nanog mailing list archives
Re: Failover how much complexity will it add?
From: adel () baklawasecrets com
Date: Sun, 08 Nov 2009 21:39:33 +0000
Hi, Ok thanks for clearing that up. I'm getting some good feedback on applying for PI and ASN through Ripe LIRs over on the UKNOF so I think I have a handle on this. With regards to BGP and using separate BGP routers. I am announcing my PI space to my upstreams, but I don't need to carry a full Internet routing table, correct? So I can get away with some "lightweight" BGP routers not being an ISP if that makes sense? Adel On Sun 9:26 PM , Ken Gilmour <ken.gilmour () gmail com> wrote:
Hey, Yes you apply to RIPE for your allocation. You should ask them for a /20 since it's the same price for that as a /24 if you can justify it (at least with LACNIC where i now get my allocations)... You will also need to apply for an ASN Correct- the block belongs to you and as long as you contact the transit provider from the address listed in WHOIS then you should be able to set up a new agreement easily. Yes the block is PI space (provider independent) It can take up to 1 month to get your assignments. I would recommend getting some different routers for this. I use OpenBSD in some of my locations which is extremely easy to work with. I also have some old NS-208 devices running ScreenOS for internal BGP in one other location. I would not recommend using any router with less than 1GB of RAM for BGP. in HA Mode you can connect the two tails, one to each SSG (if they are in active active mode) and announce it that way (check out anycast), we also do this :). The way BGP works is that both connections are active at the same time, there is no primary and backup, if one goes down you just have one less to receive traffic over and more traffic on the other, but unless you stop announcing from one connection traffic will go over both. Regards, Ken 2009/11/8 :Don't think I sent the below to the list, so resending: Thanks Seth and James, Things are getting a lot clearer. The BGP multihoming solutionsounds like exactly what I want. I have more questions :-)Now I suppose I would get my allocation from RIPE as I am UK based? Do I also need to apply for an AS number? As the IP block is "mine", it is ISP independent. i.e. I can takeit with me when I decide to use twocompletely different ISPs? Is the obtaining of this IP block, what is referred to as PI space? Of course internally I split the /24 up however I want - /28 foruntrust range and maybe a routed DMZ blocketc.? Assuming I apply for IP block and AS number, whats involved and howlong does it take to get these babies?>I know the SSG550's have BGP capabilites. As I have two of these inHA mode, does it make sense to do the BGPon these, or should I get dedicated BGP routers? Fixing the internal routing policy so traffic is directed at theactive BGP connection. Whats involved here,preferring one BGP link over the other? Thanks again, I obviously need to do some reading of my own, butall the suggestions so far have been very valuableand definitely seem to be pointing in some fruitful directions. Adel On Sun 6:31 PM , James Hess wrote:On Sun, Nov 8, 2009 at 11:34 AM, wrote: [..]connections from different providers I would still have issues. So I guess that if my primary Internet goes down I lose connectivity to all the publicly addressed devices on that connection. Like dmz hosts and so on. I would be interested to hear how this can be avoided if at all or do I have to use the same provider.You assign multi-homed IP address space to your publicly addressed devices, which are not specific to either ISP. You announce to both ISPs, and you accept some routes from both ISPs. You get multi-homed IPs, either by having an existing ARIN allocation, or getting a /22 from ARIN (special allocation available for multi-homing), or ask for a /24 from ISP A or ISP B for multihoming. If Link A fails, the BGP session eventually times out and dies: ISP A's BGP routers withdraw the routes, the IP addresses are then associated only with provider B. And you design your internal routing policy to direct traffic within your network to the router with an active BGP session. Link A's failure is _not_ a total non-event, but a 3-5 minute partial disruption, while the BGP session times out and updates occur in other people's routers, is minimal compared to a 3 day outage, if serious repairs to upstream fiber are required. -- -J
Current thread:
- RE: Failover how much complexity will it add?, (continued)
- RE: Failover how much complexity will it add? John.Herbert (Nov 08)
- Re: Failover how much complexity will it add? adel (Nov 08)
- Re: Failover how much complexity will it add? Seth Mattinen (Nov 08)
- Re: Failover how much complexity will it add? adel (Nov 08)
- Re: Failover how much complexity will it add? Ken Gilmour (Nov 08)
- Re: Failover how much complexity will it add? Adam Armstrong (Nov 09)
- Re: Failover how much complexity will it add? Valdis . Kletnieks (Nov 09)
- Re: Failover how much complexity will it add? Ken Gilmour (Nov 08)
- Re: Failover how much complexity will it add? adel (Nov 08)
- Re: Failover how much complexity will it add? Seth Mattinen (Nov 08)
- Re: Failover how much complexity will it add? adel (Nov 08)
- Re: Failover how much complexity will it add? adel (Nov 08)
- Re: Failover how much complexity will it add? Seth Mattinen (Nov 08)
- Re: Failover how much complexity will it add? adel (Nov 08)
- Re: Failover how much complexity will it add? Seth Mattinen (Nov 08)
- Re: Failover how much complexity will it add? adel (Nov 08)
- Re: Failover how much complexity will it add? Renato Frederick (Nov 08)
- Re: Failover how much complexity will it add? Charles Wyble (Nov 09)
- Re: Failover how much complexity will it add? adel (Nov 08)
- RE: Failover how much complexity will it add? John.Herbert (Nov 08)
- Re: Failover how much complexity will it add? adel (Nov 08)
- Re: Failover how much complexity will it add? adel (Nov 09)