Re: [c-nsp] Multihoming
> I was thinking about vlan'ing each switch into half public half private side > also. Any pointers or tips or recommendations would be greatly appreciated. > It's been a while since doing this type of stuff. Configure ports as you need them, don’t mess about pre-defining blocks of ports for certain uses, or trying to group ports together based on some requirement. Within a line card or where all ports are functionally equal, the only guide about which port to use for which thing should be when that thing showed up, and if multiple show up at the same time, whichever port makes the cabling easier. Trying to come up with some sort of policy about which ports to use for things is going to need to be broken and have exceptions at some point - it always does, and if you’ve trained people that the first half of the switch is one thing and the second another, they’re going to get confused and break something when that isn’t true anymore. Don’t put routers or firewalls or whatever in the last port like some people do, they are just hosts like everything else and at some point you’re going to need to move from one to another to upgrade and now you’re using the second to last port. Same goes for other switches you might connect, same reasoning. -- Nathan Ward ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Multihoming
Jason, 3560 has a small buffer, which may cause performance problems depending on the traffic patterns you see (microbursts are what overwhelms the buffer). I would suggest looking at 3650 instead - newer and more powerful. As someone else mentioned, you'll need the IPSERVICES license, which drives up the cost. Again, depending on the amount and pattern of traffic, a pair of 29XX with a pair of 3650s with LAN BASE licenses may be more functional and more economical. Sincerely, Michael Malitsky -- Date: Mon, 31 Aug 2015 11:43:40 -0700 From: Jason Berenson <jberen...@vinylinteractive.com> To: <cisco-nsp@puck.nether.net> Subject: [c-nsp] Multihoming Message-ID: <55e4a05c.1010...@vinylinteractive.com> Content-Type: text/plain; charset="utf-8"; format=flowed Greetings, Was interested in getting any pointers anyone might have about multihoming. I've got an ASN and am working on a /24 from ARIN now. I was thinking about a pair of Cisco 3560's one for each provider and I was going to take default routes from each, one with a higher metric and announce my prefix over the primary link and pad the secondary link. No customer or full tables needed. I was thinking about vlan'ing each switch into half public half private side also. Any pointers or tips or recommendations would be greatly appreciated. It's been a while since doing this type of stuff. Thanks! Jason. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Multihoming
Greetings, Was interested in getting any pointers anyone might have about multihoming. I've got an ASN and am working on a /24 from ARIN now. I was thinking about a pair of Cisco 3560's one for each provider and I was going to take default routes from each, one with a higher metric and announce my prefix over the primary link and pad the secondary link. No customer or full tables needed. I was thinking about vlan'ing each switch into half public half private side also. Any pointers or tips or recommendations would be greatly appreciated. It's been a while since doing this type of stuff. Thanks! Jason. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Multihoming
Hello Jason. You can do BGP and multihoming on Cat 3560 since you got 2 byte AS number, with 4 byte AS number you won’t. > 31 авг. 2015 г., в 21:43, Jason Berenson> написал(а): > > Greetings, > > Was interested in getting any pointers anyone might have about multihoming. > I've got an ASN and am working on a /24 from ARIN now. I was thinking about > a pair of Cisco 3560's one for each provider and I was going to take default > routes from each, one with a higher metric and announce my prefix over the > primary link and pad the secondary link. No customer or full tables needed. > > I was thinking about vlan'ing each switch into half public half private side > also. Any pointers or tips or recommendations would be greatly appreciated. > It's been a while since doing this type of stuff. > > Thanks! > > Jason. > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Multihoming
On Mon, 31 Aug 2015, Jason Berenson wrote: Was interested in getting any pointers anyone might have about multihoming. I've got an ASN and am working on a /24 from ARIN now. I was thinking about a pair of Cisco 3560's one for each provider and I was going to take default routes from each, one with a higher metric and announce my prefix over the primary link and pad the secondary link. No customer or full tables needed. I was thinking about vlan'ing each switch into half public half private side also. Any pointers or tips or recommendations would be greatly appreciated. It's been a while since doing this type of stuff. You might need to get your IPv4 space from one of your upstream providers. As far as ARIN is concerned, that well is dry. You will also want to start giving serious thought to IPv6. I don't know how well 3560s handle BGP, but if you're just taking default routes from your upstreams, the resource needs are pretty light. As the other person who responded mentioned - 4-byte ASNs could be an issue as well. You can accept the default route from provider A with a default local-preference and the one from provider B with a lower local-pref. For outbound advertisements, as you mentioned, you can prepend your AS a few times on your announcement to provider B. You'll also want to run IBGP between the two 3560s. When you say "half public, half private", can you clarify what you're trying to do? jms ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Multihoming
--- Begin Message --- On 1/09/2015 6:43 AM, Justin M. Streiner wrote: On Mon, 31 Aug 2015, Jason Berenson wrote: Was interested in getting any pointers anyone might have about multihoming. I've got an ASN and am working on a /24 from ARIN now. I was thinking about a pair of Cisco 3560's one for each provider and I was going to take default routes from each, one with a higher metric and announce my prefix over the primary link and pad the secondary link. No customer or full tables needed. I was thinking about vlan'ing each switch into half public half private side also. Any pointers or tips or recommendations would be greatly appreciated. It's been a while since doing this type of stuff. You might need to get your IPv4 space from one of your upstream providers. As far as ARIN is concerned, that well is dry. You will also want to start giving serious thought to IPv6. I don't know how well 3560s handle BGP, but if you're just taking default routes from your upstreams, the resource needs are pretty light. As the other person who responded mentioned - 4-byte ASNs could be an issue as well. 3560's handle 4 byte ASNs just fine provided: - You have sufficient flash. 4 byte ASN support in the Catalyst platforms was introduced in 15.2(1)E so this is the absolute minimum version you will need to run - and this image (in fact anything newer than 12.2(55)SE) requires 32M flash. - You have the IPSERVICES image/license as BGP is not supported in IPBASE. As you're only handling a handful of prefixes if you meet the requirements above you should be fine. Reuben --- End Message --- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Multihoming
Justin, You're right, a 4-byte ASN on the 3560's won't work. I might see if ARIN will reassign me a 2-byte ASN instead. If not, I'll have to go with something like a 28XX software based router and a pair of 2960G's for switches. I was just hoping to do it all in two boxes instead of 4. My plan is to have ports in front of the firewalls as well as ports behind the firewall. I'll also create a separate VLAN for internal (non routed traffic only) between hosts but might just use another switch for that. We may not have the same bandwidth from both providers, if we do then letting BGP decide would be fine, I think. Jason. On 8/31/15 1:43 PM, Justin M. Streiner wrote: On Mon, 31 Aug 2015, Jason Berenson wrote: Was interested in getting any pointers anyone might have about multihoming. I've got an ASN and am working on a /24 from ARIN now. I was thinking about a pair of Cisco 3560's one for each provider and I was going to take default routes from each, one with a higher metric and announce my prefix over the primary link and pad the secondary link. No customer or full tables needed. I was thinking about vlan'ing each switch into half public half private side also. Any pointers or tips or recommendations would be greatly appreciated. It's been a while since doing this type of stuff. You might need to get your IPv4 space from one of your upstream providers. As far as ARIN is concerned, that well is dry. You will also want to start giving serious thought to IPv6. I don't know how well 3560s handle BGP, but if you're just taking default routes from your upstreams, the resource needs are pretty light. As the other person who responded mentioned - 4-byte ASNs could be an issue as well. You can accept the default route from provider A with a default local-preference and the one from provider B with a lower local-pref. For outbound advertisements, as you mentioned, you can prepend your AS a few times on your announcement to provider B. You'll also want to run IBGP between the two 3560s. When you say "half public, half private", can you clarify what you're trying to do? jms ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] multihoming solution over two different ISP's
At the moment I have a following setup: http://img69.imageshack.us/img69/4227/252530.png The ISP-A connection is the primary link and the ISP-B connection(over WiMAX) is the backup one. In case the primary link fails, I physically plug out the fiber-optical converter cable from my Cisco router(Cisco 1841) and insert the one from WiMAX device. In addition, I reconfigure the IP parameters in the router. This is probably the most manual multihoming possible :) I'm ready to upgrade my router so it supports two Ethernet cables. a) Is it somehow possible to automatically switch over to another one connection in case the primary one fails. For example ping www.google.com over a period of time and in case it doesn't respond, automatically switch over to backup connection? b) Is it somehow possible to have one static IP address while using the services of two different IPSs? While I'm afraid the latter is impossible, the first automatic switchover should be somehow doable, shouldn't it? As I told, I'm ready to invest into new equipment if it's necessary. PS I'm aware, that probably the most elegant solution would be a BGP sessions with ISP routers over different last-mile technologies. This would provide fast failover and I could use one IP address. What are the best practices for multihome connection over two different ISP's? regards, martin ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] multihoming solution over two different ISP's
