Question about BGP

netteaser

I have a quick question about BGP..

I have a customer who is going to purchase a secondary internet connection from a seperate ISP to have a backup connection to the internet. My question is, should BGP be used in this scenario? What he wants is in case ISP 1 goes down all network traffic will be switched over to ISP 2. He has purchase 2 cisco 1840 routers.

TIA

networker050184

You could use BGP or default routes. You could place the AD on one of them higher so it will only be used when the other route is removed from the table if you wan the other route strictly for back up.

netteaser

Currently he has a PIX 515, with the new setup how will be 515 still be implimented with the 2 1840 routers on the network

bowlersp

netteaser wrote:

I have a quick question about BGP..

I have a customer who is going to purchase a secondary internet connection from a seperate ISP to have a backup connection to the internet. My question is, should BGP be used in this scenario? What he wants is in case ISP 1 goes down all network traffic will be switched over to ISP 2. He has purchase 2 cisco 1840 routers.

TIA

ahh yes, a dual-homed circuit for redundancy. we have a lot of customers that do the same. they advertise their routes on both links, and the one with the shortest bgp AS path to the destination is preferred. but when one of their links goes down, then the routing is switched to the link that is up. thats how i have seen it in play, hope this helps.

NetworkGod

I would go with static/default routes but that's just me.. If you do BGP be careful so you don't up being a transit path between 2 ISPs.

nice343

NetworkGod wrote:

I would go with static/default routes but that's just me.. If you do BGP be careful so you don't up being a transit path between 2 ISPs.

Bingo


If I were you, I will use two static defaults routes to both ISP's and tweak the admin adistance of one default route to like 100.

With BGP the biggest mistake people make is, they don't even realize they have become a transit area for both ISPs. For some people thats not a big deal but if I am concerned about the security of my network I do not want to be a transit Atonomous system

netteaser

Ok thanks for the replies.

I think I will try to go with the 2 static default routes

EdTheLad

netteaser wrote:

Ok thanks for the replies.

I think I will try to go with the 2 static default routes

Default routes wont work, for this you need bgp.If one of the ISPs has an internal issue your default route wont help you, all you traffic will be blackholed.

nice343

if you are so concerned about redunduncy you can also look at HSRP, GBLP or VRRP.

networker050184

EdTheLad wrote:

netteaser wrote:

Ok thanks for the replies.

I think I will try to go with the 2 static default routes

Default routes wont work, for this you need bgp.If one of the ISPs has an internal issue your default route wont help you, all you traffic will be blackholed.

This is a great point. With BGP you can get specific routes from each ISP. This way you can choose the best path through either ISP and not just send the traffic to the next hop without caring about whats going on behind that router.

dtlokee

Do you have your own AS number and IP address range? if not you can use BGP to get a copy of the Internet routing tables (the best way) and use identity nat (policy nat) to translate to the addresses of your two different ISPs. You may find ISP1 won't carry the traffic that is sourced from the range of addresses that ISP2 hands you and vice versa.

And unless you have a beat ISP there should be no way you can become a transit AS. The ISP should be filtering on their side, but don't assume they are and use the "no-export" community to ensure you aren't relaying routes from one ISP to the other ISP.

I am not sure about using the 1800 for a full Internet routing table (225,000 routes) I have used a 2800, but not a 1800 yet. What is the speed of the connetcions?

ITdude

dtlokee wrote:

I am not sure about using the 1800 for a full Internet routing table (225,000 routes) I have used a 2800, but not a 1800 yet.

Sounds pretty memory intensive.

dtlokee

Router#sh ip bgp summ
.
.
233241 network entries using 23557341 bytes of memory
4198014 path entries using 201504672 bytes of memory
229394 BGP path attribute entries using 12846736 bytes of memory
52920 BGP AS-PATH entries using 1379048 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 239291829 total bytes of memory

239 MB of ram just for the BGP process.

netteaser

Thanks for the info, I have to verify this but I think that the routers only have 128mb. Like I said I will verify that info, and they have 1 isp that will provide a T-1 and Time Warner that will have a 5mb connection

dtlokee

netteaser wrote:

Thanks for the info, I have to verify this but I think that the routers only have 128mb. Like I said I will verify that info, and they have 1 isp that will provide a T-1 and Time Warner that will have a 5mb connection

The 1841 can have a max of 384MB ram which might be enough, but 512mb is preferred (the Internet is going to continue to grow). I wouldn't go the 2 static route path based on the asymetric paths you will have (one 5Mb/s and the other 1.5Mb/s) because you will end up load balancing your traffic over two different speed paths which can result in undesired jitter in the data streams.

