SlideShare a Scribd company logo

Using BGP To Manage Dual Internet Connections

Download as PPTX, PDF
Rowell Dionicio
Rowell Dionicio

Meredith Rose discusses using BGP to manage dual internet connections for redundancy. BGP allows traffic to be distributed across both connections simultaneously or fail over from one to the other. Key considerations include preventing the corporate network from becoming a transit path, influencing inbound and outbound traffic flows, and options for routes to import from each ISP like full routes, defaults only, or ISP customer routes plus a default. Proper configuration is needed to load balance connections and control traffic flows for both redundancy and performance.

Technology
1 of 25
Using BGP to Manage Dual Internet connections SDCUG Sept 10, 2014 Meredith Rose, CCIE#4617
Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 2 Intro • Meredith Rose, CCIE#4617 Emeritus • Currently a Solutions Architect for SIGAMnet • Disaster Recovery and Redundancy are recurring themes requested by customers striving to improve their network uptime • Internet access has become better/faster/cheaper, causing more companies to rely on it and expect 5-nines uptime. • Not planning on reviewing the BGP protocol details, but please ask questions any time.
High Level Agenda • The need for Corp Internet x 2 • What you need to use BGP • Key considerations • BGP routes offered by ISPs • Influencing traffic flows Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 3
Does a Company Need 2 Connections to the Internet? • Internet access is business-critical • Apps, data exist in the cloud (ie AWS, WebEx) • Branch connectivity via VPNs over the Internet • Remote access, B2B connections • eCommerce hosted at Corp data center • Redundancy is a must; the less $ the better • BGP can give you tools for utilizing the bandwidth of both Internet connections simultaneously and/or dynamic failover with 1 connection backing up the other Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 4
“I want to use BGP to Load Balance my Internet Connections” • The BGP protocol does NOT know how to “load balance” your Internet traffic! • BGP’s job is to select the single best path to a destination among the BGP paths that are learned from different sources/ISP’s. • BGP is not aware which link is “full” (oversubscribed) or “faster” (lower latency) • Load sharing across your redundant Internet connections is a manual process done on a per prefix basis that takes some TLC. • Inbound and Outbound traffic loads of each link are tuned separately by Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 5 manipulating BGP attributes
One Internet Connection ISP Router Global Internet Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 6 Internet Connection Corporate LAN Corp Router ISP • Static routes to Corp on ISP router • static default route to ISP on Corp router • No need for BGP
Redundant Internet Connections ISP#1 Router Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 7 InternetConnection#1 Corporate LAN Corp Router#1 ISP#1 Global Internet ISP#2 Router InternetConnection#2 Corp Router#2 ISP#2 eBGP eBGP iBGP L3 FHRP/OSPF/etc
Review of Recovery from Failure Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 8 • ISP failure – Internet handoff – Router failure – Upstream peering issues • Corp Router failure – Internet handoff – Router failure – Connection to Corp LAN
Getting started with BGP to the Internet • You will need an ASN (Autonomous System Number). AKA “AS number” – This can be private if using redundant connections to the same ISP.  Obtain from ISP  Will be removed by ISP before being advertised to global Internet  Note: impacts ability to influence inbound traffic with as-path pre-pending – This will be a public ASN if connecting to diverse ISPs.  Obtain from ARIN  More flexibility, ISP-independent Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 9
Getting started with BGP to the Internet • You will need a public IP address “block” to advertise • /24 minimum – This can be assigned/leased to you from your ISP  Easy if both Internet connections are from same ISP  Make sure the ISP that allocated the block to you advertises your specific subnet (ie /24) and not just their supernet block.  If using diverse ISP’s, must check with both to make sure it is ok to advertise IP block from ISP#1 IP space through ISP#2.  More convenient, but less portable – This IP block can be owned by your company.  You can advertise your block to both ISPs.  More mobility if change ISP’s – Make sure you only advertise your assigned, routable IP Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 10 address space! – You will advertise the SAME IP block out to BOTH ISP’s  Can do some tricks with splitting into sub-prefixes and advertising smaller, more specific chunks. Always >=/24
Key Considerations • Ingress and Egress “traffic engineering” managed separately • OUTBOUND traffic influencing – Get your Corp traffic to its destination on the Internet – Want to send traffic out the “best” ISP  Shortest AS path is usually best – Want to avoid oversubscribing a link • INBOUND traffic influencing – Packets from everywhere on the global Internet have to find your Corp network. ISP advertises your IP block(s) to global Internet – Asymmetric is usually OK here (out one ISP, in the other)  Caveat: not ok if you have non-stateful firewalls – Want to take “best” route from global Internet to Corp  Shortest AS path wins in most cases by default – Want to avoid oversubscribing a link Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 11
Key Considerations (Continued) • Redundancy protocols on Corp routers. – HSRP/VRRP if L2 connected – Or use L3 dynamic protocol like OSPF. Internet routers can be in different Corp locations, L3 connected. Each Corp BGP router can originate a default route in Corp-wide OSPF. • Corp routers need to know how to get to ISP router’s peering IP address (or use next-hop-self on iBGP session). If iBGP routers peer on loopback, must be reachable (use IGP + update-source Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 12 loopback0) • Get Corp traffic destined for Internet to one of the Corp Internet routers. It doesn’t really matter which one. BGP will take it from there. • It’s about manual traffic load distribution; BGP does not know how to do dynamic Load Balancing to multiple ISPs on its own • You do not want your Corp to be come a “Transit” path between your two ISP’s!
“Transit” - What’s the big deal? Corporate LAN Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 13 ISP#1 Global Internet ISP#2 ISP#1 Routes ISP#2 says “Hey Global Internet! Here’s a quick way to reach ISP#1 customers!”
Don’t be a Transit! Corporate LAN Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 14 ISP#1 Global Internet ISP#2 ISP#2 Routes ISP#1 Routes Only send routes originating from your Corp ASN to each ISP iBGP full route exchange