Asking for the best solution: Yes its via BGP provided that you have you own Public IP space and ASN otherwise its not possible with 2 different ISPs. Adding HWIC-2FE would serve the physical requirement in your scenario. m2c Regards, Aftab A. Siddiqui On Mon, Aug 8, 2011 at 2:28 PM, Martin T m4rtn...@gmail.com wrote: At the moment I have a following setup: http://img69.imageshack.us/img69/4227/252530.png The ISP-A connection is the primary link and the ISP-B connection(over WiMAX) is the backup one. In case the primary link fails, I physically plug out the fiber-optical converter cable from my Cisco router(Cisco 1841) and insert the one from WiMAX device. In addition, I reconfigure the IP parameters in the router. This is probably the most manual multihoming possible :) I'm ready to upgrade my router so it supports two Ethernet cables. a) Is it somehow possible to automatically switch over to another one connection in case the primary one fails. For example ping www.google.com over a period of time and in case it doesn't respond, automatically switch over to backup connection? b) Is it somehow possible to have one static IP address while using the services of two different IPSs? While I'm afraid the latter is impossible, the first automatic switchover should be somehow doable, shouldn't it? As I told, I'm ready to invest into new equipment if it's necessary. PS I'm aware, that probably the most elegant solution would be a BGP sessions with ISP routers over different last-mile technologies. This would provide fast failover and I could use one IP address. What are the best practices for multihome connection over two different ISP's? regards, martin ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] multihoming solution over two different ISP's
Aftab, HWIC-2FE was exactly the card I was looking as well. As I don't have a public IP address space and ASN, what options are left there in order to achieve automatic failover? regards, martin 2011/8/8 Aftab Siddiqui aftab.siddi...@gmail.com: Asking for the best solution: Yes its via BGP provided that you have you own Public IP space and ASN otherwise its not possible with 2 different ISPs. Adding HWIC-2FE would serve the physical requirement in your scenario. m2c Regards, Aftab A. Siddiqui On Mon, Aug 8, 2011 at 2:28 PM, Martin T m4rtn...@gmail.com wrote: At the moment I have a following setup: http://img69.imageshack.us/img69/4227/252530.png The ISP-A connection is the primary link and the ISP-B connection(over WiMAX) is the backup one. In case the primary link fails, I physically plug out the fiber-optical converter cable from my Cisco router(Cisco 1841) and insert the one from WiMAX device. In addition, I reconfigure the IP parameters in the router. This is probably the most manual multihoming possible :) I'm ready to upgrade my router so it supports two Ethernet cables. a) Is it somehow possible to automatically switch over to another one connection in case the primary one fails. For example ping www.google.com over a period of time and in case it doesn't respond, automatically switch over to backup connection? b) Is it somehow possible to have one static IP address while using the services of two different IPSs? While I'm afraid the latter is impossible, the first automatic switchover should be somehow doable, shouldn't it? As I told, I'm ready to invest into new equipment if it's necessary. PS I'm aware, that probably the most elegant solution would be a BGP sessions with ISP routers over different last-mile technologies. This would provide fast failover and I could use one IP address. What are the best practices for multihome connection over two different ISP's? regards, martin ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] multihoming solution over two different ISP's
Stick with multihoming with Single ISP. i.e. get 2 last miles with the ISP and a public pool to advertise and manage the auto failover via BGP. Secondly you can achieve multihoming with 2 ISP using IP SLA, though it is not a best practice but surely workable. Take a look at the following link. http://www.nil.com/ipcorner/SmallSiteMultiHoming/ Regards, Aftab A. Siddiqui On Mon, Aug 8, 2011 at 2:51 PM, Martin T m4rtn...@gmail.com wrote: Aftab, HWIC-2FE was exactly the card I was looking as well. As I don't have a public IP address space and ASN, what options are left there in order to achieve automatic failover? regards, martin 2011/8/8 Aftab Siddiqui aftab.siddi...@gmail.com: Asking for the best solution: Yes its via BGP provided that you have you own Public IP space and ASN otherwise its not possible with 2 different ISPs. Adding HWIC-2FE would serve the physical requirement in your scenario. m2c Regards, Aftab A. Siddiqui On Mon, Aug 8, 2011 at 2:28 PM, Martin T m4rtn...@gmail.com wrote: At the moment I have a following setup: http://img69.imageshack.us/img69/4227/252530.png The ISP-A connection is the primary link and the ISP-B connection(over WiMAX) is the backup one. In case the primary link fails, I physically plug out the fiber-optical converter cable from my Cisco router(Cisco 1841) and insert the one from WiMAX device. In addition, I reconfigure the IP parameters in the router. This is probably the most manual multihoming possible :) I'm ready to upgrade my router so it supports two Ethernet cables. a) Is it somehow possible to automatically switch over to another one connection in case the primary one fails. For example ping www.google.com over a period of time and in case it doesn't respond, automatically switch over to backup connection? b) Is it somehow possible to have one static IP address while using the services of two different IPSs? While I'm afraid the latter is impossible, the first automatic switchover should be somehow doable, shouldn't it? As I told, I'm ready to invest into new equipment if it's necessary. PS I'm aware, that probably the most elegant solution would be a BGP sessions with ISP routers over different last-mile technologies. This would provide fast failover and I could use one IP address. What are the best practices for multihome connection over two different ISP's? regards, martin ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] multihoming solution over two different ISP's
On Mon, 8 Aug 2011, Aftab Siddiqui wrote: Asking for the best solution: Yes its via BGP provided that you have you own Public IP space and ASN otherwise its not possible with 2 different ISPs. Adding HWIC-2FE would serve the physical requirement in your scenario. BGP is the best way to go, and you certainly can multihome with BGP using IP space assigned by one of the ISPs. Lots of AS's do that. More below... On Mon, Aug 8, 2011 at 2:28 PM, Martin T m4rtn...@gmail.com wrote: At the moment I have a following setup: http://img69.imageshack.us/img69/4227/252530.png a) Is it somehow possible to automatically switch over to another one connection in case the primary one fails. For example ping www.google.com over a period of time and in case it doesn't respond, automatically switch over to backup connection? b) Is it somehow possible to have one static IP address while using the services of two different IPSs? You can do poor man's multihoming using 2 ISPs (no BGP) by doing reachability testing of something or things out on the internet, and changing your default gateway when you think the primary connection has failed. You'll have to use NAT/PAT such that when you're going out through ISP-A, your outside NAT address is an ISP-A address, and when you're going out through ISP-B, your outside NAT address is an ISP-B address. With a bit of policy routing, you can even keep both the ISP-A and ISP-B connections up and usable simultaneously. -- Jon Lewis, MCP :) | I route Senior Network Engineer | therefore you are Atlantic Net| _ http://www.lewis.org/~jlewis/pgp for PGP public key_ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] multihoming solution over two different ISP's
Get a 2950 or even a 3524XL, use vlans and subinterfaces. Use BGP if available. Otherwise, if you are already using NAT, then this should work fine. http://www.cisco.com/en/US/docs/ios/12_3/12_3x/12_3xe/feature/guide/dbackupx.html https://supportforums.cisco.com/docs/DOC-8313 If you need redundancy and incoming IP reachability, and you cannot get BGP/Public IP addresses from your existing ISP's, you can obtain it from other ISP's, even if all they can offer you is a tunnel. Joe Martin T wrote: At the moment I have a following setup: http://img69.imageshack.us/img69/4227/252530.png The ISP-A connection is the primary link and the ISP-B connection(over WiMAX) is the backup one. In case the primary link fails, I physically plug out the fiber-optical converter cable from my Cisco router(Cisco 1841) and insert the one from WiMAX device. In addition, I reconfigure the IP parameters in the router. This is probably the most manual multihoming possible :) I'm ready to upgrade my router so it supports two Ethernet cables. a) Is it somehow possible to automatically switch over to another one connection in case the primary one fails. For example ping www.google.com over a period of time and in case it doesn't respond, automatically switch over to backup connection? b) Is it somehow possible to have one static IP address while using the services of two different IPSs? While I'm afraid the latter is impossible, the first automatic switchover should be somehow doable, shouldn't it? As I told, I'm ready to invest into new equipment if it's necessary. PS I'm aware, that probably the most elegant solution would be a BGP sessions with ISP routers over different last-mile technologies. This would provide fast failover and I could use one IP address. What are the best practices for multihome connection over two different ISP's? regards, martin ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Multihoming
Hi, I am pretty new to this concept and would appreciate any guidance on how as a customer I can achieve redundacy with autofailover between 2 ISPs. Can I achieve this when I have a /29 from ISP1 and do not have my own PI ips? All my services dns, email, wan are hosted by the ISP1. Any assistance on this will be appreciated. Rocker ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Multihoming
Hi Rocker, Have a look into F5 GTM. Thanks. :-) regards, YapCH http://itcertguides.blogspot.com/ Message: 10 Date: Wed, 15 Sep 2010 12:00:56 +0300 From: Rocker Feller rocker.rockerfel...@gmail.com To: cisco_nsp cisco-nsp@puck.nether.net Subject: [c-nsp] Multihoming Message-ID: aanlktinxk4x=mkhemosmualwi6=jst-xw+aaii9g+...@mail.gmail.com Content-Type: text/plain; charset=ISO-8859-1 Hi, I am pretty new to this concept and would appreciate any guidance on how as a customer I can achieve redundacy with autofailover between 2 ISPs. Can I achieve this when I have a /29 from ISP1 and do not have my own PI ips? All my services dns, email, wan are hosted by the ISP1. Any assistance on this will be appreciated. Rocker ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Multihoming
