Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Redundancy concept help with BGP/IBGP and HSRP

Reply
Thread Tools

Redundancy concept help with BGP/IBGP and HSRP

 
 
Blackjack
Guest
Posts: n/a
 
      09-21-2004
Posted this in comp.dcom.lans.ethernet... but I see this is probably
the most appropriate place to ask so I will try and make this concise
and coherent.

Simply put, I will have 2 locations with internet connectivity to the
same ISP (diverse routes (including local exchange) to two different
cities) to manage. PPP will be utilized for intranet connectivity. The
underlying configuration should allow each location to use their own
internet connectivity, but will provide failover to the PPP connection
if need be.

My difficulty in understanding comes while trying to break out this
next part.

From what I understand, we will need to obtain an ASN to implement BGP
on a serial interface at each location to continue to provide services
given a failed internet link. IBGP would be used across the PPP link
on the second router. Intranet traffic will be encapsulated in a FW-FW
VPN Tunnel over the PPP link. A secondary PPP link may also be
implemented as a failover to the primary PPP link. If I am not
mistaken, this would most efficiently be implemented as per the
'backup int' commands. That would require the locations utilize two
routers. One for internet access and one for PPP/backup PPP. My
reasoning for breaking it out like this is to implement HSRP on the
PPP/backup PPP router.

This gives me Internet redundancy inbound and outbound, as well as
intranet redundancy... without the intranet dependency on the ISP.

The two (three if you count the HSRP configuration) 2611XM routers
(two FastEth ports) and HA - FWs at each location would be connected
into two 3550 switches. I'm not exactly sure of the appropriate switch
configuration... for all of this... but that is another issue.

I guess my real question becomes: Is this a realistic implementation?
What could be implemented/removed to make this more efficient?

Regards,
-bj
 
Reply With Quote
 
 
 
 
Vincent C Jones
Guest
Posts: n/a
 
      09-24-2004
In article <(E-Mail Removed) >,
Blackjack <(E-Mail Removed)> wrote:
>Simply put, I will have 2 locations with internet connectivity to the
>same ISP (diverse routes (including local exchange) to two different
>cities) to manage. PPP will be utilized for intranet connectivity. The
>underlying configuration should allow each location to use their own
>internet connectivity, but will provide failover to the PPP connection
>if need be.


When you say PPP, do you mean a dial up connection?

>My difficulty in understanding comes while trying to break out this
>next part.
>
>From what I understand, we will need to obtain an ASN to implement BGP
>on a serial interface at each location to continue to provide services
>given a failed internet link. IBGP would be used across the PPP link


This is the cleanest way to do it. Since both sites go to the same ISP,
you don't need a public ASN, your ISP can allocate you a private ASN
from the common range (65,000 & up, IIRC).

>on the second router. Intranet traffic will be encapsulated in a FW-FW
>VPN Tunnel over the PPP link. A secondary PPP link may also be
>implemented as a failover to the primary PPP link. If I am not
>mistaken, this would most efficiently be implemented as per the
>'backup int' commands. That would require the locations utilize two


Backup interface requires the link being backed up go down hard at the
link level. You would be better off driving the failover with your BGP
implementation.

>routers. One for internet access and one for PPP/backup PPP. My
>reasoning for breaking it out like this is to implement HSRP on the
>PPP/backup PPP router.


Keep your failover for routes and your failover for LAN access
independent. HSRP is not required to use alternate routes, it is only
useful for allowing one router to replace another without changing the
default gateway configured on other LAN clients.

>This gives me Internet redundancy inbound and outbound, as well as
>intranet redundancy... without the intranet dependency on the ISP.
>
>The two (three if you count the HSRP configuration) 2611XM routers
>(two FastEth ports) and HA - FWs at each location would be connected
>into two 3550 switches. I'm not exactly sure of the appropriate switch
>configuration... for all of this... but that is another issue.


Your links are order of magnitude more failure prone than your routers.
Make sure you've got real link diversity before you worry about router
diversity unless you have money to burn. Keep in mind that configuration
complexity will also lead to failures, as will inadequate management of
the network and links during normal operation (the backup link is only
useful if it still works when it is finally needed).

>I guess my real question becomes: Is this a realistic implementation?
>What could be implemented/removed to make this more efficient?
>
>Regards,
>-bj


Realistic? - in terms of "can it be done" - yes.