What Routes to Take in from ISP • Remember: this affects OUTBOUND decisions (not inbound), ie which ISP your Corp will use to make a connection to a site on the Internet. Most common options: • Option#1: Full Internet routes from each ISP • Option#2: Default/0.0.0.0 only from each ISP – Tune so use one link as primary, other as backup • Option#3: ISP’s Customer Routes Only – AKA “Partial Routes” – Get each ISP’s local customer routes only. Use a default route to put the rest of the outbound traffic on one ISP’s link, backup by other ISP. – Or use just one ISP link to receive that ISP’s directly connected customers, use default route to put the rest of the outbound traffic on the other link Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 15
Option#1: Full Routes from Both Corporate LAN Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 16 ISP#1 Global Internet ISP#2 Full Routes from ISP#1 iBGP full route exchange Full Routes from ISP#2
What Routes to Take In from ISP • Option#1: Full Internet routes from each ISP – Need a lot of memory for this. Each router will have 2xfull Internet routing table (table>450k routes)! – Let it play out and monitor for over-utilization of one Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 17 link – Tune to balance links better if necessary – Use route-map + as-path access list to make sure you do not become a transit between ISP’s.  Do not advertise routes to ISP#2 that you learned from ISP#1 and vice versa  apply a similar route map outbound to each ISP neighbor so that only locally originated BGP routes are advertised – route-map localonly permit 10 – match as-path 10 – ip as-path access-list 10 permit ^$ – Not a bad idea to take a default from each ISP as well
Option#2: Default from Both Corporate LAN Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 18 ISP#1 Global Internet ISP#2 0.0.0.0 iBGP exchange default received routes w/preferences Configure iBGP to prefer default route from ISP#1 0.0.0.0 iBGP will agree to prefer 0.0.0.0 from ISP#1 over ISP#2
What Routes to Take In from ISP • Option#2: Default only from each ISP – Tune BGP (local pref is common) so use one link as primary, other as backup (again, only applies to OUTBOUND traffic) – Tell your ISPs you only want them to send you the default route – Use an inbound prefix-list on route-map inbound on the ISP neighbor statement or similar filter to make sure to drop every route except default just in case  ip prefix-list default-only seq 5 permit 0.0.0.0/0 – Still only advertise prefixes originated by your AS to ISP#1 and ISP#2 (by default, BGP won’t send them each other’s 0.0.0.0 that you learned – phew!) Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 19
Option#3: ISP Local Routes Only Corporate LAN Routes from ISP#2 customers + 0.0.0.0 Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 20 ISP#1 Global Internet ISP#2 Routes from ISP#1 customers + 0.0.0.0 iBGP will naturally send traffic for local routes to its corresponding ISP Configure iBGP to prefer default route from ISP#1 to catch routes not local to either ISP iBGP will agree to prefer ISP#1 for everything not local to ISP#2
What Routes to Take In from ISP • Option#3: ISP’s routes only + Default – Only receive routes from an ISP of that ISP’s directly connected customers (think of how many big companies host with ATT, etc) – You can ask your ISP to send you just their customer routes – Filter routes not sourced from that ISP just in case (in this example, ISP = AS100, route-map is inbound on neighbor statement to ISP):  ip as-path access-list 20 permit ^100$  route-map as100only permit 10  match as-path 20 – Use one link for one directly connected ISP’s customers (more local provider), use default route to prefer to put the rest of the outbound traffic on the other link or similar combo Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 21
Influencing Traffic Flows: OUTBOUND • OUTBOUND Traffic Control is easier than INBOUND. It’s all on you. • All you have to control is how attractive a destination looks to your Corp BGP routers. • You can only control the next AS in the path (ie ISP#1 vs ISP#2), not the entire path through the global Internet to the destination. • Most common OUTBOUND: Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 22 – Local preference  Outbound traffic flows to one of your Corp BGP routers. BGP will have used the “local preference” attribute to tell that router which route to take (ISP#1 vs ISP#2) to reach the destination.  Monitor regularly and tweak/tune local pref of prefixes as desired  Look for popular, heavily-used prefixes to influence to get the most bang for your buck (or increase local pref of big /4 chunks)
Influencing Traffic Flows: INBOUND Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 23 • Most common INBOUND: – AS-Path prepend  Backup Path: If you don’t want traffic to come in on a link for a prefix (or the entire IP block), use Prepending feature to add AS Path length to your outbound advertisement, making this link the less preferred path for traffic to your IP block. Aka “padding”. 4xAS# is generally sufficient  Primary Path: Use standard advertisement (no prepending) for the link you prefer to use for inbound traffic to your company  Still have (pre-pended, valid) advertisement from backup path if primary path fails. – Example: set as-path prepend 130 130 130 (add to route-map and apply to neighbor statement to backup ISP) – Communities  Community = instructions from you to your ISP on how to tweak what you advertise  ISP will let you know definition of communities they honor  You will attach a community to a prefix that you are advertising to your ISP(s)  Consists of a series of numbers that correspond to handling instructions for that prefix (such as set local pref within provider’s AS)  Communities can also be used internally to identify routes. For example, you can assign all routes that came from ISP#1 with a community and routes that came from ISP#2 with a different community. That community identifier can then be used by your company to assign preferences to routes advertised internally via iBGP. For example, I want all traffic destined for YouTube’s /16 IP Block to use ISP#2, even though ISP#1 has a shorter AS-Path for the YouTube subnet (perhaps bandwidth is greater to ISP#2). So use the community to set a better metric on that route when it comes in from ISP#2. Remember, weight and local pref take precedence over AS-path length. – Prefix-splitting  ie /192x/20 subnets. Advertise one to each ISP, both also advertise complete /19 aggregate as a safety-net to cover failure of one ISP. Remember: most specific advertisement always wins!  Works best when you own your IP Space (splits still >=/24)  Use a BGP Looking Glass or Route Server to see how to get to your Corp AS’s prefixes
Thank You! SDCUG Sept 10, 2014 Meredith Rose, CCIE#4617
Redundant Internet Connections ISP#1 Router Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 25 InternetConnection#1 Corporate LAN Corp Router#1 ISP#1 Global Internet ISP#2 Router InternetConnection#2 Corp Router#2 ISP#2 eBGP eBGP iBGP L3 FHRP/OSPF/etc