Not many options for you I'm afraid. Some people filter out routes smaller than a /24. Even if you had a /24 from ISP1, you would then have to get their permission to have ISP2 advertise it. Most aren't willing to do this. Is a micro (/24) allocation from ARIN (if in the US) a possibility? If so, you could then run BGP to multiple providers and make this a very simple configuration. If not, you'll likely have to rely on application-layer redundancy. You can prioritize MX records if you are hosting your mail on-site through ISP1's ip addressing (what you stated seemed a bit unclear), and you could probably do some round-robin DNS entries for web hosting, but it won't be perfect. On 09/15/2010 02:00 AM, Rocker Feller wrote: Hi, I am pretty new to this concept and would appreciate any guidance on how as a customer I can achieve redundacy with autofailover between 2 ISPs. Can I achieve this when I have a /29 from ISP1 and do not have my own PI ips? All my services dns, email, wan are hosted by the ISP1. Any assistance on this will be appreciated. Rocker ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Multihoming
Hi Rocker, Rocker Feller wrote: I am pretty new to this concept and would appreciate any guidance on how as a customer I can achieve redundacy with autofailover between 2 ISPs. You need PI space to do this. Because each ISP can only route his own PA spaces plus the PI spaces from his customers. Maybe there could be a solution with doing some NAT on ISP2 to let your PA space from ISP1 look like PA space from ISP2. This could do redundancy in upstream direction but not in downstream. But if you have some public servers you need PI space. -- Greetings Thomas ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Multihoming
You could probably get away with a second provider if you implement NAT and don't really need to provide services to the outside world from that location. For example if it was an office connection and you really just needed internet access with some redundancy. If things are more complicated than that - for instance if you are hosting incoming vpn connections, web services etc from that site, you really should look into getting your own IP space when you start talking about multiple providers, for instance if ISP1 goes down and you are providing these services, you are pretty much screwed. As Walter suggested, you can play with DNS a bit and move things around - but it is a very manual time consuming process and services will be unworkable during the transition. On 15 September 2010 10:00, Rocker Feller rocker.rockerfel...@gmail.comwrote: Hi, I am pretty new to this concept and would appreciate any guidance on how as a customer I can achieve redundacy with autofailover between 2 ISPs. Can I achieve this when I have a /29 from ISP1 and do not have my own PI ips? All my services dns, email, wan are hosted by the ISP1. Any assistance on this will be appreciated. Rocker ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Multihoming
On 9/15/10 2:26 AM, Walter Keen wrote: Not many options for you I'm afraid. Some people filter out routes smaller than a /24. Even if you had a /24 from ISP1, you would then have to get their permission to have ISP2 advertise it. Most aren't willing to do this. Is a micro (/24) allocation from ARIN (if in the US) a possibility? If so, you could then run BGP to multiple providers and make this a very simple configuration. If not, you'll likely have to rely on application-layer redundancy. You can prioritize MX records if you are hosting your mail on-site through ISP1's ip addressing (what you stated seemed a bit unclear), and you could probably do some round-robin DNS entries for web hosting, but it won't be perfect. You can now get a /24 in ARIN land if you're an end user. https://www.arin.net/policy/proposals/2010_2.html ~Seth ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Multihoming
On Wed, 15 Sep 2010, Walter Keen wrote: Not many options for you I'm afraid. Some people filter out routes smaller than a /24. Even if you had a /24 from ISP1, you would then have to get their permission to have ISP2 advertise it. Most aren't willing to do this. Huh? Get a /24 from one of the ISPs. Get an ASN from ARIN or whoever is the appropriate registry for your area. Advertise (BGP) that /24 to both ISPs. I've never heard of an ISP not allowing this (except that most probably won't do BGP with you if you're on a low end connection like DSL/cable. If you have some sort of leased line or ethernet connectivity to each provider, it shouldn't be an issue. Is a micro (/24) allocation from ARIN (if in the US) a possibility? If so, you could then run BGP to multiple providers and make this a very simple configuration. If not, you'll likely have to rely on application-layer redundancy. You can prioritize MX records if you are hosting your mail on-site through ISP1's ip addressing (what you stated seemed a bit unclear), and you could probably do some round-robin DNS entries for web hosting, but it won't be perfect. Another option might be to get a small amount of space from each provider, and VPN into something more stable/better connected. -- Jon Lewis, MCP :) | I route Senior Network Engineer | therefore you are Atlantic Net| _ http://www.lewis.org/~jlewis/pgp for PGP public key_ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Multihoming
