Single/Dual Homed and Multi-homed Designs

This topic is to discuss the following lesson:

Does the Dual home method 2 and method 3 varies in costs to the enterprise? or same?

Thanks,
Srini

Hello Srinivasan

The Dual homed method 2 involves two separate ISP routers from the SAME ISP. This would most likely increase the cost of the solution compared to method 1 because of the fact that you require your ISP to provide you with two pieces of equipment on their end.

Method 3 would most likely be even more expensive, because you are purchasing connectivity to two DIFFERENT ISPs, so you can’t take advantage of any discounts the single ISP may give you for multiple links.

What I’m describing is the most probable case concerning cost. Ultimately it depends on the billing policy of each ISP.

I hope this has been helpful!

Laz

Hey,
is it possible to run also VRRP/HSRP with 2 BGP customer Edge Routers to 1 ISP-Router and be like Dual Homed then? Is there a documentation for that?
I mean 1 public IP shared with Failover by 2 Routers.
In Detail i would give a loopback the public IP and do OSPF between ISP and Customer(HSRP)

Best regards
Alex

Hello Alexander

In order to run a redundancy gateway protocol on two edge routers with a single ISP router, you’d need some infrastructure between the edge routers and the ISP routers like a switch. It is possible, but this would introduce a new single point of failure and this is not desired especially on the edge of the network.


That would also mean that if your edge routers are performing NAT, you would require three public IP addresses, one for each router and one for the virtual IP. The IP of the ISP router would then need to be in the same subnet.

Now you could improve upon this by adding a second switch, but you would then have the problem of needing two connections to the ISP router which complicates things.
image

So even if you achieve additinoal redundancy with HSRP, in order to avoid single points of failure, you require two switches between the ISP and the edge routers. But, will an ISP give you two links? And will those links be layer 3 links with an IP address for each or layer 2 with the same default gateway for both?

Running OSPF between the HSRP pair and the ISP will not give you any advantages as there is only a single choice for routing here. It would be much more efficient to statically assign routing.

Ultimately, when dual homing etc, the best choice for redundancy is using BGP. It will allow for redundancy in both directions (for outgoing and incoming transmissions to and from the enterprise network) regardless of what kind of single/dual homed or multihomed design you have.

I hope this has been helpful!

Laz

1 Like

Wow, a great and detailed response. I see my Problem in understanding now.
So any of these are not recommended :smiley:

So better redundancy with 2 own Routers and 1 Provider Router would be via having a link for each own router to the Provider Router and using AS Path for advertising the backup path via the standby router?

Hello Alexander

Yes, that’s it exactly. Ideally, if you want to improve redundancy at the edge and completely eliminate single points of failure, you are required to have two ISPs, one for each own router, and have your public addresses advertised via BGP via both ISPs, so if one fails, the other will be able to route traffic from the Internet that is destined to your internal servers.

I hope this has been helpful!

Laz

Would it be possible to go over the configurations for a scenario in which my network is connected to two ISPS which are connected to two VSS 4500 Chassis? Comcast AS is 6233 along with local AS 6223 I’m also connected to Centurylink they have an AS of 6247 and a local AS of 6237. Is there a way to make this work over VRF? I’m having trouble with this because VSS is seens as one router but I have two AS numbers.

Hello Jason

If I understood the configuration correctly, then the 4500 VSS devices are customer devices which connect to each individual ISP, correct? If this is the case, then the configuration that you are looking at is Single Multihomed:


Even though you are using two devices, they are still viewed as one. The limitation here is that the VSS as a whole cannot belong to two ASs. Each router can only be assigned to a single AS. So if these VSS configured switches must belong to both local ASs at the same time, it cannot be done. You will need two physically separate devices.

It is possible however, to connect the single devcie to multiple ASs. This configuration is detailed in this Cisco support community thread.

I hope this has been helpful!

Laz

1 Like

Hi Rene and team,

Could you please explain BGP configuration with single router and 2 ISPs and failover
Topology and Configuration syntax

Secondly scenario: 2 routers with 2 ISPs BGP configuration.

Please help.

Hello Rahul

Rene has various topologies of BGP configurations for both dual homed and multi homed scenarios. Some can be found in the lessons below:


Go through these and additional BGP lessons and if you have any specific questions, we’d be pleased to help!

I hope this has been helpful!

Laz

1 Like

Thank you Laz, i will go through these concepts and come back to you if i have any queries

1 Like

I have a current set tup which looks odd.
2 routers connecte to 2 seperate ISPs running HSRP. Here is my issue.
1.ISP 2 has a default route to ISP 1. Should it not be better to have ISP2 default route to ISP2 actual own gateway, thus keeping them both seperate?
2. would it not be better to place a floating static route on ISP2 pointing to ISP 1, so if BGP peer between ISP2 and the ISP provider goes down there is a new path???

Hello Michael

Typical edge router scenarios with dual ISPs and dual internal edge routers should have outgoing traffic balanced between them. So if you’re running HSRP, and internal devices see the two routers as a single virtual router, you can one edge router be primary HSRP router for half of the VLANs while you have the other be primary for the other half. The result is that the traffic (directed to the default gateway) is shared equally.

Once you do that, then as you state in statement 1, it’s a good idea to have each edge router have their default route point to the ISP to which it is connected. This is similar to a Single Multihomed scenario as shown below:

Now all of the above has to do with outgoing traffic, or traffic that was initiated from the inside. For traffic that is initiated from the outside, such as when you want to access a web server on the Enterprise from the Internet at large, then that is where BGP comes in. In that case, you will have to use various BGP attributes to inform both ISPs of your internal IP addresses, and you can adjust these parameters in order to influence incoming traffic to take either the path of one ISP or another. More information on how you can do this both technically and in cooperation with your ISPs can be found at this post:

I hope this has been helpful!

Laz

Hello,
I am preparing for CCNP, can someone please tell me how can I manipulate my BGP traffic to go out from specific ISP and how can get get traffic from some other ISP.
Please provide all possible ways

Thanks in Advance

Hello Raunak

There are two issues involved here. The first has to do with outgoing traffic. If your network is connected to multiple ISPs, then you have full control over which ISP will be used for outgoing traffic. This can be accomplished in several ways including IGP dynamic routing protocols such as OSPF or EIGRP, as well as gateway redundancy protocols such as HSRP. If you have BGP running on a portion of the edge of your network, you can accomplish this by adjusting BGP attributes to favour one ISP as well.

Now the technical details of how you can do this depends on the method you are using. If you are using a routing protocol, you can change the metrics to prefer one ISP over the other. If you’re using HSRP, you can change the active router to the one connecting to the ISP of your choice. You can also do equal or unequal load balancing. Here are some lessons that will help you in these configurations:



The other issue is incoming traffic, for traffic that is initiated from the outside, such as when you want to access a web server on the Enterprise from the Internet at large. This can only be achieved using BGP. You will have to use various BGP attributes to inform both ISPs of your internal IP addresses, and you can adjust these parameters in order to influence incoming traffic to take either the path of one ISP or another. More information on how you can do this both technically and in cooperation with your ISPs can be found at this post:

I hope this has been helpful!

Laz

Thank you for response. you mentioned “f you have BGP running on a portion of the edge of your network, you can accomplish this by adjusting BGP attributes to favour one ISP as well.” My question is which attributes I can use and how can I use.

Hello Raunak

For outgoing traffic, you can use any of the BGP attributes to affect the path that is to be taken. Remember, for outgoing traffic you have complete control as to how to route it, whether you are using BGP, or an IGP. For routing traffic using BGP, you can find out more about the attributes here:

If you are using all Cisco equipment, one of the simplest ways to direct traffic is using the Weight attribute. You can find out more about it here:


But there are additional more complex methods which allow you to have more granularity and control. You will need to go over the relevant labs in order to understand those more fully.

For incoming traffic, the BGP attributes that can be used to influence routing are leaking more specific routes, MED, AS-PATH prepending and Community/Local pref agreement. You can find out more about each of these in Unit 3 of the BGP lessons.

I hope this has been helpful!

Laz