Recommended

An Overview of Border Gateway Protocol (BGP)
An Overview of Border Gateway Protocol (BGP)An Overview of Border Gateway Protocol (BGP)
An Overview of Border Gateway Protocol (BGP)Jasim Alam
 
BGP protocol presentation
BGP protocol presentationBGP protocol presentation
BGP protocol presentationGorantla Mohanavamsi
 
HSRP ccna
HSRP ccna HSRP ccna
HSRP ccna MohamedJafar5
 
BGP (border gateway routing protocol)
BGP (border gateway routing protocol)BGP (border gateway routing protocol)
BGP (border gateway routing protocol)Netwax Lab
 
Bgp protocol
Bgp protocolBgp protocol
Bgp protocolSmriti Tikoo
 
How BGP Works
How BGP WorksHow BGP Works
How BGP WorksThousandEyes
 
Basic BGP Configuration
Basic BGP ConfigurationBasic BGP Configuration
Basic BGP ConfigurationNetProtocol Xpert
 
BGP
BGP BGP
BGP Reza Farahani
 

Recommended

An Overview of Border Gateway Protocol (BGP)
An Overview of Border Gateway Protocol (BGP)An Overview of Border Gateway Protocol (BGP)
An Overview of Border Gateway Protocol (BGP)Jasim Alam
 
BGP protocol presentation
BGP protocol presentationBGP protocol presentation
BGP protocol presentationGorantla Mohanavamsi
 
HSRP ccna
HSRP ccna HSRP ccna
HSRP ccna MohamedJafar5
 
BGP (border gateway routing protocol)
BGP (border gateway routing protocol)BGP (border gateway routing protocol)
BGP (border gateway routing protocol)Netwax Lab
 
Bgp protocol
Bgp protocolBgp protocol
Bgp protocolSmriti Tikoo
 
How BGP Works
How BGP WorksHow BGP Works
How BGP WorksThousandEyes
 
Basic BGP Configuration
Basic BGP ConfigurationBasic BGP Configuration
Basic BGP ConfigurationNetProtocol Xpert
 
BGP
BGP BGP
BGP Reza Farahani
 
Border Gateway Protocol (BGP)
Border Gateway Protocol (BGP)Border Gateway Protocol (BGP)
Border Gateway Protocol (BGP)Nutan Singh
 
Fhrp notes
Fhrp notesFhrp notes
Fhrp notesKrunal Shah
 
Dynamic ARP Inspection (DAI)
Dynamic ARP Inspection (DAI)Dynamic ARP Inspection (DAI)
Dynamic ARP Inspection (DAI)NetProtocol Xpert
 
BGP Traffic Engineering / Routing Optimisation
BGP Traffic Engineering / Routing OptimisationBGP Traffic Engineering / Routing Optimisation
BGP Traffic Engineering / Routing OptimisationAndy Davidson
 
Tutorial: Using GoBGP as an IXP connecting router
Tutorial: Using GoBGP as an IXP connecting routerTutorial: Using GoBGP as an IXP connecting router
Tutorial: Using GoBGP as an IXP connecting routerShu Sugimoto
 
IX Best Practices by Tay Chee Yong
IX Best Practices by Tay Chee YongIX Best Practices by Tay Chee Yong
IX Best Practices by Tay Chee YongMyNOG
 