On Wed, 15 Sep 2010, Voigt, Thomas wrote: Hi Rocker, Rocker Feller wrote: I am pretty new to this concept and would appreciate any guidance on how as a customer I can achieve redundacy with autofailover between 2 ISPs. You need PI space to do this. Because each ISP can only route his own PA spaces plus the PI spaces from his customers. You don't need PI space to multihome. At least not in the ARIN region. You do generally need at least a /24 if you want any reasonable chance of the internet accepting your BGP announcement. -- Jon Lewis, MCP :) | I route Senior Network Engineer | therefore you are Atlantic Net| _ http://www.lewis.org/~jlewis/pgp for PGP public key_ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Multihoming
Jon there seems to be a bit of a common belief that advertising a /24 or some prefix that has been assigned by a provider, out to another provider, is bad practise. I don't get it either and haven't seen issues myself. The only scenario I can think of is (in some odd configurations) when the original provider sees part of their own network being advertised by another ISP, they filter it and it breaks connectivity, or the original provider's igp contains that prefix somehow already.. ? On 15 September 2010 16:17, Jon Lewis jle...@lewis.org wrote: On Wed, 15 Sep 2010, Voigt, Thomas wrote: Hi Rocker, Rocker Feller wrote: I am pretty new to this concept and would appreciate any guidance on how as a customer I can achieve redundacy with autofailover between 2 ISPs. You need PI space to do this. Because each ISP can only route his own PA spaces plus the PI spaces from his customers. You don't need PI space to multihome. At least not in the ARIN region. You do generally need at least a /24 if you want any reasonable chance of the internet accepting your BGP announcement. -- Jon Lewis, MCP :) | I route Senior Network Engineer | therefore you are Atlantic Net| _ http://www.lewis.org/~jlewis/pgp for PGP public key_ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Multihoming
On Wed, 15 Sep 2010, Heath Jones wrote: Jon there seems to be a bit of a common belief that advertising a /24 or some prefix that has been assigned by a provider, out to another provider, is bad practise. I don't get it either and haven't seen issues myself. This is done quite a bit, as (again, I'm only familiar with practices in the ARIN region) this is basically the only way a small organization (ISP or end user) could multihome in the past. ARIN just adopted a policy allowing multihomed end users to get a PI /24. So that's an option now as well. The only scenario I can think of is (in some odd configurations) when the original provider sees part of their own network being advertised by another ISP, they filter it and it breaks connectivity, or the original provider's igp contains that prefix somehow already.. ? Ideally, both ISPs would be aware of your intentions to multihome and not be dumb enough to filter your announcement via the other ISP. It wouldn't surprise me if that sort of filtering has happened though. Of course, it wouldn't surprise me if your ISP broke your prefix filter, didn't use prefix filters, lost your interface config, assigned your interface /30 to another customer, or fundamentally altered your route-map (if they have one) such that they stopped accepting some of your routes. I've seen all these things happen. -- Jon Lewis, MCP :) | I route Senior Network Engineer | therefore you are Atlantic Net| _ http://www.lewis.org/~jlewis/pgp for PGP public key_ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Multihoming
I currently do this for one of my sites and haven't had any issues. You just get a LOA from the ISP you get your /24 from and send it to the other ISP. Easy Peasy. On Wed, Sep 15, 2010 at 10:30 AM, Heath Jones hj1...@gmail.com wrote: Jon there seems to be a bit of a common belief that advertising a /24 or some prefix that has been assigned by a provider, out to another provider, is bad practise. I don't get it either and haven't seen issues myself. The only scenario I can think of is (in some odd configurations) when the original provider sees part of their own network being advertised by another ISP, they filter it and it breaks connectivity, or the original provider's igp contains that prefix somehow already.. ? On 15 September 2010 16:17, Jon Lewis jle...@lewis.org wrote: On Wed, 15 Sep 2010, Voigt, Thomas wrote: Hi Rocker, Rocker Feller wrote: I am pretty new to this concept and would appreciate any guidance on how as a customer I can achieve redundacy with autofailover between 2 ISPs. You need PI space to do this. Because each ISP can only route his own PA spaces plus the PI spaces from his customers. You don't need PI space to multihome. At least not in the ARIN region. You do generally need at least a /24 if you want any reasonable chance of the internet accepting your BGP announcement. -- Jon Lewis, MCP :) | I route Senior Network Engineer | therefore you are Atlantic Net | _ http://www.lewis.org/~jlewis/pgp for PGP public key_ ___ cisco-nsp mailing list cisco-...@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-...@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Multihoming
