SlideShare a Scribd company logo

Using BGP To Manage Dual Internet Connections

Download as PPTX, PDF
Rowell Dionicio
Rowell Dionicio

Meredith Rose discusses using BGP to manage dual internet connections for redundancy. BGP allows traffic to be distributed across both connections simultaneously or fail over from one to the other. Key considerations include preventing the corporate network from becoming a transit path, influencing inbound and outbound traffic flows, and options for routes to import from each ISP like full routes, defaults only, or ISP customer routes plus a default. Proper configuration is needed to load balance connections and control traffic flows for both redundancy and performance.

Technology
1 of 25
Using BGP to Manage Dual Internet connections SDCUG Sept 10, 2014 Meredith Rose, CCIE#4617
Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 2 Intro • Meredith Rose, CCIE#4617 Emeritus • Currently a Solutions Architect for SIGAMnet • Disaster Recovery and Redundancy are recurring themes requested by customers striving to improve their network uptime • Internet access has become better/faster/cheaper, causing more companies to rely on it and expect 5-nines uptime. • Not planning on reviewing the BGP protocol details, but please ask questions any time.
High Level Agenda • The need for Corp Internet x 2 • What you need to use BGP • Key considerations • BGP routes offered by ISPs • Influencing traffic flows Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 3
Does a Company Need 2 Connections to the Internet? • Internet access is business-critical • Apps, data exist in the cloud (ie AWS, WebEx) • Branch connectivity via VPNs over the Internet • Remote access, B2B connections • eCommerce hosted at Corp data center • Redundancy is a must; the less $ the better • BGP can give you tools for utilizing the bandwidth of both Internet connections simultaneously and/or dynamic failover with 1 connection backing up the other Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 4
“I want to use BGP to Load Balance my Internet Connections” • The BGP protocol does NOT know how to “load balance” your Internet traffic! • BGP’s job is to select the single best path to a destination among the BGP paths that are learned from different sources/ISP’s. • BGP is not aware which link is “full” (oversubscribed) or “faster” (lower latency) • Load sharing across your redundant Internet connections is a manual process done on a per prefix basis that takes some TLC. • Inbound and Outbound traffic loads of each link are tuned separately by Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 5 manipulating BGP attributes
One Internet Connection ISP Router Global Internet Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 6 Internet Connection Corporate LAN Corp Router ISP • Static routes to Corp on ISP router • static default route to ISP on Corp router • No need for BGP
Redundant Internet Connections ISP#1 Router Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 7 InternetConnection#1 Corporate LAN Corp Router#1 ISP#1 Global Internet ISP#2 Router InternetConnection#2 Corp Router#2 ISP#2 eBGP eBGP iBGP L3 FHRP/OSPF/etc
Review of Recovery from Failure Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 8 • ISP failure – Internet handoff – Router failure – Upstream peering issues • Corp Router failure – Internet handoff – Router failure – Connection to Corp LAN
Getting started with BGP to the Internet • You will need an ASN (Autonomous System Number). AKA “AS number” – This can be private if using redundant connections to the same ISP.  Obtain from ISP  Will be removed by ISP before being advertised to global Internet  Note: impacts ability to influence inbound traffic with as-path pre-pending – This will be a public ASN if connecting to diverse ISPs.  Obtain from ARIN  More flexibility, ISP-independent Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 9
Getting started with BGP to the Internet • You will need a public IP address “block” to advertise • /24 minimum – This can be assigned/leased to you from your ISP  Easy if both Internet connections are from same ISP  Make sure the ISP that allocated the block to you advertises your specific subnet (ie /24) and not just their supernet block.  If using diverse ISP’s, must check with both to make sure it is ok to advertise IP block from ISP#1 IP space through ISP#2.  More convenient, but less portable – This IP block can be owned by your company.  You can advertise your block to both ISPs.  More mobility if change ISP’s – Make sure you only advertise your assigned, routable IP Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 10 address space! – You will advertise the SAME IP block out to BOTH ISP’s  Can do some tricks with splitting into sub-prefixes and advertising smaller, more specific chunks. Always >=/24
Key Considerations • Ingress and Egress “traffic engineering” managed separately • OUTBOUND traffic influencing – Get your Corp traffic to its destination on the Internet – Want to send traffic out the “best” ISP  Shortest AS path is usually best – Want to avoid oversubscribing a link • INBOUND traffic influencing – Packets from everywhere on the global Internet have to find your Corp network. ISP advertises your IP block(s) to global Internet – Asymmetric is usually OK here (out one ISP, in the other)  Caveat: not ok if you have non-stateful firewalls – Want to take “best” route from global Internet to Corp  Shortest AS path wins in most cases by default – Want to avoid oversubscribing a link Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 11
Key Considerations (Continued) • Redundancy protocols on Corp routers. – HSRP/VRRP if L2 connected – Or use L3 dynamic protocol like OSPF. Internet routers can be in different Corp locations, L3 connected. Each Corp BGP router can originate a default route in Corp-wide OSPF. • Corp routers need to know how to get to ISP router’s peering IP address (or use next-hop-self on iBGP session). If iBGP routers peer on loopback, must be reachable (use IGP + update-source Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 12 loopback0) • Get Corp traffic destined for Internet to one of the Corp Internet routers. It doesn’t really matter which one. BGP will take it from there. • It’s about manual traffic load distribution; BGP does not know how to do dynamic Load Balancing to multiple ISPs on its own • You do not want your Corp to be come a “Transit” path between your two ISP’s!
“Transit” - What’s the big deal? Corporate LAN Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 13 ISP#1 Global Internet ISP#2 ISP#1 Routes ISP#2 says “Hey Global Internet! Here’s a quick way to reach ISP#1 customers!”
Don’t be a Transit! Corporate LAN Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 14 ISP#1 Global Internet ISP#2 ISP#2 Routes ISP#1 Routes Only send routes originating from your Corp ASN to each ISP iBGP full route exchange
