prefer the primary site.

* At least two ISPs at the primary site.

* At the DR site, the usually single ISP should be the same as one of
the ISPs at the primary site. That way when there's trouble talking to
the two sites there's only one vendor to blame and it's the one you
pay directly. It also means the GRE tunnel traffic between sites tends
to stay on a single carrier.

* GRE tunnels between the sites running IBGP. One GRE tunnel for each
pair of Internet connections. Despite your best efforts you'll get a
trickle of traffic into the DR site during normal operation of the
primary. You'll want to send it back to the primary site and that
should all happen outside the firewall.

* In addition to your BGP announced addresses, get a small bank of IP
addresses from each ISP for each Internet connection at each site. I
usually ask for a /28 but a /29 is normally adequate. You'll need
these to anchor your GRE tunnels and management functions.

Regards,
Bill Herrin


-- 
William D. Herrin ................ herrin () dirtside com  bill () herrin us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault