I’m not sure if this is possible, but i’m hoping people that are much smarter than me can assist me.
I’'m going to try to be as detailed as possible. We have two areas so to speak, the internet (not the ACTUAL internet), and the datacenter. I will refer to the routers and fw’s as i for the internet side and d for the datacenter side. The same company owns both of these ASN’s.
The datacenter spans ALL of the continental US for arguments sake.
There are 3 peering points between internet and DC, ebgp, each with a firewall. Here is the layout and locations:
New York iRouter <-> eBGP <-> dRouter
Philadelphia iRouter <-> eBGP <-> dRouter
Denver iRouter <-> eBGP <-> dRouter
I would like to design this scenario so that the Datacenter advertises the 10.10.0.0/14 network out all 3 peers, and when traffic either enters or leaves, that its 100% symmetrical.
The iNet would advertise a default route down all 3 peers as well.
So in essence, if one peer were to go down, or even two, the entire DC still can get out. At the same time, we cannot have asymmetrical routing. I’m thinking routing would be based on location, both for gear talking out to the internet, or whatever gear in the internet would have to talk to the DC.
What is the best BGP algorithm to have this happen and are there any pitfalls in this design?
Thanks all.
Hi Michael,
Are you using one AS number on the Internet side and another (single) AS number on the datacenter?
Something like:
| AS2 |
|
AS1 |
| New York |
eBGP |
dRouter1 |
| Philadelphia |
eBGP |
dRouter2 |
| Denver |
eBGP |
dRouter3 |
And do you use iBGP within AS1 or something else like OSPF?
If you advertise 10.10.0.0/14 from the datacenter, you could add some AS path prepending. Something like:
* dRouter1: 1
* dRouter2: 1 1
* dRouter3: 1 1 1
This ensures that traffic from the Internet always enters dRouter1 and falls over to dRouter2 when it fails. Let’s assume you don’t have control over the default route that is advertised.
If you use iBGP then you could set configure local preference to set the preferred exit path for your AS. This will influence your iBGP routers to select the exit router that you want to use. However, this doesn’t influence your dRouters…if you set the local preference to a higher value so that dRouter1 becomes the preferred exit path then your iBGP routers will use this router but if for example, dRouter3 receives traffic, it will use its eBGP link since the ORIGIN attribute (eBGP routes > iBGP routes) is used before the local preference attribute.
You also might want to look into conditional advertisements:
You could use this to advertise your 10.10.0.0/14 prefix only when you receive the default route. You could get into a scenario where dRouter1 is where your traffic enters your AS because it has the lowest AS path but the New York router stopped advertising the default route, you’ll have asymmetric routing then. With conditional advertisements, you can make your router stop advertising the 10.10.0.0/14 prefix when you don’t receive the default route.
Rene