Border Gatway Protocol
Border Gatway ProtocolBorder Gatway Protocol
Border Gatway ProtocolShashank Asthana
 
Bgp
BgpBgp
BgpFebrian ‎
 
Spanning tree protocol
Spanning tree protocolSpanning tree protocol
Spanning tree protocolMuuluu
 
13. eigrp and ospf
13. eigrp and ospf13. eigrp and ospf
13. eigrp and ospfSwarndeep Singh
 
BGP
BGPBGP
BGPAnıl Alibeyoğlu
 
Ospf
Ospf Ospf
OspfDeeN Mohammad
 
ccna summer training ppt ( Cisco certified network analysis) ppt. by Traun k...
ccna summer training ppt ( Cisco certified network analysis) ppt. by Traun k...ccna summer training ppt ( Cisco certified network analysis) ppt. by Traun k...
ccna summer training ppt ( Cisco certified network analysis) ppt. by Traun k...Tarun Khaneja
 
Juniper policy based filter based forwarding
Juniper policy based filter based forwardingJuniper policy based filter based forwarding
Juniper policy based filter based forwardingMars Chen
 
OSPF Basics
OSPF BasicsOSPF Basics
OSPF BasicsMartin Bratina
 
ospf routing protocol
ospf routing protocolospf routing protocol
ospf routing protocolAmeer Agel
 
BGP Overview
BGP OverviewBGP Overview
BGP OverviewMatt Bynum
 
Routing protocols
Routing protocolsRouting protocols
Routing protocolsSourabh Goyal
 
Cisco CCNA-CCNP IP SLA Configuration
Cisco CCNA-CCNP IP SLA ConfigurationCisco CCNA-CCNP IP SLA Configuration
Cisco CCNA-CCNP IP SLA ConfigurationHamed Moghaddam
 
Encor chapter 1_packet forwarding
Encor chapter 1_packet forwardingEncor chapter 1_packet forwarding
Encor chapter 1_packet forwardingmerhatsidikmelke
 
Multi
MultiMulti
Multindthanh0501
 
Part1
Part1Part1
Part1cisconetworker
 

More Related Content

What's hot

Border Gateway Protocol (BGP)
Border Gateway Protocol (BGP)Border Gateway Protocol (BGP)
Border Gateway Protocol (BGP)Nutan Singh
 
Dynamic ARP Inspection (DAI)
Dynamic ARP Inspection (DAI)Dynamic ARP Inspection (DAI)
Dynamic ARP Inspection (DAI)NetProtocol Xpert
 
BGP Traffic Engineering / Routing Optimisation
BGP Traffic Engineering / Routing OptimisationBGP Traffic Engineering / Routing Optimisation
BGP Traffic Engineering / Routing OptimisationAndy Davidson
 
Tutorial: Using GoBGP as an IXP connecting router
Tutorial: Using GoBGP as an IXP connecting routerTutorial: Using GoBGP as an IXP connecting router
Tutorial: Using GoBGP as an IXP connecting routerShu Sugimoto
 
IX Best Practices by Tay Chee Yong
IX Best Practices by Tay Chee YongIX Best Practices by Tay Chee Yong
IX Best Practices by Tay Chee YongMyNOG
 
Spanning tree protocol
Spanning tree protocolSpanning tree protocol
Spanning tree protocolMuuluu
 
ccna summer training ppt ( Cisco certified network analysis) ppt. by Traun k...
ccna summer training ppt ( Cisco certified network analysis) ppt. by Traun k...ccna summer training ppt ( Cisco certified network analysis) ppt. by Traun k...
ccna summer training ppt ( Cisco certified network analysis) ppt. by Traun k...Tarun Khaneja
 
Juniper policy based filter based forwarding
Juniper policy based filter based forwardingJuniper policy based filter based forwarding
Juniper policy based filter based forwardingMars Chen
 
ospf routing protocol
ospf routing protocolospf routing protocol
ospf routing protocolAmeer Agel
 
Cisco CCNA-CCNP IP SLA Configuration
Cisco CCNA-CCNP IP SLA ConfigurationCisco CCNA-CCNP IP SLA Configuration
Cisco CCNA-CCNP IP SLA ConfigurationHamed Moghaddam
 
Encor chapter 1_packet forwarding
Encor chapter 1_packet forwardingEncor chapter 1_packet forwarding
Encor chapter 1_packet forwardingmerhatsidikmelke
 

What's hot (20)

Border Gateway Protocol (BGP)
Border Gateway Protocol (BGP)Border Gateway Protocol (BGP)
Border Gateway Protocol (BGP)
 
Fhrp notes
Fhrp notesFhrp notes
Fhrp notes
 
Dynamic ARP Inspection (DAI)
Dynamic ARP Inspection (DAI)Dynamic ARP Inspection (DAI)
Dynamic ARP Inspection (DAI)
 
BGP Traffic Engineering / Routing Optimisation
BGP Traffic Engineering / Routing OptimisationBGP Traffic Engineering / Routing Optimisation
BGP Traffic Engineering / Routing Optimisation
 
