Question about BGP

netteasernetteaser Member Posts: 198
I have a quick question about BGP..

I have a customer who is going to purchase a secondary internet connection from a seperate ISP to have a backup connection to the internet. My question is, should BGP be used in this scenario? What he wants is in case ISP 1 goes down all network traffic will be switched over to ISP 2. He has purchase 2 cisco 1840 routers.

TIA

Comments

  • networker050184networker050184 Mod Posts: 11,962 Mod
    You could use BGP or default routes. You could place the AD on one of them higher so it will only be used when the other route is removed from the table if you wan the other route strictly for back up.
    An expert is a man who has made all the mistakes which can be made.
  • netteasernetteaser Member Posts: 198
    Currently he has a PIX 515, with the new setup how will be 515 still be implimented with the 2 1840 routers on the network
  • bowlerspbowlersp Inactive Imported Users Posts: 44 ■■□□□□□□□□
    netteaser wrote:
    I have a quick question about BGP..

    I have a customer who is going to purchase a secondary internet connection from a seperate ISP to have a backup connection to the internet. My question is, should BGP be used in this scenario? What he wants is in case ISP 1 goes down all network traffic will be switched over to ISP 2. He has purchase 2 cisco 1840 routers.

    TIA

    ahh yes, a dual-homed circuit for redundancy. we have a lot of customers that do the same. they advertise their routes on both links, and the one with the shortest bgp AS path to the destination is preferred. but when one of their links goes down, then the routing is switched to the link that is up. thats how i have seen it in play, hope this helps.
    **studying for my JNCIS-ER and BSCI**
  • NetworkGodNetworkGod Member Posts: 236 ■■■□□□□□□□
    I would go with static/default routes but that's just me.. If you do BGP be careful so you don't up being a transit path between 2 ISPs.
    icon_jokercolor.gif
    What one man can do another can do.

    (\__/)This is Bunny. Copy and paste bunny into
    (='.'=)your signature to help him gain world
    (")_(")domination.

    - CCNA - CCDA - BCMSN - BSCI -
    - 70-270 -
  • nice343nice343 Member Posts: 391
    NetworkGod wrote:
    I would go with static/default routes but that's just me.. If you do BGP be careful so you don't up being a transit path between 2 ISPs.
    icon_jokercolor.gif

    Bingo


    If I were you, I will use two static defaults routes to both ISP's and tweak the admin adistance of one default route to like 100.

    With BGP the biggest mistake people make is, they don't even realize they have become a transit area for both ISPs. For some people thats not a big deal but if I am concerned about the security of my network I do not want to be a transit Atonomous system
    My daily blog about IT and tech stuff
    http://techintuition.com/
  • netteasernetteaser Member Posts: 198
    Ok thanks for the replies.

    I think I will try to go with the 2 static default routes
  • EdTheLadEdTheLad Member Posts: 2,111 ■■■■□□□□□□
    netteaser wrote:
    Ok thanks for the replies.

    I think I will try to go with the 2 static default routes

    Default routes wont work, for this you need bgp.If one of the ISPs has an internal issue your default route wont help you, all you traffic will be blackholed.
    Networking, sometimes i love it, mostly i hate it.Its all about the $$$$
  • nice343nice343 Member Posts: 391
    if you are so concerned about redunduncy you can also look at HSRP, GBLP or VRRP.
    My daily blog about IT and tech stuff
    http://techintuition.com/
  • networker050184networker050184 Mod Posts: 11,962 Mod
    EdTheLad wrote:
    netteaser wrote:
    Ok thanks for the replies.

    I think I will try to go with the 2 static default routes

    Default routes wont work, for this you need bgp.If one of the ISPs has an internal issue your default route wont help you, all you traffic will be blackholed.

    This is a great point. With BGP you can get specific routes from each ISP. This way you can choose the best path through either ISP and not just send the traffic to the next hop without caring about whats going on behind that router.
    An expert is a man who has made all the mistakes which can be made.
  • dtlokeedtlokee Member Posts: 2,378 ■■■■□□□□□□
    Do you have your own AS number and IP address range? if not you can use BGP to get a copy of the Internet routing tables (the best way) and use identity nat (policy nat) to translate to the addresses of your two different ISPs. You may find ISP1 won't carry the traffic that is sourced from the range of addresses that ISP2 hands you and vice versa.

    And unless you have a beat ISP there should be no way you can become a transit AS. The ISP should be filtering on their side, but don't assume they are and use the "no-export" community to ensure you aren't relaying routes from one ISP to the other ISP.