What Routes to Take in from ISP • Remember: this affects OUTBOUND decisions (not inbound), ie which ISP your Corp will use to make a connection to a site on the Internet. Most common options: • Option#1: Full Internet routes from each ISP • Option#2: Default/0.0.0.0 only from each ISP – Tune so use one link as primary, other as backup • Option#3: ISP’s Customer Routes Only – AKA “Partial Routes” – Get each ISP’s local customer routes only. Use a default route to put the rest of the outbound traffic on one ISP’s link, backup by other ISP. – Or use just one ISP link to receive that ISP’s directly connected customers, use default route to put the rest of the outbound traffic on the other link Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 15
Option#1: Full Routes from Both Corporate LAN Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 16 ISP#1 Global Internet ISP#2 Full Routes from ISP#1 iBGP full route exchange Full Routes from ISP#2
What Routes to Take In from ISP • Option#1: Full Internet routes from each ISP – Need a lot of memory for this. Each router will have 2xfull Internet routing table (table>450k routes)! – Let it play out and monitor for over-utilization of one Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 17 link – Tune to balance links better if necessary – Use route-map + as-path access list to make sure you do not become a transit between ISP’s.  Do not advertise routes to ISP#2 that you learned from ISP#1 and vice versa  apply a similar route map outbound to each ISP neighbor so that only locally originated BGP routes are advertised – route-map localonly permit 10 – match as-path 10 – ip as-path access-list 10 permit ^$ – Not a bad idea to take a default from each ISP as well
Option#2: Default from Both Corporate LAN Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 18 ISP#1 Global Internet ISP#2 0.0.0.0 iBGP exchange default received routes w/preferences Configure iBGP to prefer default route from ISP#1 0.0.0.0 iBGP will agree to prefer 0.0.0.0 from ISP#1 over ISP#2
What Routes to Take In from ISP • Option#2: Default only from each ISP – Tune BGP (local pref is common) so use one link as primary, other as backup (again, only applies to OUTBOUND traffic) – Tell your ISPs you only want them to send you the default route – Use an inbound prefix-list on route-map inbound on the ISP neighbor statement or similar filter to make sure to drop every route except default just in case  ip prefix-list default-only seq 5 permit 0.0.0.0/0 – Still only advertise prefixes originated by your AS to ISP#1 and ISP#2 (by default, BGP won’t send them each other’s 0.0.0.0 that you learned – phew!) Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 19
Option#3: ISP Local Routes Only Corporate LAN Routes from ISP#2 customers + 0.0.0.0 Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 20 ISP#1 Global Internet ISP#2 Routes from ISP#1 customers + 0.0.0.0 iBGP will naturally send traffic for local routes to its corresponding ISP Configure iBGP to prefer default route from ISP#1 to catch routes not local to either ISP iBGP will agree to prefer ISP#1 for everything not local to ISP#2
What Routes to Take In from ISP • Option#3: ISP’s routes only + Default – Only receive routes from an ISP of that ISP’s directly connected customers (think of how many big companies host with ATT, etc) – You can ask your ISP to send you just their customer routes – Filter routes not sourced from that ISP just in case (in this example, ISP = AS100, route-map is inbound on neighbor statement to ISP):  ip as-path access-list 20 permit ^100$  route-map as100only permit 10  match as-path 20 – Use one link for one directly connected ISP’s customers (more local provider), use default route to prefer to put the rest of the outbound traffic on the other link or similar combo Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 21
Influencing Traffic Flows: OUTBOUND • OUTBOUND Traffic Control is easier than INBOUND. It’s all on you. • All you have to control is how attractive a destination looks to your Corp BGP routers. • You can only control the next AS in the path (ie ISP#1 vs ISP#2), not the entire path through the global Internet to the destination. • Most common OUTBOUND: Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 22 – Local preference  Outbound traffic flows to one of your Corp BGP routers. BGP will have used the “local preference” attribute to tell that router which route to take (ISP#1 vs ISP#2) to reach the destination.  Monitor regularly and tweak/tune local pref of prefixes as desired  Look for popular, heavily-used prefixes to influence to get the most bang for your buck (or increase local pref of big /4 chunks)
Influencing Traffic Flows: INBOUND Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 23 • Most common INBOUND: – AS-Path prepend  Backup Path: If you don’t want traffic to come in on a link for a prefix (or the entire IP block), use Prepending feature to add AS Path length to your outbound advertisement, making this link the less preferred path for traffic to your IP block. Aka “padding”. 4xAS# is generally sufficient  Primary Path: Use standard advertisement (no prepending) for the link you prefer to use for inbound traffic to your company  Still have (pre-pended, valid) advertisement from backup path if primary path fails. – Example: set as-path prepend 130 130 130 (add to route-map and apply to neighbor statement to backup ISP) – Communities  Community = instructions from you to your ISP on how to tweak what you advertise  ISP will let you know definition of communities they honor  You will attach a community to a prefix that you are advertising to your ISP(s)  Consists of a series of numbers that correspond to handling instructions for that prefix (such as set local pref within provider’s AS)  Communities can also be used internally to identify routes. For example, you can assign all routes that came from ISP#1 with a community and routes that came from ISP#2 with a different community. That community identifier can then be used by your company to assign preferences to routes advertised internally via iBGP. For example, I want all traffic destined for YouTube’s /16 IP Block to use ISP#2, even though ISP#1 has a shorter AS-Path for the YouTube subnet (perhaps bandwidth is greater to ISP#2). So use the community to set a better metric on that route when it comes in from ISP#2. Remember, weight and local pref take precedence over AS-path length. – Prefix-splitting  ie /192x/20 subnets. Advertise one to each ISP, both also advertise complete /19 aggregate as a safety-net to cover failure of one ISP. Remember: most specific advertisement always wins!  Works best when you own your IP Space (splits still >=/24)  Use a BGP Looking Glass or Route Server to see how to get to your Corp AS’s prefixes
Thank You! SDCUG Sept 10, 2014 Meredith Rose, CCIE#4617
Redundant Internet Connections ISP#1 Router Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 25 InternetConnection#1 Corporate LAN Corp Router#1 ISP#1 Global Internet ISP#2 Router InternetConnection#2 Corp Router#2 ISP#2 eBGP eBGP iBGP L3 FHRP/OSPF/etc