Tutorial: Using GoBGP as an IXP connecting router
Tutorial: Using GoBGP as an IXP connecting routerTutorial: Using GoBGP as an IXP connecting router
Tutorial: Using GoBGP as an IXP connecting router
 
IX Best Practices by Tay Chee Yong
IX Best Practices by Tay Chee YongIX Best Practices by Tay Chee Yong
IX Best Practices by Tay Chee Yong
 
Border Gatway Protocol
Border Gatway ProtocolBorder Gatway Protocol
Border Gatway Protocol
 
Bgp
BgpBgp
Bgp
 
Spanning tree protocol
Spanning tree protocolSpanning tree protocol
Spanning tree protocol
 
13. eigrp and ospf
13. eigrp and ospf13. eigrp and ospf
13. eigrp and ospf
 
BGP
BGPBGP
BGP
 
Ospf
Ospf Ospf
Ospf
 
ccna summer training ppt ( Cisco certified network analysis) ppt. by Traun k...
ccna summer training ppt ( Cisco certified network analysis) ppt. by Traun k...ccna summer training ppt ( Cisco certified network analysis) ppt. by Traun k...
ccna summer training ppt ( Cisco certified network analysis) ppt. by Traun k...
 
Juniper policy based filter based forwarding
Juniper policy based filter based forwardingJuniper policy based filter based forwarding
Juniper policy based filter based forwarding
 
OSPF Basics
OSPF BasicsOSPF Basics
OSPF Basics
 
ospf routing protocol
ospf routing protocolospf routing protocol
ospf routing protocol
 
BGP Overview
BGP OverviewBGP Overview
BGP Overview
 
Routing protocols
Routing protocolsRouting protocols
Routing protocols
 
Cisco CCNA-CCNP IP SLA Configuration
Cisco CCNA-CCNP IP SLA ConfigurationCisco CCNA-CCNP IP SLA Configuration
Cisco CCNA-CCNP IP SLA Configuration
 
Encor chapter 1_packet forwarding
Encor chapter 1_packet forwardingEncor chapter 1_packet forwarding
Encor chapter 1_packet forwarding
 

Similar to Using BGP To Manage Dual Internet Connections

BGP Protocol Makes the Internet Work
BGP Protocol Makes the Internet WorkBGP Protocol Makes the Internet Work
BGP Protocol Makes the Internet WorkIT Tech
 
CCNA4 Verson6 Chapter3
CCNA4 Verson6 Chapter3CCNA4 Verson6 Chapter3
CCNA4 Verson6 Chapter3Chaing Ravuth
 
CCNA (R & S) Module 02 - Connecting Networks - Chapter 3
CCNA (R & S) Module 02 - Connecting Networks - Chapter 3CCNA (R & S) Module 02 - Connecting Networks - Chapter 3
CCNA (R & S) Module 02 - Connecting Networks - Chapter 3Waqas Ahmed Nawaz
 
Who are the INTERNET SERVICE PROVIDERS?
Who are the INTERNET SERVICE PROVIDERS?Who are the INTERNET SERVICE PROVIDERS?
Who are the INTERNET SERVICE PROVIDERS?Likan Patra
 
routing Protocols and Virtual private network
routing Protocols and Virtual private networkrouting Protocols and Virtual private network
routing Protocols and Virtual private networkhayenas
 
CNv6_instructorPPT_Chapter3.pptx
CNv6_instructorPPT_Chapter3.pptxCNv6_instructorPPT_Chapter3.pptx
CNv6_instructorPPT_Chapter3.pptxVishalThakor19
 
Load Sharing Internet with MikroTik.pdf
Load Sharing Internet with MikroTik.pdfLoad Sharing Internet with MikroTik.pdf
Load Sharing Internet with MikroTik.pdfEnics
 
T4 Handout3
T4 Handout3T4 Handout3
T4 Handout3gobed
 
IP Possibilities - 2013 - IP Interconnection Panel (18-apr, 2013)
IP Possibilities - 2013 - IP Interconnection Panel (18-apr, 2013)IP Possibilities - 2013 - IP Interconnection Panel (18-apr, 2013)
IP Possibilities - 2013 - IP Interconnection Panel (18-apr, 2013)steve ulrich
 
Routing, Network Performance, and Role of Analytics
Routing, Network Performance, and Role of AnalyticsRouting, Network Performance, and Role of Analytics
Routing, Network Performance, and Role of AnalyticsAPNIC
 
Manrs 7_sept__indonesia
Manrs 7_sept__indonesiaManrs 7_sept__indonesia
Manrs 7_sept__indonesiaNaveenLakshman
 
Multapplied Networks - Bonding and Load Balancing together in Bonded Internet™
Multapplied Networks - Bonding and Load Balancing together in Bonded Internet™Multapplied Networks - Bonding and Load Balancing together in Bonded Internet™
Multapplied Networks - Bonding and Load Balancing together in Bonded Internet™Multapplied Networks
 
DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec APNIC
 

Similar to Using BGP To Manage Dual Internet Connections (20)