It looks like this subject has been beat to death so I'll skip the usual about obtaining a /24 form ARIN and a public ASN. Global load-balancing is an option as it allows you to fail over your DNS entries to the second providers IP space. This pretty much negates the need for BGP if all you were using it for was failover. There are also companies that offer global load-balancing as a service so you don't have to worry about managing the box itself. It's DNS based so the load-balancer itself can be anywhere in the world technically. Redundancy is usually taken care of as well. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Multihoming
One last comment. There are alot of people suggesting that you find a way to advertise the /29 to the other ISP. This is not possible. The ISP that gave it to you probably isn't willing to de-aggregate it when sending it to the internet and the ISP that needs to accept it probably doesn't accept blocks under a certain size to keep their routing table sizes under control. If you look at a route server in another AS you'll probably only see a /21 or better that contains your block. ISP's normally advertise aggregates only unless the customer was assigned a large block (/24 or better for most) and requested that they do so. Then they advertise both. On Wed, Sep 15, 2010 at 12:30 PM, Keegan Holley keegan.hol...@sungard.comwrote: It looks like this subject has been beat to death so I'll skip the usual about obtaining a /24 form ARIN and a public ASN. Global load-balancing is an option as it allows you to fail over your DNS entries to the second providers IP space. This pretty much negates the need for BGP if all you were using it for was failover. There are also companies that offer global load-balancing as a service so you don't have to worry about managing the box itself. It's DNS based so the load-balancer itself can be anywhere in the world technically. Redundancy is usually taken care of as well. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Multihoming
Another option might be to get a small amount of space from each provider, and VPN into something more stable/better connected. Something I've been considering is to have the customer build a GRE tunnel (its Internet traffic anyway) back to our router over their other ISP's connection. We could then route their public IP space over either connection. It doesn't give all the same benefits of BGP (for example, if something happens to my AS or router, the customer is screwed), but it should make for cheap and easy multihoming. Anybody have any thoughts on this? Tim Huffman Director of Engineering BOB - Business Only Broadband, LLC O (630) 590-6012 C (630) 340-1925 t...@bobbroadband.com www.bobbroadband.com -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Jon Lewis Sent: Wednesday, September 15, 2010 10:15 AM To: Walter Keen Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Multihoming On Wed, 15 Sep 2010, Walter Keen wrote: Not many options for you I'm afraid. Some people filter out routes smaller than a /24. Even if you had a /24 from ISP1, you would then have to get their permission to have ISP2 advertise it. Most aren't willing to do this. Huh? Get a /24 from one of the ISPs. Get an ASN from ARIN or whoever is the appropriate registry for your area. Advertise (BGP) that /24 to both ISPs. I've never heard of an ISP not allowing this (except that most probably won't do BGP with you if you're on a low end connection like DSL/cable. If you have some sort of leased line or ethernet connectivity to each provider, it shouldn't be an issue. Is a micro (/24) allocation from ARIN (if in the US) a possibility? If so, you could then run BGP to multiple providers and make this a very simple configuration. If not, you'll likely have to rely on application-layer redundancy. You can prioritize MX records if you are hosting your mail on-site through ISP1's ip addressing (what you stated seemed a bit unclear), and you could probably do some round-robin DNS entries for web hosting, but it won't be perfect. Another option might be to get a small amount of space from each provider, and VPN into something more stable/better connected. -- Jon Lewis, MCP :) | I route Senior Network Engineer | therefore you are Atlantic Net| _ http://www.lewis.org/~jlewis/pgp for PGP public key_ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Multihoming
Yeah it would work - 2 tunnels and routing done on your side.. Problem is increased latency, jitter and lack of QOS, but for data traffic / backup / something else that needs redundancy it should be ok. You could provide managed firewalls etc etc for them - it's a product if thats what your asking.. ;) On 15 September 2010 17:42, Tim Huffman t...@bobbroadband.com wrote: Another option might be to get a small amount of space from each provider, and VPN into something more stable/better connected. Something I've been considering is to have the customer build a GRE tunnel (its Internet traffic anyway) back to our router over their other ISP's connection. We could then route their public IP space over either connection. It doesn't give all the same benefits of BGP (for example, if something happens to my AS or router, the customer is screwed), but it should make for cheap and easy multihoming. Anybody have any thoughts on this? Tim Huffman Director of Engineering BOB - Business Only Broadband, LLC O (630) 590-6012 C (630) 340-1925 t...