|
Home > Archive > CCIE > June 2003 > 2 ISPs backbone..!!
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
2 ISPs backbone..!!
|
|
| Joe_1 2003-05-20, 12:37 am |
| Dear All,
I would like to Know how it’s gonna be if I wanted my internet connection to be via 2 different ISPs, I just want to know about what must be done on my router side and the 2 ISPs routers, and how I’m gonna use both links at the same time, and what about the routing and security..
Regards..
John | |
|
| Do you have a BGP AS? I think it would be your best way of connecting to both ISPs, otherwise, you will have two other choices..
1- Configure two static default networks, one towards ISP1, and the second towrds ISP2.
Each ISP will have to point your local networks to your serial link statically, and in most cases they either redistribute into their BGP if it wasn't part of their address space, or simply summarize it to less specific route in case of their own address space.
2- You will need to run any other routing protocol between both ISPs, like RIP for example (many ISPs do not allow that anyways). So, you advertise your routes through RIP to both ISPs, and they will in turn, redistribute such into their BGP.
If you are connected to your ISP through a direct interface connection, this won't be a problem. But I believe I have seen problems in the past when connecting through FR switch or ATM switch. Usually ISPs connect to you through sub-interfaces in their router. In that case, when one of your links fail, ISP router doesn't sense it, and keeps redistributing the routes in their BGP and *may* keep forwarding your internet traffic, which will end in a blackhole. In such case, you may want to ask for something like IRDP (and that too, not many ISPs like the idea).
I believe your best choice would be BGP or choice number (1). | |
| Joe_1 2003-05-20, 10:09 am |
| Thanks Mosam,
If i will go to BGP4, how i can get the AS? and how much will it cost me? and how i'll do the load sharing between the links..?
If i go to Configure two static default networks between the 2 ISPs, is there a problem if the Real IP addresses that i'll use belong to one of the ISPs network, is there will be a problem with the second ISP?
Best Regards..
John | |
|
| You can get AS number from any Routing Registry like RIPE, RADB, etc.. check http://www.radb.net/ or http://www.ripe.net/
I don't think they cost any money.. your route maintainer object may cost like in the same range of a domain name.. less than $10/year I would assume..
Once you get your own AS, all you would do is talk BGP with both of your ISPs by announcing the IP blocks you have. thats all..
If you decide to go for static, no, it won't be a problem for the other ISP to use your block, even if it belongs to another ISP, all you will need to do is to ask them to announce your block in their BGP. | |
|
| Dear Mosam,
Let's say that i went through the BGP and i got my AS no# and went through the configuration phase.. what about the BGP overhead..?!! i don't want my routing table to hold all the internet routing table..
what do you think?
Also what about the BGP security?
Thanks and best regards..
John | |
|
| You don't have to receive the whole BGP table from your ISPs, you advertise your networks, and just receive a default route from each ISP.
What about BGP security? What are your concerns?
BGP in Internet is well maintaines as long as you know how to handle your route objects. If something goes wrong, it would be because of your own actions, and you would be the only affected person by your own actions. This is the beauty of BGP.
If you are concerned someone may intercept the connection and use your AS, you can ask the ISPs to run a password in between.. passwords in BGP is md5 hashed.
In any case, you shall secure your routing object in RIPE, RADP or whatever you decide to go for. The way I used to do it is either through PGP signatures (best way) or just a simple password when changing route objects. The way you do it is described in details in each RR policy. Most of them support PGP now. | |
| Joe_1 2003-05-22, 12:59 am |
| Dear Mosam,
You've been really helpfull but i just want to ask how i'm gonna config my router to receive a default route from each ISP?!!
Thanks..
John | |
|
| No specific configuration, just run BGP and ask your ISP to send you the default route..
r1(config)#router bgp <Your AS>
r1(config-router)#no auto-summary
r1(config-router)#no synchronization
r1(config-router)#neighbor <ISP1 IP> remote-as <ISP1 AS>
r1(config-router)#neighbor <ISP2 IP> remote-as <ISP2 AS>
You may need to configure "neighbor <ISP IP> ebgp-multihop".. depends on your setup.