Multi
MultiMulti
Multi
 
Part1
Part1Part1
Part1
 
BGP Protocol Makes the Internet Work
BGP Protocol Makes the Internet WorkBGP Protocol Makes the Internet Work
BGP Protocol Makes the Internet Work
 
Bigbgp (1)
Bigbgp (1)Bigbgp (1)
Bigbgp (1)
 
CCNA4 Verson6 Chapter3
CCNA4 Verson6 Chapter3CCNA4 Verson6 Chapter3
CCNA4 Verson6 Chapter3
 
CCNA (R & S) Module 02 - Connecting Networks - Chapter 3
CCNA (R & S) Module 02 - Connecting Networks - Chapter 3CCNA (R & S) Module 02 - Connecting Networks - Chapter 3
CCNA (R & S) Module 02 - Connecting Networks - Chapter 3
 
Who are the INTERNET SERVICE PROVIDERS?
Who are the INTERNET SERVICE PROVIDERS?Who are the INTERNET SERVICE PROVIDERS?
Who are the INTERNET SERVICE PROVIDERS?
 
Bigbgp
BigbgpBigbgp
Bigbgp
 
eBGP.pptx
eBGP.pptxeBGP.pptx
eBGP.pptx
 
routing Protocols and Virtual private network
routing Protocols and Virtual private networkrouting Protocols and Virtual private network
routing Protocols and Virtual private network
 
CNv6_instructorPPT_Chapter3.pptx
CNv6_instructorPPT_Chapter3.pptxCNv6_instructorPPT_Chapter3.pptx
CNv6_instructorPPT_Chapter3.pptx
 
Load Sharing Internet with MikroTik.pdf
Load Sharing Internet with MikroTik.pdfLoad Sharing Internet with MikroTik.pdf
Load Sharing Internet with MikroTik.pdf
 
T4 Handout3
T4 Handout3T4 Handout3
T4 Handout3
 
ION Bangladesh - Secure BGP and Operational Report of Bangladesh
ION Bangladesh - Secure BGP and Operational Report of BangladeshION Bangladesh - Secure BGP and Operational Report of Bangladesh
ION Bangladesh - Secure BGP and Operational Report of Bangladesh
 
IP Possibilities - 2013 - IP Interconnection Panel (18-apr, 2013)
IP Possibilities - 2013 - IP Interconnection Panel (18-apr, 2013)IP Possibilities - 2013 - IP Interconnection Panel (18-apr, 2013)
IP Possibilities - 2013 - IP Interconnection Panel (18-apr, 2013)
 
Routing, Network Performance, and Role of Analytics
Routing, Network Performance, and Role of AnalyticsRouting, Network Performance, and Role of Analytics
Routing, Network Performance, and Role of Analytics
 
Manrs 7_sept__indonesia
Manrs 7_sept__indonesiaManrs 7_sept__indonesia
Manrs 7_sept__indonesia
 
CCCNP ROUTE v6_ch06
CCCNP ROUTE v6_ch06CCCNP ROUTE v6_ch06
CCCNP ROUTE v6_ch06
 
Multapplied Networks - Bonding and Load Balancing together in Bonded Internet™
Multapplied Networks - Bonding and Load Balancing together in Bonded Internet™Multapplied Networks - Bonding and Load Balancing together in Bonded Internet™
Multapplied Networks - Bonding and Load Balancing together in Bonded Internet™
 
DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec
 

Recently uploaded

TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditSkynet Technologies
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 

Recently uploaded (20)

TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance Audit
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 