Recommended

BGP
BGP BGP
BGP Reza Farahani
 
Troubleshooting BGP
Troubleshooting BGPTroubleshooting BGP
Troubleshooting BGPDuane Bodle
 
Bgp (1)
Bgp (1)Bgp (1)
Bgp (1)Vamsidhar Naidu
 
Troubleshooting BGP
Troubleshooting BGPTroubleshooting BGP
Troubleshooting BGPAPNIC
 
BGP Multihoming Techniques
BGP Multihoming TechniquesBGP Multihoming Techniques
BGP Multihoming TechniquesAPNIC
 
Border Gatway Protocol
Border Gatway ProtocolBorder Gatway Protocol
Border Gatway ProtocolShashank Asthana
 
BGP Traffic Engineering / Routing Optimisation
BGP Traffic Engineering / Routing OptimisationBGP Traffic Engineering / Routing Optimisation
BGP Traffic Engineering / Routing OptimisationAndy Davidson
 
Route Redistribution
Route RedistributionRoute Redistribution
Route RedistributionNetwax Lab
 

Recommended

BGP
BGP BGP
BGP Reza Farahani
 
Troubleshooting BGP
Troubleshooting BGPTroubleshooting BGP
Troubleshooting BGPDuane Bodle
 
Bgp (1)
Bgp (1)Bgp (1)
Bgp (1)Vamsidhar Naidu
 
Troubleshooting BGP
Troubleshooting BGPTroubleshooting BGP
Troubleshooting BGPAPNIC
 
BGP Multihoming Techniques
BGP Multihoming TechniquesBGP Multihoming Techniques
BGP Multihoming TechniquesAPNIC
 
Border Gatway Protocol
Border Gatway ProtocolBorder Gatway Protocol
Border Gatway ProtocolShashank Asthana
 
BGP Traffic Engineering / Routing Optimisation
BGP Traffic Engineering / Routing OptimisationBGP Traffic Engineering / Routing Optimisation
BGP Traffic Engineering / Routing OptimisationAndy Davidson
 
Route Redistribution
Route RedistributionRoute Redistribution
Route RedistributionNetwax Lab
 
Bgp
BgpBgp
BgpFebrian ‎
 
Border Gateway Protocol (BGP)
Border Gateway Protocol (BGP)Border Gateway Protocol (BGP)
Border Gateway Protocol (BGP)Nutan Singh
 
BGP Loop Prevention
BGP Loop Prevention BGP Loop Prevention
BGP Loop Prevention NetProtocol Xpert
 
Static Routing
Static RoutingStatic Routing
Static RoutingSachii Dosti
 
Troubleshooting BGP Juniper Examples
Troubleshooting BGP Juniper ExamplesTroubleshooting BGP Juniper Examples
Troubleshooting BGP Juniper ExamplesSalachudin Emir
 
CCNAS :Multi Area OSPF
CCNAS :Multi Area OSPFCCNAS :Multi Area OSPF
CCNAS :Multi Area OSPFrooree29
 
BGP (border gateway routing protocol)
BGP (border gateway routing protocol)BGP (border gateway routing protocol)
BGP (border gateway routing protocol)Netwax Lab
 