    I am not sure about using the 1800 for a full Internet routing table (225,000 routes) I have used a 2800, but not a 1800 yet. What is the speed of the connetcions?
    The only easy day was yesterday!
  • ITdudeITdude Member Posts: 1,181 ■■■□□□□□□□
    dtlokee wrote:
    I am not sure about using the 1800 for a full Internet routing table (225,000 routes) I have used a 2800, but not a 1800 yet.

    Sounds pretty memory intensive.
    I usually hang out on 224.0.0.10 (FF02::A) and 224.0.0.5 (FF02::5) when I'm in a non-proprietary mood.

    __________________________________________
    Simplicity is the ultimate sophistication.
    (Leonardo da Vinci)
  • dtlokeedtlokee Member Posts: 2,378 ■■■■□□□□□□
    Router#sh ip bgp summ
    .
    .
    233241 network entries using 23557341 bytes of memory
    4198014 path entries using 201504672 bytes of memory
    229394 BGP path attribute entries using 12846736 bytes of memory
    52920 BGP AS-PATH entries using 1379048 bytes of memory
    0 BGP route-map cache entries using 0 bytes of memory
    0 BGP filter-list cache entries using 0 bytes of memory
    BGP using 239291829 total bytes of memory
    

    239 MB of ram just for the BGP process.
    The only easy day was yesterday!
  • netteasernetteaser Member Posts: 198
    Thanks for the info, I have to verify this but I think that the routers only have 128mb. Like I said I will verify that info, and they have 1 isp that will provide a T-1 and Time Warner that will have a 5mb connection
  • dtlokeedtlokee Member Posts: 2,378 ■■■■□□□□□□
    netteaser wrote:
    Thanks for the info, I have to verify this but I think that the routers only have 128mb. Like I said I will verify that info, and they have 1 isp that will provide a T-1 and Time Warner that will have a 5mb connection

    The 1841 can have a max of 384MB ram which might be enough, but 512mb is preferred (the Internet is going to continue to grow). I wouldn't go the 2 static route path based on the asymetric paths you will have (one 5Mb/s and the other 1.5Mb/s) because you will end up load balancing your traffic over two different speed paths which can result in undesired jitter in the data streams.
    The only easy day was yesterday!
  • ITdudeITdude Member Posts: 1,181 ■■■□□□□□□□
    dtlokee wrote:
    239 MB of ram just for the BGP process.

    That is kinda what I thought! :Dicon_wink.gif
    I usually hang out on 224.0.0.10 (FF02::A) and 224.0.0.5 (FF02::5) when I'm in a non-proprietary mood.

    __________________________________________
    Simplicity is the ultimate sophistication.
    (Leonardo da Vinci)
  • netteasernetteaser Member Posts: 198
    Thanks for the info. Need to verify all stats on both routers
  • Steve10393Steve10393 Member Posts: 32 ■■□□□□□□□□
    Couple of questions, with 2 ISPs, does he necesarily have to have an AS or be using NAT? Could he use the AS number(s) of the ISPs and be within their AS?
    dtlokee wrote:
    The 1841 can have a max of 384MB ram which might be enough, but 512mb is preferred (the Internet is going to continue to grow)

    Shouldn't the BGP routing tables be getting smaller in the near future when everyone starts switching over to IPv6 since the summarization is going to be so much better?
  • dtlokeedtlokee Member Posts: 2,378 ■■■■□□□□□□
    There's still addresses out there for allocation, not sure how many more subnets can be added, but there's the potential.

    Based on the circumstances I would use NAT. Basically have a BGP table to determine what is the next best hop (ISP) then use identity NAT (nat with a route map using a "match ip next-hop" logic) to translate to the correct address. You need to do this because the ISP will typically drop traffic that is not sourced from the addresses you have been given due to anti-spoofing requirements. Even if they don't drop it, the traffic will have an interesting path out through one ISP then back through a different ISP

    IPv6 is a long way away, and once it is widly used, the IPv4 tables will still be around, increasing the total size of the BGP tables.
    The only easy day was yesterday!
  • ITdudeITdude Member Posts: 1,181 ■■■□□□□□□□
    dtlokee wrote:
    IPv6 is a long way away, and once it is widly used, the IPv4 tables will still be around, increasing the total size of the BGP tables.

    Yes, legacy IPv4 addresses imagine that! :D
    I usually hang out on 224.0.0.10 (FF02::A) and 224.0.0.5 (FF02::5) when I'm in a non-proprietary mood.