Using BGP To Manage Dual Internet Connections

  • 1. Using BGP to Manage Dual Internet connections SDCUG Sept 10, 2014 Meredith Rose, CCIE#4617
  • 2. Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 2 Intro • Meredith Rose, CCIE#4617 Emeritus • Currently a Solutions Architect for SIGAMnet • Disaster Recovery and Redundancy are recurring themes requested by customers striving to improve their network uptime • Internet access has become better/faster/cheaper, causing more companies to rely on it and expect 5-nines uptime. • Not planning on reviewing the BGP protocol details, but please ask questions any time.
  • 3. High Level Agenda • The need for Corp Internet x 2 • What you need to use BGP • Key considerations • BGP routes offered by ISPs • Influencing traffic flows Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 3
  • 4. Does a Company Need 2 Connections to the Internet? • Internet access is business-critical • Apps, data exist in the cloud (ie AWS, WebEx) • Branch connectivity via VPNs over the Internet • Remote access, B2B connections • eCommerce hosted at Corp data center • Redundancy is a must; the less $ the better • BGP can give you tools for utilizing the bandwidth of both Internet connections simultaneously and/or dynamic failover with 1 connection backing up the other Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 4
  • 5. “I want to use BGP to Load Balance my Internet Connections” • The BGP protocol does NOT know how to “load balance” your Internet traffic! • BGP’s job is to select the single best path to a destination among the BGP paths that are learned from different sources/ISP’s. • BGP is not aware which link is “full” (oversubscribed) or “faster” (lower latency) • Load sharing across your redundant Internet connections is a manual process done on a per prefix basis that takes some TLC. • Inbound and Outbound traffic loads of each link are tuned separately by Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 5 manipulating BGP attributes
  • 6. One Internet Connection ISP Router Global Internet Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 6 Internet Connection Corporate LAN Corp Router ISP • Static routes to Corp on ISP router • static default route to ISP on Corp router • No need for BGP
  • 7. Redundant Internet Connections ISP#1 Router Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 7 InternetConnection#1 Corporate LAN Corp Router#1 ISP#1 Global Internet ISP#2 Router InternetConnection#2 Corp Router#2 ISP#2 eBGP eBGP iBGP L3 FHRP/OSPF/etc
  • 8. Review of Recovery from Failure Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 8 • ISP failure – Internet handoff – Router failure – Upstream peering issues • Corp Router failure – Internet handoff – Router failure – Connection to Corp LAN
  • 9. Getting started with BGP to the Internet • You will need an ASN (Autonomous System Number). AKA “AS number” – This can be private if using redundant connections to the same ISP.  Obtain from ISP  Will be removed by ISP before being advertised to global Internet  Note: impacts ability to influence inbound traffic with as-path pre-pending – This will be a public ASN if connecting to diverse ISPs.  Obtain from ARIN  More flexibility, ISP-independent Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 9
  • 10. Getting started with BGP to the Internet • You will need a public IP address “block” to advertise • /24 minimum – This can be assigned/leased to you from your ISP  Easy if both Internet connections are from same ISP  Make sure the ISP that allocated the block to you advertises your specific subnet (ie /24) and not just their supernet block.  If using diverse ISP’s, must check with both to make sure it is ok to advertise IP block from ISP#1 IP space through ISP#2.  More convenient, but less portable – This IP block can be owned by your company.  You can advertise your block to both ISPs.  More mobility if change ISP’s – Make sure you only advertise your assigned, routable IP Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 10 address space! – You will advertise the SAME IP block out to BOTH ISP’s  Can do some tricks with splitting into sub-prefixes and advertising smaller, more specific chunks. Always >=/24
  • 11. Key Considerations • Ingress and Egress “traffic engineering” managed separately • OUTBOUND traffic influencing – Get your Corp traffic to its destination on the Internet – Want to send traffic out the “best” ISP  Shortest AS path is usually best – Want to avoid oversubscribing a link • INBOUND traffic influencing – Packets from everywhere on the global Internet have to find your Corp network. ISP advertises your IP block(s) to global Internet – Asymmetric is usually OK here (out one ISP, in the other)  Caveat: not ok if you have non-stateful firewalls – Want to take “best” route from global Internet to Corp  Shortest AS path wins in most cases by default – Want to avoid oversubscribing a link Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 11
  • 12. Key Considerations (Continued) • Redundancy protocols on Corp routers. – HSRP/VRRP if L2 connected – Or use L3 dynamic protocol like OSPF. Internet routers can be in different Corp locations, L3 connected. Each Corp BGP router can originate a default route in Corp-wide OSPF. • Corp routers need to know how to get to ISP router’s peering IP address (or use next-hop-self on iBGP session). If iBGP routers peer on loopback, must be reachable (use IGP + update-source Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 12 loopback0) • Get Corp traffic destined for Internet to one of the Corp Internet routers. It doesn’t really matter which one. BGP will take it from there. • It’s about manual traffic load distribution; BGP does not know how to do dynamic Load Balancing to multiple ISPs on its own • You do not want your Corp to be come a “Transit” path between your two ISP’s!
  • 13. “Transit” - What’s the big deal? Corporate LAN Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 13 ISP#1 Global Internet ISP#2 ISP#1 Routes ISP#2 says “Hey Global Internet! Here’s a quick way to reach ISP#1 customers!”
  • 14. Don’t be a Transit! Corporate LAN Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 14 ISP#1 Global Internet ISP#2 ISP#2 Routes ISP#1 Routes Only send routes originating from your Corp ASN to each ISP iBGP full route exchange
  • 15. What Routes to Take in from ISP • Remember: this affects OUTBOUND decisions (not inbound), ie which ISP your Corp will use to make a connection to a site on the Internet. Most common options: • Option#1: Full Internet routes from each ISP • Option#2: Default/0.0.0.0 only from each ISP – Tune so use one link as primary, other as backup • Option#3: ISP’s Customer Routes Only – AKA “Partial Routes” – Get each ISP’s local customer routes only. Use a default route to put the rest of the outbound traffic on one ISP’s link, backup by other ISP. – Or use just one ISP link to receive that ISP’s directly connected customers, use default route to put the rest of the outbound traffic on the other link Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 15
