Multisite Multihome

Hey all, I've been trying to figure out how to make this work cleanly but I don't like any of the solutions I've come up with.

We have 2 sites that we'd like to multihome out of. Now, each site was allocated their own block of IPs by their respective ISPs. What I would like to happen is those blocks of IPs always go out (and come back in) by the ISP who owns them, unless there is a failure, in which case I would like the traffic sent over the MPLS and out the other ISP.

I've gotten this to work in a lab by issuing out default routes from the ISPs to the 2811 through BGP. Then I distribute the default route out via OSPF. I have the two 2811s connected to the MPLS connected using a tunnel. The 2 sites are in different autonomous systems in OSPF so at Site 2 I redistributed OSPF from Site 1. Since the default gateway of Site 1 is being redistributed into Site 2 I bump up the metric so that site doesn't try to use it as it's primary.

But since the 2811 at Site 2 directly participates in Site 1's OSPF it sometimes uses it's gateway (since both have the same metric).

So it works, and works ok, but it's not the cleanest way to do it.

Does anyone have any thoughts?

multisite.jpg

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

networker050184

To get this to work you are probably going to want your own IP space and ASN to get the inbound part working correctly. As far as the outbound part, you can set up iBGP between the two border routers. That way you don't have to mix OSPF and you can manipulate routes that way. Then each OSPF AS can just have a default to its own border router.

burbankmarc

But what happens if one of the border routers, or line to the ISP fails? Without some other backup default route the site will be cutoff from the internet.

networker050184

Just set a second default with a higher AD to the other site. It will only come into play when the other default goes. Or you could just go the easy route and join the OSPF domains into one. Then separate them into two areas and they will choose the intra area route over the inter.

ColbyG

networker050184 wrote: »

Just set a second default with a higher AD to the other site.

This is what I was thinking. You could also run BGP on the WAN routers to inject defaults and use LP or Weight to failover.

Having your own space/AS is a must here if you want your incoming connectivity to failover.

burbankmarc

Right I plan on purchasing an AS number, or, like you said it's all moot.

I guess what I can do is set a default route on the 2811's connecting to the MPLS with a higher AD. It's simple and easy, not sure why I tried to over complicate this.

Thanks all. I'll lab it up and see what happens.

burbankmarc

All right, I got everything working and it all looks good. I hope the higher ups can deal with 2-3 minutes down time while neighbor relationships timeout.

I wish there was something like long distance GLBP, that'd work nicely.

ColbyG

You could mess with the timers if you need it to be faster. If the interface goes down it should cause BGP to reconverge.

ilcram19-2

or you could trigger a command to change the default ip route using eem when the wan interface goes down and forwad all to the mpls and change it back when the interface comes back up

EEM Configuration for Cisco Integrated Services Router Platforms [Cisco IOS Embedded Event Manager (EEM)] - Cisco Systems

ColbyG

ilcram19-2 wrote: »

or you could trigger a command to change the default ip route using eem when the wan interface goes down and forwad all to the mpls and change it back when the interface comes back up

EEM Configuration for Cisco Integrated Services Router Platforms [Cisco IOS Embedded Event Manager (EEM)] - Cisco Systems

Should'nt be necessary. That's the point of dynamic routing.

If anything, he could use IP SLA to verify reachability out an interface and failover if the connection is lost. Losing connectivity doesn't necessarily mean the interface goes down.

ilcram19-2

ColbyG wrote: »

Should'nt be necessary. That's the point of dynamic routing.

If anything, he could use IP SLA to verify reachability out an interface and failover if the connection is lost. Losing connectivity doesn't necessarily mean the interface goes down.

if he is running ospf and advertizing the default route the only thing that he would have to do is natting for the 2 subnet on each router, that way if the internet goes down in one location it can route back over the mpls links over to the working internet link. i was recomended another solution. an IP SLA with eem could be use to trigger the adding or removal of the default route

ColbyG wrote: »

Losing connectivity doesn't necessarily mean the interface goes down.

of course not, but unless his default route changes traffic will still try to flow over that interface to the next gateway

ColbyG

ilcram19-2 wrote: »

of course not, but unless his default route changes traffic will still try to flow over that interface to the next gateway

Right... and what you said doesn't fix the issue unless the interface goes down.

burbankmarc

Well if the outside interface goes down it loses it's default route from the ISP, if the inside interfaces go down then the route won't propagate. So the only thing that would cause real problems is some sort of IOS issue of some kind.

ilcram19-2

burbankmarc wrote: »

Well if the outside interface goes down it loses it's default route from the ISP, if the inside interfaces go down then the route won't propagate. So the only thing that would cause real problems is some sort of IOS issue of some kind.

you can try to use HSRP between the 2 2811 on each side that way you take care of the problem of the router going down and use the MPLS route