@bobbroadband.com www.bobbroadband.com -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto: cisco-nsp-boun...@puck.nether.net] On Behalf Of Jon Lewis Sent: Wednesday, September 15, 2010 10:15 AM To: Walter Keen Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Multihoming On Wed, 15 Sep 2010, Walter Keen wrote: Not many options for you I'm afraid. Some people filter out routes smaller than a /24. Even if you had a /24 from ISP1, you would then have to get their permission to have ISP2 advertise it. Most aren't willing to do this. Huh? Get a /24 from one of the ISPs. Get an ASN from ARIN or whoever is the appropriate registry for your area. Advertise (BGP) that /24 to both ISPs. I've never heard of an ISP not allowing this (except that most probably won't do BGP with you if you're on a low end connection like DSL/cable. If you have some sort of leased line or ethernet connectivity to each provider, it shouldn't be an issue. Is a micro (/24) allocation from ARIN (if in the US) a possibility? If so, you could then run BGP to multiple providers and make this a very simple configuration. If not, you'll likely have to rely on application-layer redundancy. You can prioritize MX records if you are hosting your mail on-site through ISP1's ip addressing (what you stated seemed a bit unclear), and you could probably do some round-robin DNS entries for web hosting, but it won't be perfect. Another option might be to get a small amount of space from each provider, and VPN into something more stable/better connected. -- Jon Lewis, MCP :) | I route Senior Network Engineer | therefore you are Atlantic Net| _ http://www.lewis.org/~jlewis/pgp for PGP public key_ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Multihoming
Sent from my iPhone On 15.09.2010, at 18:42, Tim Huffman t...@bobbroadband.com wrote: Something I've been considering is to have the customer build a GRE tunnel (its Internet traffic anyway) back to our router over their other ISP's connection. We could then route their public IP space over either connection. You will probably have a lot of problems with Path MTU discovery. Andree ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Multihoming with 2801
Pablo Almido wrote: Hi All, I am planning to configure Multihoming for my network in my job, I have a class C /24 to announce, we have recently getting our own ASN, currently we have 1 router 2801, I want to take only a default route from each provider, and announnce my network to each ISP, I have read in another posts that I have as minimal 256 DRAM, but I want to know If is possible my router can work well with 128 DRAM only taking default routes. If I had to buy more memory (it is expensive for me) where I can find third party memory as kingston or other well-known manufacturers? Can Anyone give me some links. For peering with my other ISP can I buy a router 1841 with 128 or more DRAM memory or I should purchase other router 2801. We have both circuits with 4MB for internet access. 128 is fine for default routes. If you want to get a little fancy but not go full routes, your upstreams may have the option to send you only customer routes with a default route. (Even a partial feed may require some trimming with 128 - not sure, never tried it with less than 256). ~Seth ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Multihoming with 2801
On Mon, 26 Nov 2007, Seth Mattinen wrote: 128 is fine for default routes. If you want to get a little fancy but not go full routes, your upstreams may have the option to send you only customer routes with a default route. (Even a partial feed may require some trimming with 128 - not sure, never tried it with less than 256). It's worth noting that it's dirt cheap to get the 2801 up to 384mb. http://www.natecarlson.com/blog/2007/07/17/cisco-2801s-use-standard-laptop-memory/ | nate carlson | [EMAIL PROTECTED] | http://www.natecarlson.com | | depriving some poor village of its idiot since 1981| ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Multihoming with 2801
Nate Carlson wrote: On Mon, 26 Nov 2007, Seth Mattinen wrote: 128 is fine for default routes. If you want to get a little fancy but not go full routes, your upstreams may have the option to send you only customer routes with a default route. (Even a partial feed may require some trimming with 128 - not sure, never tried it with less than 256). It's worth noting that it's dirt cheap to get the 2801 up to 384mb. http://www.natecarlson.com/blog/2007/07/17/cisco-2801s-use-standard-laptop-memory/ I've always been curious if it'll address more; anyone ever tried larger DIMMs? ~Seth ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Multihoming with 2801
Hi All, I am planning to configure Multihoming for my network in my job, I have a class C /24 to announce, we have recently getting our own ASN, currently we have 1 router 2801, I want to take only a default route from each provider, and announnce my network to each ISP, I have read in another posts that I have as minimal 256 DRAM, but I want to know If is possible my router can work well with 128 DRAM only taking default routes. If I had to buy more memory (it is expensive for me) where I can find third party memory as kingston or other well-known manufacturers? Can Anyone give me some links. For peering with my other ISP can I buy a router 1841 with 128 or more DRAM memory or I should purchase other router 2801. We have both circuits with 4MB for internet access. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/