An Overview of Border Gateway Protocol (BGP)
An Overview of Border Gateway Protocol (BGP)An Overview of Border Gateway Protocol (BGP)
An Overview of Border Gateway Protocol (BGP)Jasim Alam
 
214270 configure-aci-multi-site-deployment
214270 configure-aci-multi-site-deployment214270 configure-aci-multi-site-deployment
214270 configure-aci-multi-site-deploymentcoolboyasif
 
How BGP Works
How BGP WorksHow BGP Works
How BGP WorksThousandEyes
 
Ospf.ppt
Ospf.pptOspf.ppt
Ospf.pptEdgardo Scrimaglia
 
BGP Advance Technique by Steven & James
BGP Advance Technique by Steven & JamesBGP Advance Technique by Steven & James
BGP Advance Technique by Steven & JamesFebrian ‎
 
Cisco Live Milan 2015 - BGP advance
Cisco Live Milan 2015 - BGP advanceCisco Live Milan 2015 - BGP advance
Cisco Live Milan 2015 - BGP advanceBertrand Duvivier
 
MULTICAST BY SAIKIRAN PANJALA
MULTICAST BY SAIKIRAN PANJALAMULTICAST BY SAIKIRAN PANJALA
MULTICAST BY SAIKIRAN PANJALASaikiran Panjala
 
Layer-3 VPN
Layer-3 VPNLayer-3 VPN
Layer-3 VPNrosmida
 
Ospf area types
Ospf area typesOspf area types
Ospf area typesCoderGenie Technologies
 
MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]
MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]
MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]APNIC
 
Cisco Live! :: Introduction to IOS XR for Enterprises and Service Providers
Cisco Live! :: Introduction to IOS XR for Enterprises and Service ProvidersCisco Live! :: Introduction to IOS XR for Enterprises and Service Providers
Cisco Live! :: Introduction to IOS XR for Enterprises and Service ProvidersBruno Teixeira
 
BGP protocol presentation
BGP protocol presentationBGP protocol presentation
BGP protocol presentationGorantla Mohanavamsi
 
Encapsulation
EncapsulationEncapsulation
EncapsulationNetProtocol Xpert
 
Multi
MultiMulti
Multindthanh0501
 
Part1
Part1Part1
Part1cisconetworker
 

More Related Content

What's hot

Border Gateway Protocol (BGP)
Border Gateway Protocol (BGP)Border Gateway Protocol (BGP)
Border Gateway Protocol (BGP)Nutan Singh
 
Troubleshooting BGP Juniper Examples
Troubleshooting BGP Juniper ExamplesTroubleshooting BGP Juniper Examples
Troubleshooting BGP Juniper ExamplesSalachudin Emir
 
CCNAS :Multi Area OSPF
CCNAS :Multi Area OSPFCCNAS :Multi Area OSPF
CCNAS :Multi Area OSPFrooree29
 
BGP (border gateway routing protocol)
BGP (border gateway routing protocol)BGP (border gateway routing protocol)
BGP (border gateway routing protocol)Netwax Lab
 
An Overview of Border Gateway Protocol (BGP)
An Overview of Border Gateway Protocol (BGP)An Overview of Border Gateway Protocol (BGP)
An Overview of Border Gateway Protocol (BGP)Jasim Alam
 
214270 configure-aci-multi-site-deployment
214270 configure-aci-multi-site-deployment214270 configure-aci-multi-site-deployment
214270 configure-aci-multi-site-deploymentcoolboyasif
 
BGP Advance Technique by Steven & James
BGP Advance Technique by Steven & JamesBGP Advance Technique by Steven & James
BGP Advance Technique by Steven & JamesFebrian ‎
 
Cisco Live Milan 2015 - BGP advance
Cisco Live Milan 2015 - BGP advanceCisco Live Milan 2015 - BGP advance
Cisco Live Milan 2015 - BGP advanceBertrand Duvivier
 
MULTICAST BY SAIKIRAN PANJALA
MULTICAST BY SAIKIRAN PANJALAMULTICAST BY SAIKIRAN PANJALA
MULTICAST BY SAIKIRAN PANJALASaikiran Panjala
 
Layer-3 VPN
Layer-3 VPNLayer-3 VPN
Layer-3 VPNrosmida
 
MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]
MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]
MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]APNIC
 
Cisco Live! :: Introduction to IOS XR for Enterprises and Service Providers
Cisco Live! :: Introduction to IOS XR for Enterprises and Service ProvidersCisco Live! :: Introduction to IOS XR for Enterprises and Service Providers
Cisco Live! :: Introduction to IOS XR for Enterprises and Service ProvidersBruno Teixeira
 

What's hot (20)

Bgp
BgpBgp
Bgp
 
Border Gateway Protocol (BGP)
Border Gateway Protocol (BGP)Border Gateway Protocol (BGP)
Border Gateway Protocol (BGP)
 
BGP Loop Prevention
BGP Loop Prevention BGP Loop Prevention
BGP Loop Prevention
 
Static Routing
Static RoutingStatic Routing
Static Routing
 
Troubleshooting BGP Juniper Examples
Troubleshooting BGP Juniper ExamplesTroubleshooting BGP Juniper Examples
Troubleshooting BGP Juniper Examples
 