    __________________________________________
    Simplicity is the ultimate sophistication.
    (Leonardo da Vinci)
  • dtlokeedtlokee Member Posts: 2,378 ■■■■□□□□□□
    ITdude wrote:
    dtlokee wrote:
    IPv6 is a long way away, and once it is widly used, the IPv4 tables will still be around, increasing the total size of the BGP tables.

    Yes, legacy IPv4 addresses imagine that! :D

    Considering IPv4 was has been around since September 1981 (longer than many members here at techexams have been alive!) It's not doing too badly, but it is starting to show it's age in the computer world (they're like dog years) but it's not going anywhere soon.
    The only easy day was yesterday!
  • Paul BozPaul Boz Member Posts: 2,620 ■■■■■■■■□□
    You don't need to receive full routes from BGP peers.. In this case all you really need are the next hop routes. If you're using 1800 series routers you probably don't want to be hosing up all of the memory via BGP processes. Keep in mind that depending on your topology you'll need to mesh your two BGP routers for the iBGP sessions as well.
    CCNP | CCIP | CCDP | CCNA, CCDA
    CCNA Security | GSEC |GCFW | GCIH | GCIA
    pbosworth@gmail.com
    http://twitter.com/paul_bosworth
    Blog: http://www.infosiege.net/
  • mattsthe2mattsthe2 Member Posts: 304
    dtlokee wrote:
    Router#sh ip bgp summ
    .
    .
    233241 network entries using 23557341 bytes of memory
    4198014 path entries using 201504672 bytes of memory
    229394 BGP path attribute entries using 12846736 bytes of memory
    52920 BGP AS-PATH entries using 1379048 bytes of memory
    0 BGP route-map cache entries using 0 bytes of memory
    0 BGP filter-list cache entries using 0 bytes of memory
    BGP using 239291829 total bytes of memory
    

    239 MB of ram just for the BGP process.


    Theres only 200,000 routes on the internet...wow i expected more than that.

    This cant be common practise to do that unless your say an ISP right? Tell me just did that to see if you could....?
  • Paul BozPaul Boz Member Posts: 2,620 ■■■■■■■■□□
    It is not uncommon for large college campus or corporate networks to have multiple full-BGP peering sessions with multiple providers. The benefit of having full BGP tables is that you can greatly optimize outbound routing.

    Lets think about it. if you have connections to different ISPs for redundancy, bandwidth requirements, or any other reasons, you have a great resource. Unlike most people, you can actually select the best path to the destination network using full BGP. If you have a client trying to access a web server in Japan and your sprint internet connection can get there faster than your AT&T connection why wouldn't you want to use the sprint connection? You can only do such routing with full BGP tables.
    CCNP | CCIP | CCDP | CCNA, CCDA
    CCNA Security | GSEC |GCFW | GCIH | GCIA
    pbosworth@gmail.com
    http://twitter.com/paul_bosworth
    Blog: http://www.infosiege.net/
  • dtlokeedtlokee Member Posts: 2,378 ■■■■□□□□□□
    mattsthe2 wrote:
    dtlokee wrote:
    Router#sh ip bgp summ
    .
    .
    233241 network entries using 23557341 bytes of memory
    4198014 path entries using 201504672 bytes of memory
    229394 BGP path attribute entries using 12846736 bytes of memory
    52920 BGP AS-PATH entries using 1379048 bytes of memory
    0 BGP route-map cache entries using 0 bytes of memory
    0 BGP filter-list cache entries using 0 bytes of memory
    BGP using 239291829 total bytes of memory
    

    239 MB of ram just for the BGP process.


    Theres only 200,000 routes on the internet...wow i expected more than that.

    This cant be common practise to do that unless your say an ISP right? Tell me just did that to see if you could....?


    Nah, try "telnet route-server.ip.att.net"

    You can play around there and see what's up.
    The only easy day was yesterday!
  • mattsthe2mattsthe2 Member Posts: 304
    Paul Boz wrote:
    It is not uncommon for large college campus or corporate networks to have multiple full-BGP peering sessions with multiple providers. The benefit of having full BGP tables is that you can greatly optimize outbound routing.

    Lets think about it. if you have connections to different ISPs for redundancy, bandwidth requirements, or any other reasons, you have a great resource. Unlike most people, you can actually select the best path to the destination network using full BGP. If you have a client trying to access a web server in Japan and your sprint internet connection can get there faster than your AT&T connection why wouldn't you want to use the sprint connection? You can only do such routing with full BGP tables.

    I havent even started to learn BGP yet. But that is so cool.
    Can you run BGP through a IPSec Tunnel?
Sign In or Register to comment.