[c-nsp] Three ISPs - Three Edge Routers - iBGP Mesh
Two of our DC's are about to get their 3rd internet drop. Each ISP connection has its own edge router. HSRP is running facing on the LAN side. Please see https://supportforums.cisco.com/message/3496562#3496562 for topology and further discussions. I expect that packets leaving the DC will hit the HSRP active, perform the route lookup and exit via the best path BGP has selected (and/or the best path my PfR setup has installed). Does anyone see any gotcha's with just letting BGP do its thing; no local-pref changing, no path prepending? Mark Mason NOTICE: This electronic mail message and any files transmitted with it are intended exclusively for the individual or entity to which it is addressed. The message, together with any attachment, may contain confidential and/or privileged information. Any unauthorized review, use, printing, saving, copying, disclosure or distribution is strictly prohibited. If you have received this message in error, please immediately advise the sender by reply email and delete all copies. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Three ISPs - Three Edge Routers - iBGP Mesh
On Tue, Nov 22, 2011 at 8:41 AM, Mark Mason mma...@jackhenry.com wrote: Two of our DC's are about to get their 3rd internet drop. Each ISP connection has its own edge router. HSRP is running facing on the LAN side. Please see https://supportforums.cisco.com/message/3496562#3496562 for topology and further discussions. I expect that packets leaving the DC will hit the HSRP active, perform the route lookup and exit via the best path BGP has selected (and/or the best path my PfR setup has installed). Does anyone see any gotcha's with just letting BGP do its thing; no local-pref changing, no path prepending? Mark Mason It should be fine. You'll get asymmetric routing regardless of what you do for the most part since you can only influence another AS' routing polices only so much using prepending. I'd only mess with localpref if you are over loading one of the links. Joseph ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Three ISPs - Three Edge Routers - iBGP Mesh
Mark, I'm not questioning your design, I'm just curious. Why add a third ISP? Redundancy? Is it a capacity issue? I understand having redundancy to two providers but I'm curious why you want a third? Or is this just a carrier thing and I'm thinking from and end customer viewpoint? -Hammer- I was a normal American nerd -Jack Herer On 11/22/2011 08:59 AM, Joseph Jackson wrote: On Tue, Nov 22, 2011 at 8:41 AM, Mark Masonmma...@jackhenry.com wrote: Two of our DC's are about to get their 3rd internet drop. Each ISP connection has its own edge router. HSRP is running facing on the LAN side. Please see https://supportforums.cisco.com/message/3496562#3496562 for topology and further discussions. I expect that packets leaving the DC will hit the HSRP active, perform the route lookup and exit via the best path BGP has selected (and/or the best path my PfR setup has installed). Does anyone see any gotcha's with just letting BGP do its thing; no local-pref changing, no path prepending? Mark Mason It should be fine. You'll get asymmetric routing regardless of what you do for the most part since you can only influence another AS' routing polices only so much using prepending. I'd only mess with localpref if you are over loading one of the links. Joseph ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Three ISPs - Three Edge Routers - iBGP Mesh
On 11/22/11 8:41 AM, Mark Mason wrote: Two of our DC's are about to get their 3rd internet drop. Each ISP connection has its own edge router. HSRP is running facing on the LAN side. Please see https://supportforums.cisco.com/message/3496562#3496562 for topology and further discussions. I expect that packets leaving the DC will hit the HSRP active, perform the route lookup and exit via the best path BGP has selected (and/or the best path my PfR setup has installed). Does anyone see any gotcha's with just letting BGP do its thing; no local-pref changing, no path prepending? Yes, a vast majority of your traffic will exit via the provider on the HSRP active, which may present balancing problems in the outbound direction. Step 9 in the PSA is 'prefer external path over internal path', so if neither of the two other links have been given a higher weight, carry a higher LP, present a shorter AS path, somehow have a better origin code, it'll go out the directly-connected link. Your inbound will balance easily, except that inbound isn't easy to balance. pt ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Three ISPs - Three Edge Routers - iBGP Mesh
Hammer- Actually were expecting to install 4th and maybe 5th in the far future. Online banking, credit card/debit card processing is our business and having a number of ISP connections provides the least number of hops for our client base, best round-trip, and best customer experience to the online banking site. Their web requests come into the DC, we reach out to each respective bank/credit union host, via our managed DMVPN service, query that account and serve the data up to the web requester. Making sure we have the best path to those institutions is the #1 reason. I'd like to peer with Cogent and Verizon also. Heck today really who is a Tier 1 carrier anymore? Mark Mason NOTICE: This electronic mail message and any files transmitted with it are intended exclusively for the individual or entity to which it is addressed. The message, together with any attachment, may contain confidential and/or privileged information. Any unauthorized review, use, printing, saving, copying, disclosure or distribution is strictly prohibited. If you have received this message in error, please immediately advise the sender by reply email and delete all copies. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Three ISPs - Three Edge Routers - iBGP Mesh
Mark Mason wrote: Two of our DC's are about to get their 3rd internet drop. Each ISP connection has its own edge router. HSRP is running facing on the LAN side. Please see https://supportforums.cisco.com/message/3496562#3496562 for topology and further discussions. I expect that packets leaving the DC will hit the HSRP active, perform the route lookup and exit via the best path BGP has selected (and/or the best path my PfR setup has installed). Does anyone see any gotcha's with just letting BGP do its thing; no local-pref changing, no path prepending? Given the flatt-ish topology of the Internet these days you will see most of your traffic use the local transit on the active hsrp node. This is because for the same route with equal as-path length and local-preference the router will prefer the ebgp (local) route over the ibgp routes. If you want to roughly balance outbound traffic across all three transit links, you will need to use local-pref to prefer some routes/as-paths over others regardless of whether they are on the local router or not. The common way to do this is to make a short list of large ISP/backbone AS's, prefer some of them on each link and adjust until you get the preferred traffic distribution. - Kevin ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Three ISPs - Three Edge Routers - iBGP Mesh
Makes sense. Thank you for the education. -Hammer- I was a normal American nerd -Jack Herer On 11/22/2011 12:33 PM, Mark Mason wrote: Hammer- Actually were expecting to install 4th and maybe 5th in the far future. Online banking, credit card/debit card processing is our business and having a number of ISP connections provides the least number of hops for our client base, best round-trip, and best customer experience to the online banking site. Their web requests come into the DC, we reach out to each respective bank/credit union host, via our managed DMVPN service, query that account and serve the data up to the web requester. Making sure we have the best path to those institutions is the #1 reason. I'd like to peer with Cogent and Verizon also. Heck today really who is a Tier 1 carrier anymore? Mark Mason NOTICE: This electronic mail message and any files transmitted with it are intended exclusively for the individual or entity to which it is addressed. The message, together with any attachment, may contain confidential and/or privileged information. Any unauthorized review, use, printing, saving, copying, disclosure or distribution is strictly prohibited. If you have received this message in error, please immediately advise the sender by reply email and delete all copies. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Three ISPs - Three Edge Routers - iBGP Mesh
On 11/22/2011 8:41 AM, Mark Mason wrote: iscussions. I expect that packets leaving the DC will hit the HSRP active, perform the route lookup and exit via the best path BGP has selected (and/or the best path my PfR setup has installed). Does anyone see any gotcha What does the network look like in the down direction? Firewalls? And I wouldn't use 1.1.1.1. I'd recommend something like 2.2.2.2. It's more...therefore better :) tv ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