Please take a look at the fllowing link for more info on how to configure BGP in your router..
http://www.cisco.com/warp/public/459/bgp-toc.html | |
|
|
|
| Hey, what's up?
If i'll go to choice number (1) [Configure two static default networks, one towards ISP1, and the second towrds ISP2]
How is to gonna be for my side and from both ISP side? [from the configuration side]
and for the Traffic is it gonna be load balanced or what..?
Joe.. | |
|
| It will be as described above, two static routes in your end, and each ISP will point statically.
The outbound traffic will be load balanced either by packet or by destination depending on whether you have fast switching enabled in your router or not.
The incoming traffic will be balanced based on best path criteria, if traffic is known through ISP1 shorter than ISP2, then it will return through ISP1, etc. If one link fails, traffic will be diverted to the other link. | |
|
| Hi, Is it true that for registering the BGP AS i have to have my own class C of IPs ?!!!
Joe.. | |
|
| Mosam,
I've read the following on Cisco website:
===========================
Which Switching Path Is Best?
Whenever possible, you want your routers to be switching in the interrupt context because it is at least an order of a magnitude faster than process level switching. Cisco Express Forwarding switching is definitely faster and better than any other switching mode. We recommend you use Cisco Express Forwarding if the protocol and IOS you are running supports it. This is particularly true if you have a number of parallel links across which traffic should be load shared.
=============================
What do you think..? | |
|
| quote:
Is it true that for registering the BGP AS i have to have my own class C of IPs ?!!!
No, I haven't heard of that. All you need is to have a maintainer object and prove that you are connected to more than one ISP. | |
|
| Tamer,
CEF is great and I usually enable it in every single router I have, even if I wanna load-balance by packet, I use "ip load-sharing per-packet" interface command.
However, in some IOS versions with certain kind of hardware, it is not recommended to run CEF, at least for now because of known bugs.
So, if you decide to enable CEF in your router, it is usually OK, unless you experience problems after doing it.
I personally experienced many problems for example in IOS 11.1 with CEF being enabled on 7500 having ATM STM-1 interface.
So, its really your call. | |
|
| For John’s case, I was just wondering if he want to evaluate the ISPs that are going to send him their offers, How in a very fair way he will evaluate them? Should he follow a specific Evaluation Check List? And does this evaluation include how they are going to secure his organization’s traffic passing the ISP’s network..!!!
Tamer Bayomy | |
|
| Mosam what do you think is there anything else for Evaluate ISP’s..?!!
===========================
We can do several things to evaluate the current offering ISP’s reliability:
- Start by evaluating all the Fault-Tolerance Principles, because if our Internet connection goes down, our customers and partners will consider it a reflection on our professionalism, so we have to make sure our service provider demands the same standards of excellence we do.
- Evaluate ISPs extensive procedures for dealing with:
1- All types of equipment failures and bottlenecks
2- Extra capacity for unusual traffic loads.
3- Data redundancy in geographically possible locations.
4- Redundancy in every possible area, including power utility.
5- Procedures to detect hacker attacks.
6- They must have climate-controlled hosting facilities with fire and flood recovery procedures.
So we have to ask the offering ISPs for at least a skeletal view of its Emergency Procedures. No ISP can claim to plan for all emergencies, but it should be able to demonstrate precisely its emergency procedures in a hard copy.
- ISPs should also produce procedures for Problem-Escalation in the event of a disaster. And it’s really a good idea to keep that material on hand. Because if an emergency arises, our engineers and the technicians can work with the ISP more effectively and bring higher-level resources to overcome a problem more quickly.
We should be able to evaluate the offering provider’s effectiveness at Problem Management, Problem-Solving, and Fault-Tolerance by examining Procedure Documentation.
- These above points must be taken into consideration for our evaluation in addition to the POP distribution, Availability percentage, Latency, Reporting, Monitoring and Compensation for Service Outage.
========================
Regards,
Tamer Bayomy |
|
|
|
|