  • 16. Option#1: Full Routes from Both Corporate LAN Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 16 ISP#1 Global Internet ISP#2 Full Routes from ISP#1 iBGP full route exchange Full Routes from ISP#2
  • 17. What Routes to Take In from ISP • Option#1: Full Internet routes from each ISP – Need a lot of memory for this. Each router will have 2xfull Internet routing table (table>450k routes)! – Let it play out and monitor for over-utilization of one Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 17 link – Tune to balance links better if necessary – Use route-map + as-path access list to make sure you do not become a transit between ISP’s.  Do not advertise routes to ISP#2 that you learned from ISP#1 and vice versa  apply a similar route map outbound to each ISP neighbor so that only locally originated BGP routes are advertised – route-map localonly permit 10 – match as-path 10 – ip as-path access-list 10 permit ^$ – Not a bad idea to take a default from each ISP as well
  • 18. Option#2: Default from Both Corporate LAN Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 18 ISP#1 Global Internet ISP#2 0.0.0.0 iBGP exchange default received routes w/preferences Configure iBGP to prefer default route from ISP#1 0.0.0.0 iBGP will agree to prefer 0.0.0.0 from ISP#1 over ISP#2
  • 19. What Routes to Take In from ISP • Option#2: Default only from each ISP – Tune BGP (local pref is common) so use one link as primary, other as backup (again, only applies to OUTBOUND traffic) – Tell your ISPs you only want them to send you the default route – Use an inbound prefix-list on route-map inbound on the ISP neighbor statement or similar filter to make sure to drop every route except default just in case  ip prefix-list default-only seq 5 permit 0.0.0.0/0 – Still only advertise prefixes originated by your AS to ISP#1 and ISP#2 (by default, BGP won’t send them each other’s 0.0.0.0 that you learned – phew!) Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 19
  • 20. Option#3: ISP Local Routes Only Corporate LAN Routes from ISP#2 customers + 0.0.0.0 Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 20 ISP#1 Global Internet ISP#2 Routes from ISP#1 customers + 0.0.0.0 iBGP will naturally send traffic for local routes to its corresponding ISP Configure iBGP to prefer default route from ISP#1 to catch routes not local to either ISP iBGP will agree to prefer ISP#1 for everything not local to ISP#2
  • 21. What Routes to Take In from ISP • Option#3: ISP’s routes only + Default – Only receive routes from an ISP of that ISP’s directly connected customers (think of how many big companies host with ATT, etc) – You can ask your ISP to send you just their customer routes – Filter routes not sourced from that ISP just in case (in this example, ISP = AS100, route-map is inbound on neighbor statement to ISP):  ip as-path access-list 20 permit ^100$  route-map as100only permit 10  match as-path 20 – Use one link for one directly connected ISP’s customers (more local provider), use default route to prefer to put the rest of the outbound traffic on the other link or similar combo Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 21
  • 22. Influencing Traffic Flows: OUTBOUND • OUTBOUND Traffic Control is easier than INBOUND. It’s all on you. • All you have to control is how attractive a destination looks to your Corp BGP routers. • You can only control the next AS in the path (ie ISP#1 vs ISP#2), not the entire path through the global Internet to the destination. • Most common OUTBOUND: Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 22 – Local preference  Outbound traffic flows to one of your Corp BGP routers. BGP will have used the “local preference” attribute to tell that router which route to take (ISP#1 vs ISP#2) to reach the destination.  Monitor regularly and tweak/tune local pref of prefixes as desired  Look for popular, heavily-used prefixes to influence to get the most bang for your buck (or increase local pref of big /4 chunks)
  • 23. Influencing Traffic Flows: INBOUND Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 23 • Most common INBOUND: – AS-Path prepend  Backup Path: If you don’t want traffic to come in on a link for a prefix (or the entire IP block), use Prepending feature to add AS Path length to your outbound advertisement, making this link the less preferred path for traffic to your IP block. Aka “padding”. 4xAS# is generally sufficient  Primary Path: Use standard advertisement (no prepending) for the link you prefer to use for inbound traffic to your company  Still have (pre-pended, valid) advertisement from backup path if primary path fails. – Example: set as-path prepend 130 130 130 (add to route-map and apply to neighbor statement to backup ISP) – Communities  Community = instructions from you to your ISP on how to tweak what you advertise  ISP will let you know definition of communities they honor  You will attach a community to a prefix that you are advertising to your ISP(s)  Consists of a series of numbers that correspond to handling instructions for that prefix (such as set local pref within provider’s AS)  Communities can also be used internally to identify routes. For example, you can assign all routes that came from ISP#1 with a community and routes that came from ISP#2 with a different community. That community identifier can then be used by your company to assign preferences to routes advertised internally via iBGP. For example, I want all traffic destined for YouTube’s /16 IP Block to use ISP#2, even though ISP#1 has a shorter AS-Path for the YouTube subnet (perhaps bandwidth is greater to ISP#2). So use the community to set a better metric on that route when it comes in from ISP#2. Remember, weight and local pref take precedence over AS-path length. – Prefix-splitting  ie /192x/20 subnets. Advertise one to each ISP, both also advertise complete /19 aggregate as a safety-net to cover failure of one ISP. Remember: most specific advertisement always wins!  Works best when you own your IP Space (splits still >=/24)  Use a BGP Looking Glass or Route Server to see how to get to your Corp AS’s prefixes
  • 24. Thank You! SDCUG Sept 10, 2014 Meredith Rose, CCIE#4617
  • 25. Redundant Internet Connections ISP#1 Router Copyright © SIGMAnet ® 2012. All rights reserved. Proprietary & Confidential. 25 InternetConnection#1 Corporate LAN Corp Router#1 ISP#1 Global Internet ISP#2 Router InternetConnection#2 Corp Router#2 ISP#2 eBGP eBGP iBGP L3 FHRP/OSPF/etc