ITdude

dtlokee wrote:

239 MB of ram just for the BGP process.

That is kinda what I thought!

netteaser

Thanks for the info. Need to verify all stats on both routers

Steve10393

Couple of questions, with 2 ISPs, does he necesarily have to have an AS or be using NAT? Could he use the AS number(s) of the ISPs and be within their AS?

dtlokee wrote:

The 1841 can have a max of 384MB ram which might be enough, but 512mb is preferred (the Internet is going to continue to grow)

Shouldn't the BGP routing tables be getting smaller in the near future when everyone starts switching over to IPv6 since the summarization is going to be so much better?

dtlokee

There's still addresses out there for allocation, not sure how many more subnets can be added, but there's the potential.

Based on the circumstances I would use NAT. Basically have a BGP table to determine what is the next best hop (ISP) then use identity NAT (nat with a route map using a "match ip next-hop" logic) to translate to the correct address. You need to do this because the ISP will typically drop traffic that is not sourced from the addresses you have been given due to anti-spoofing requirements. Even if they don't drop it, the traffic will have an interesting path out through one ISP then back through a different ISP

IPv6 is a long way away, and once it is widly used, the IPv4 tables will still be around, increasing the total size of the BGP tables.

ITdude

dtlokee wrote:

IPv6 is a long way away, and once it is widly used, the IPv4 tables will still be around, increasing the total size of the BGP tables.

Yes, legacy IPv4 addresses imagine that!

dtlokee

ITdude wrote:

dtlokee wrote:

IPv6 is a long way away, and once it is widly used, the IPv4 tables will still be around, increasing the total size of the BGP tables.

Yes, legacy IPv4 addresses imagine that!

Considering IPv4 was has been around since September 1981 (longer than many members here at techexams have been alive!) It's not doing too badly, but it is starting to show it's age in the computer world (they're like dog years) but it's not going anywhere soon.

Paul Boz

You don't need to receive full routes from BGP peers.. In this case all you really need are the next hop routes. If you're using 1800 series routers you probably don't want to be hosing up all of the memory via BGP processes. Keep in mind that depending on your topology you'll need to mesh your two BGP routers for the iBGP sessions as well.

mattsthe2

dtlokee wrote:

Router#sh ip bgp summ
.
.
233241 network entries using 23557341 bytes of memory
4198014 path entries using 201504672 bytes of memory
229394 BGP path attribute entries using 12846736 bytes of memory
52920 BGP AS-PATH entries using 1379048 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 239291829 total bytes of memory

239 MB of ram just for the BGP process.

Theres only 200,000 routes on the internet...wow i expected more than that.

This cant be common practise to do that unless your say an ISP right? Tell me just did that to see if you could....?

Paul Boz

It is not uncommon for large college campus or corporate networks to have multiple full-BGP peering sessions with multiple providers. The benefit of having full BGP tables is that you can greatly optimize outbound routing.

Lets think about it. if you have connections to different ISPs for redundancy, bandwidth requirements, or any other reasons, you have a great resource. Unlike most people, you can actually select the best path to the destination network using full BGP. If you have a client trying to access a web server in Japan and your sprint internet connection can get there faster than your AT&T connection why wouldn't you want to use the sprint connection? You can only do such routing with full BGP tables.

dtlokee

mattsthe2 wrote:

dtlokee wrote:

Router#sh ip bgp summ
.
.
233241 network entries using 23557341 bytes of memory
4198014 path entries using 201504672 bytes of memory
229394 BGP path attribute entries using 12846736 bytes of memory
52920 BGP AS-PATH entries using 1379048 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 239291829 total bytes of memory

239 MB of ram just for the BGP process.

Theres only 200,000 routes on the internet...wow i expected more than that.

This cant be common practise to do that unless your say an ISP right? Tell me just did that to see if you could....?

Nah, try "telnet route-server.ip.att.net"

You can play around there and see what's up.

mattsthe2

Paul Boz wrote:

It is not uncommon for large college campus or corporate networks to have multiple full-BGP peering sessions with multiple providers. The benefit of having full BGP tables is that you can greatly optimize outbound routing.

Lets think about it. if you have connections to different ISPs for redundancy, bandwidth requirements, or any other reasons, you have a great resource. Unlike most people, you can actually select the best path to the destination network using full BGP. If you have a client trying to access a web server in Japan and your sprint internet connection can get there faster than your AT&T connection why wouldn't you want to use the sprint connection? You can only do such routing with full BGP tables.

I havent even started to learn BGP yet. But that is so cool.
Can you run BGP through a IPSec Tunnel?