CCNAS :Multi Area OSPF
CCNAS :Multi Area OSPFCCNAS :Multi Area OSPF
CCNAS :Multi Area OSPF
 
BGP (border gateway routing protocol)
BGP (border gateway routing protocol)BGP (border gateway routing protocol)
BGP (border gateway routing protocol)
 
An Overview of Border Gateway Protocol (BGP)
An Overview of Border Gateway Protocol (BGP)An Overview of Border Gateway Protocol (BGP)
An Overview of Border Gateway Protocol (BGP)
 
214270 configure-aci-multi-site-deployment
214270 configure-aci-multi-site-deployment214270 configure-aci-multi-site-deployment
214270 configure-aci-multi-site-deployment
 
How BGP Works
How BGP WorksHow BGP Works
How BGP Works
 
Ospf.ppt
Ospf.pptOspf.ppt
Ospf.ppt
 
BGP Advance Technique by Steven & James
BGP Advance Technique by Steven & JamesBGP Advance Technique by Steven & James
BGP Advance Technique by Steven & James
 
Cisco Live Milan 2015 - BGP advance
Cisco Live Milan 2015 - BGP advanceCisco Live Milan 2015 - BGP advance
Cisco Live Milan 2015 - BGP advance
 
MULTICAST BY SAIKIRAN PANJALA
MULTICAST BY SAIKIRAN PANJALAMULTICAST BY SAIKIRAN PANJALA
MULTICAST BY SAIKIRAN PANJALA
 
Layer-3 VPN
Layer-3 VPNLayer-3 VPN
Layer-3 VPN
 
Ospf area types
Ospf area typesOspf area types
Ospf area types
 
MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]
MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]
MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]
 
Cisco Live! :: Introduction to IOS XR for Enterprises and Service Providers
Cisco Live! :: Introduction to IOS XR for Enterprises and Service ProvidersCisco Live! :: Introduction to IOS XR for Enterprises and Service Providers
Cisco Live! :: Introduction to IOS XR for Enterprises and Service Providers
 
BGP protocol presentation
BGP protocol presentationBGP protocol presentation
BGP protocol presentation
 
Encapsulation
EncapsulationEncapsulation
Encapsulation
 

Similar to Using BGP To Manage Dual Internet Connections

BGP Protocol Makes the Internet Work
BGP Protocol Makes the Internet WorkBGP Protocol Makes the Internet Work
BGP Protocol Makes the Internet WorkIT Tech
 
CCNA4 Verson6 Chapter3
CCNA4 Verson6 Chapter3CCNA4 Verson6 Chapter3
CCNA4 Verson6 Chapter3Chaing Ravuth
 
CCNA (R & S) Module 02 - Connecting Networks - Chapter 3
CCNA (R & S) Module 02 - Connecting Networks - Chapter 3CCNA (R & S) Module 02 - Connecting Networks - Chapter 3
CCNA (R & S) Module 02 - Connecting Networks - Chapter 3Waqas Ahmed Nawaz
 
Who are the INTERNET SERVICE PROVIDERS?
Who are the INTERNET SERVICE PROVIDERS?Who are the INTERNET SERVICE PROVIDERS?
Who are the INTERNET SERVICE PROVIDERS?Likan Patra
 
routing Protocols and Virtual private network
routing Protocols and Virtual private networkrouting Protocols and Virtual private network
routing Protocols and Virtual private networkhayenas
 
CNv6_instructorPPT_Chapter3.pptx
CNv6_instructorPPT_Chapter3.pptxCNv6_instructorPPT_Chapter3.pptx
CNv6_instructorPPT_Chapter3.pptxVishalThakor19
 
Load Sharing Internet with MikroTik.pdf
Load Sharing Internet with MikroTik.pdfLoad Sharing Internet with MikroTik.pdf
Load Sharing Internet with MikroTik.pdfEnics
 
T4 Handout3
T4 Handout3T4 Handout3
T4 Handout3gobed
 
IP Possibilities - 2013 - IP Interconnection Panel (18-apr, 2013)
IP Possibilities - 2013 - IP Interconnection Panel (18-apr, 2013)IP Possibilities - 2013 - IP Interconnection Panel (18-apr, 2013)
IP Possibilities - 2013 - IP Interconnection Panel (18-apr, 2013)steve ulrich
 
Routing, Network Performance, and Role of Analytics
Routing, Network Performance, and Role of AnalyticsRouting, Network Performance, and Role of Analytics
Routing, Network Performance, and Role of AnalyticsAPNIC
 
Manrs 7_sept__indonesia
Manrs 7_sept__indonesiaManrs 7_sept__indonesia
Manrs 7_sept__indonesiaNaveenLakshman
 
Multapplied Networks - Bonding and Load Balancing together in Bonded Internet™
Multapplied Networks - Bonding and Load Balancing together in Bonded Internet™Multapplied Networks - Bonding and Load Balancing together in Bonded Internet™
Multapplied Networks - Bonding and Load Balancing together in Bonded Internet™Multapplied Networks
 

Similar to Using BGP To Manage Dual Internet Connections (20)

Multi
MultiMulti
Multi
 
Part1
Part1Part1
Part1
 
BGP Protocol Makes the Internet Work
BGP Protocol Makes the Internet WorkBGP Protocol Makes the Internet Work
BGP Protocol Makes the Internet Work
 
Bigbgp (1)
Bigbgp (1)Bigbgp (1)
Bigbgp (1)
 
CCNA4 Verson6 Chapter3
CCNA4 Verson6 Chapter3CCNA4 Verson6 Chapter3
CCNA4 Verson6 Chapter3
 
CCNA (R & S) Module 02 - Connecting Networks - Chapter 3
CCNA (R & S) Module 02 - Connecting Networks - Chapter 3CCNA (R & S) Module 02 - Connecting Networks - Chapter 3
CCNA (R & S) Module 02 - Connecting Networks - Chapter 3
 
Who are the INTERNET SERVICE PROVIDERS?
Who are the INTERNET SERVICE PROVIDERS?Who are the INTERNET SERVICE PROVIDERS?
Who are the INTERNET SERVICE PROVIDERS?
 
Bigbgp
BigbgpBigbgp
Bigbgp
 
eBGP.pptx
eBGP.pptxeBGP.pptx
eBGP.pptx
 
routing Protocols and Virtual private network
routing Protocols and Virtual private networkrouting Protocols and Virtual private network
routing Protocols and Virtual private network
 
CNv6_instructorPPT_Chapter3.pptx
CNv6_instructorPPT_Chapter3.pptxCNv6_instructorPPT_Chapter3.pptx
CNv6_instructorPPT_Chapter3.pptx
 
Load Sharing Internet with MikroTik.pdf
Load Sharing Internet with MikroTik.pdfLoad Sharing Internet with MikroTik.pdf
Load Sharing Internet with MikroTik.pdf
 
T4 Handout3
T4 Handout3T4 Handout3
T4 Handout3
 
Bgp protocol
Bgp protocolBgp protocol
Bgp protocol
 
ION Bangladesh - Secure BGP and Operational Report of Bangladesh
ION Bangladesh - Secure BGP and Operational Report of BangladeshION Bangladesh - Secure BGP and Operational Report of Bangladesh
ION Bangladesh - Secure BGP and Operational Report of Bangladesh
 
IP Possibilities - 2013 - IP Interconnection Panel (18-apr, 2013)
IP Possibilities - 2013 - IP Interconnection Panel (18-apr, 2013)IP Possibilities - 2013 - IP Interconnection Panel (18-apr, 2013)
IP Possibilities - 2013 - IP Interconnection Panel (18-apr, 2013)
 
Routing, Network Performance, and Role of Analytics
Routing, Network Performance, and Role of AnalyticsRouting, Network Performance, and Role of Analytics
Routing, Network Performance, and Role of Analytics
 
Manrs 7_sept__indonesia
Manrs 7_sept__indonesiaManrs 7_sept__indonesia
Manrs 7_sept__indonesia
 
CCCNP ROUTE v6_ch06
CCCNP ROUTE v6_ch06CCCNP ROUTE v6_ch06
CCCNP ROUTE v6_ch06
 
Multapplied Networks - Bonding and Load Balancing together in Bonded Internet™
Multapplied Networks - Bonding and Load Balancing together in Bonded Internet™Multapplied Networks - Bonding and Load Balancing together in Bonded Internet™
Multapplied Networks - Bonding and Load Balancing together in Bonded Internet™
 

Recently uploaded

ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbuapidays
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfOverkill Security
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 

Recently uploaded (20)

ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 

Using BGP To Manage Dual Internet Connections

  • 1. Using BGP to Manage Dual Internet connections SDCUG Sept 10, 2014 Meredith Rose, CCIE#4617
  • 2. Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 2 Intro • Meredith Rose, CCIE#4617 Emeritus • Currently a Solutions Architect for SIGAMnet • Disaster Recovery and Redundancy are recurring themes requested by customers striving to improve their network uptime • Internet access has become better/faster/cheaper, causing more companies to rely on it and expect 5-nines uptime. • Not planning on reviewing the BGP protocol details, but please ask questions any time.
  • 3. High Level Agenda • The need for Corp Internet x 2 • What you need to use BGP • Key considerations • BGP routes offered by ISPs • Influencing traffic flows Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 3
  • 4. Does a Company Need 2 Connections to the Internet? • Internet access is business-critical • Apps, data exist in the cloud (ie AWS, WebEx) • Branch connectivity via VPNs over the Internet • Remote access, B2B connections • eCommerce hosted at Corp data center • Redundancy is a must; the less $ the better • BGP can give you tools for utilizing the bandwidth of both Internet connections simultaneously and/or dynamic failover with 1 connection backing up the other Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 4
  • 5. “I want to use BGP to Load Balance my Internet Connections” • The BGP protocol does NOT know how to “load balance” your Internet traffic! • BGP’s job is to select the single best path to a destination among the BGP paths that are learned from different sources/ISP’s. • BGP is not aware which link is “full” (oversubscribed) or “faster” (lower latency) • Load sharing across your redundant Internet connections is a manual process done on a per prefix basis that takes some TLC. • Inbound and Outbound traffic loads of each link are tuned separately by Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 5 manipulating BGP attributes
  • 6. One Internet Connection ISP Router Global Internet Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 6 Internet Connection Corporate LAN Corp Router ISP • Static routes to Corp on ISP router • static default route to ISP on Corp router • No need for BGP
  • 7. Redundant Internet Connections ISP#1 Router Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 7 InternetConnection#1 Corporate LAN Corp Router#1 ISP#1 Global Internet ISP#2 Router InternetConnection#2 Corp Router#2 ISP#2 eBGP eBGP iBGP L3 FHRP/OSPF/etc
  • 8. Review of Recovery from Failure Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 8 • ISP failure – Internet handoff – Router failure – Upstream peering issues • Corp Router failure – Internet handoff – Router failure – Connection to Corp LAN
  • 9. Getting started with BGP to the Internet • You will need an ASN (Autonomous System Number). AKA “AS number” – This can be private if using redundant connections to the same ISP.  Obtain from ISP  Will be removed by ISP before being advertised to global Internet  Note: impacts ability to influence inbound traffic with as-path pre-pending – This will be a public ASN if connecting to diverse ISPs.  Obtain from ARIN  More flexibility, ISP-independent Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 9
  • 10. Getting started with BGP to the Internet • You will need a public IP address “block” to advertise • /24 minimum – This can be assigned/leased to you from your ISP  Easy if both Internet connections are from same ISP  Make sure the ISP that allocated the block to you advertises your specific subnet (ie /24) and not just their supernet block.  If using diverse ISP’s, must check with both to make sure it is ok to advertise IP block from ISP#1 IP space through ISP#2.  More convenient, but less portable – This IP block can be owned by your company.  You can advertise your block to both ISPs.  More mobility if change ISP’s – Make sure you only advertise your assigned, routable IP Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 10 address space! – You will advertise the SAME IP block out to BOTH ISP’s  Can do some tricks with splitting into sub-prefixes and advertising smaller, more specific chunks. Always >=/24
  • 11. Key Considerations • Ingress and Egress “traffic engineering” managed separately • OUTBOUND traffic influencing – Get your Corp traffic to its destination on the Internet – Want to send traffic out the “best” ISP  Shortest AS path is usually best – Want to avoid oversubscribing a link • INBOUND traffic influencing – Packets from everywhere on the global Internet have to find your Corp network. ISP advertises your IP block(s) to global Internet – Asymmetric is usually OK here (out one ISP, in the other)  Caveat: not ok if you have non-stateful firewalls – Want to take “best” route from global Internet to Corp  Shortest AS path wins in most cases by default – Want to avoid oversubscribing a link Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 11
  • 12. Key Considerations (Continued) • Redundancy protocols on Corp routers. – HSRP/VRRP if L2 connected – Or use L3 dynamic protocol like OSPF. Internet routers can be in different Corp locations, L3 connected. Each Corp BGP router can originate a default route in Corp-wide OSPF. • Corp routers need to know how to get to ISP router’s peering IP address (or use next-hop-self on iBGP session). If iBGP routers peer on loopback, must be reachable (use IGP + update-source Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 12 loopback0) • Get Corp traffic destined for Internet to one of the Corp Internet routers. It doesn’t really matter which one. BGP will take it from there. • It’s about manual traffic load distribution; BGP does not know how to do dynamic Load Balancing to multiple ISPs on its own • You do not want your Corp to be come a “Transit” path between your two ISP’s!
  • 13. “Transit” - What’s the big deal? Corporate LAN Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 13 ISP#1 Global Internet ISP#2 ISP#1 Routes ISP#2 says “Hey Global Internet! Here’s a quick way to reach ISP#1 customers!”
  • 14. Don’t be a Transit! Corporate LAN Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 14 ISP#1 Global Internet ISP#2 ISP#2 Routes ISP#1 Routes Only send routes originating from your Corp ASN to each ISP iBGP full route exchange
  • 15. What Routes to Take in from ISP • Remember: this affects OUTBOUND decisions (not inbound), ie which ISP your Corp will use to make a connection to a site on the Internet. Most common options: • Option#1: Full Internet routes from each ISP • Option#2: Default/0.0.0.0 only from each ISP – Tune so use one link as primary, other as backup • Option#3: ISP’s Customer Routes Only – AKA “Partial Routes” – Get each ISP’s local customer routes only. Use a default route to put the rest of the outbound traffic on one ISP’s link, backup by other ISP. – Or use just one ISP link to receive that ISP’s directly connected customers, use default route to put the rest of the outbound traffic on the other link Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 15
  • 16. Option#1: Full Routes from Both Corporate LAN Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 16 ISP#1 Global Internet ISP#2 Full Routes from ISP#1 iBGP full route exchange Full Routes from ISP#2
  • 17. What Routes to Take In from ISP • Option#1: Full Internet routes from each ISP – Need a lot of memory for this. Each router will have 2xfull Internet routing table (table>450k routes)! – Let it play out and monitor for over-utilization of one Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 17 link – Tune to balance links better if necessary – Use route-map + as-path access list to make sure you do not become a transit between ISP’s.  Do not advertise routes to ISP#2 that you learned from ISP#1 and vice versa  apply a similar route map outbound to each ISP neighbor so that only locally originated BGP routes are advertised – route-map localonly permit 10 – match as-path 10 – ip as-path access-list 10 permit ^$ – Not a bad idea to take a default from each ISP as well
  • 18. Option#2: Default from Both Corporate LAN Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 18 ISP#1 Global Internet ISP#2 0.0.0.0 iBGP exchange default received routes w/preferences Configure iBGP to prefer default route from ISP#1 0.0.0.0 iBGP will agree to prefer 0.0.0.0 from ISP#1 over ISP#2
  • 19. What Routes to Take In from ISP • Option#2: Default only from each ISP – Tune BGP (local pref is common) so use one link as primary, other as backup (again, only applies to OUTBOUND traffic) – Tell your ISPs you only want them to send you the default route – Use an inbound prefix-list on route-map inbound on the ISP neighbor statement or similar filter to make sure to drop every route except default just in case  ip prefix-list default-only seq 5 permit 0.0.0.0/0 – Still only advertise prefixes originated by your AS to ISP#1 and ISP#2 (by default, BGP won’t send them each other’s 0.0.0.0 that you learned – phew!) Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 19
  • 20. Option#3: ISP Local Routes Only Corporate LAN Routes from ISP#2 customers + 0.0.0.0 Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 20 ISP#1 Global Internet ISP#2 Routes from ISP#1 customers + 0.0.0.0 iBGP will naturally send traffic for local routes to its corresponding ISP Configure iBGP to prefer default route from ISP#1 to catch routes not local to either ISP iBGP will agree to prefer ISP#1 for everything not local to ISP#2
  • 21. What Routes to Take In from ISP • Option#3: ISP’s routes only + Default – Only receive routes from an ISP of that ISP’s directly connected customers (think of how many big companies host with ATT, etc) – You can ask your ISP to send you just their customer routes – Filter routes not sourced from that ISP just in case (in this example, ISP = AS100, route-map is inbound on neighbor statement to ISP):  ip as-path access-list 20 permit ^100$  route-map as100only permit 10  match as-path 20 – Use one link for one directly connected ISP’s customers (more local provider), use default route to prefer to put the rest of the outbound traffic on the other link or similar combo Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 21
  • 22. Influencing Traffic Flows: OUTBOUND • OUTBOUND Traffic Control is easier than INBOUND. It’s all on you. • All you have to control is how attractive a destination looks to your Corp BGP routers. • You can only control the next AS in the path (ie ISP#1 vs ISP#2), not the entire path through the global Internet to the destination. • Most common OUTBOUND: Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 22 – Local preference  Outbound traffic flows to one of your Corp BGP routers. BGP will have used the “local preference” attribute to tell that router which route to take (ISP#1 vs ISP#2) to reach the destination.  Monitor regularly and tweak/tune local pref of prefixes as desired  Look for popular, heavily-used prefixes to influence to get the most bang for your buck (or increase local pref of big /4 chunks)
  • 23. Influencing Traffic Flows: INBOUND Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 23 • Most common INBOUND: – AS-Path prepend  Backup Path: If you don’t want traffic to come in on a link for a prefix (or the entire IP block), use Prepending feature to add AS Path length to your outbound advertisement, making this link the less preferred path for traffic to your IP block. Aka “padding”. 4xAS# is generally sufficient  Primary Path: Use standard advertisement (no prepending) for the link you prefer to use for inbound traffic to your company  Still have (pre-pended, valid) advertisement from backup path if primary path fails. – Example: set as-path prepend 130 130 130 (add to route-map and apply to neighbor statement to backup ISP) – Communities  Community = instructions from you to your ISP on how to tweak what you advertise  ISP will let you know definition of communities they honor  You will attach a community to a prefix that you are advertising to your ISP(s)  Consists of a series of numbers that correspond to handling instructions for that prefix (such as set local pref within provider’s AS)  Communities can also be used internally to identify routes. For example, you can assign all routes that came from ISP#1 with a community and routes that came from ISP#2 with a different community. That community identifier can then be used by your company to assign preferences to routes advertised internally via iBGP. For example, I want all traffic destined for YouTube’s /16 IP Block to use ISP#2, even though ISP#1 has a shorter AS-Path for the YouTube subnet (perhaps bandwidth is greater to ISP#2). So use the community to set a better metric on that route when it comes in from ISP#2. Remember, weight and local pref take precedence over AS-path length. – Prefix-splitting  ie /192x/20 subnets. Advertise one to each ISP, both also advertise complete /19 aggregate as a safety-net to cover failure of one ISP. Remember: most specific advertisement always wins!  Works best when you own your IP Space (splits still >=/24)  Use a BGP Looking Glass or Route Server to see how to get to your Corp AS’s prefixes
  • 24. Thank You! SDCUG Sept 10, 2014 Meredith Rose, CCIE#4617
  • 25. Redundant Internet Connections ISP#1 Router Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 25 InternetConnection#1 Corporate LAN Corp Router#1 ISP#1 Global Internet ISP#2 Router InternetConnection#2 Corp Router#2 ISP#2 eBGP eBGP iBGP L3 FHRP/OSPF/etc