Realistic? - in terms of "will it work" - probably, with work.

Optimal? - in terms of "most bang for the money" - probably not.

Unfortunately, high availability design requires an overall analysis of
the environment, from the local telco to the abilities of staff to
adequately monitor and manage the solution. Well beyond the scope of
what is possible with a simple exchange of news postings. I wrote a book
about the challenges, strictly addressing network issues, and barely
scratched the surface after 300 pages.

Good luck and have fun!
--
Vincent C Jones, Consultant Expert advice and a helping hand
Networking Unlimited, Inc. for those who want to manage and
Tenafly, NJ Phone: 201 568-7810 control their networking destiny
http://www.networkingunlimited.com
 
Reply With Quote
 
 
 
 
Blackjack
Guest
Posts: n/a
 
      09-28-2004
My apologies for the delay in response. Comments inline:

http://www.velocityreviews.com/forums/(E-Mail Removed) (Vincent C Jones) wrote in message news:<ciufus$abh$(E-Mail Removed)>...
> In article <(E-Mail Removed) >,
> Blackjack <(E-Mail Removed)> wrote:
> >Simply put, I will have 2 locations with internet connectivity to the
> >same ISP (diverse routes (including local exchange) to two different
> >cities) to manage. PPP will be utilized for intranet connectivity. The
> >underlying configuration should allow each location to use their own
> >internet connectivity, but will provide failover to the PPP connection
> >if need be.

>
> When you say PPP, do you mean a dial up connection?
>


My apologies. Point-to-Point (PTP): T1 connection between locations.
Not LAN access via a dialup.

>
> >My difficulty in understanding comes while trying to break out this
> >next part.
> >
> >From what I understand, we will need to obtain an ASN to implement BGP
> >on a serial interface at each location to continue to provide services
> >given a failed internet link. IBGP would be used across the PPP link

>
> This is the cleanest way to do it. Since both sites go to the same ISP,
> you don't need a public ASN, your ISP can allocate you a private ASN
> from the common range (65,000 & up, IIRC).
>


Excellent.

>
> >on the second router. Intranet traffic will be encapsulated in a FW-FW
> >VPN Tunnel over the PPP link. A secondary PPP link may also be
> >implemented as a failover to the primary PPP link. If I am not
> >mistaken, this would most efficiently be implemented as per the
> >'backup int' commands. That would require the locations utilize two

>
> Backup interface requires the link being backed up go down hard at the
> link level. You would be better off driving the failover with your BGP
> implementation.
>


Again, my apologies for mis-stating the link type.

>
> >routers. One for internet access and one for PPP/backup PPP. My
> >reasoning for breaking it out like this is to implement HSRP on the
> >PPP/backup PPP router.

>
> Keep your failover for routes and your failover for LAN access
> independent. HSRP is not required to use alternate routes, it is only
> useful for allowing one router to replace another without changing the
> default gateway configured on other LAN clients.
>


BGP for internet route failover is mandatory. It seems BGP should be
used for Intranet route failover as well in order to maintain
consistency. HSRP needs to be implemented because of the computing
enviroment.

>
> >This gives me Internet redundancy inbound and outbound, as well as
> >intranet redundancy... without the intranet dependency on the ISP.
> >
> >The two (three if you count the HSRP configuration) 2611XM routers
> >(two FastEth ports) and HA - FWs at each location would be connected
> >into two 3550 switches. I'm not exactly sure of the appropriate switch
> >configuration... for all of this... but that is another issue.

>
> Your links are order of magnitude more failure prone than your routers.
> Make sure you've got real link diversity before you worry about router
> diversity unless you have money to burn. Keep in mind that configuration
> complexity will also lead to failures, as will inadequate management of
> the network and links during normal operation (the backup link is only
> useful if it still works when it is finally needed).
>


Cost is always a factor, but it is not the driving factor. My goal is
to keep the implementation as clean as possible from all aspects while
providing failover methods that approach eliminating any client that
is utilizing our service from detecting that failover has occurred.

>
> >I guess my real question becomes: Is this a realistic implementation?
> >What could be implemented/removed to make this more efficient?
> >
> >Regards,
> >-bj

>
> Realistic? - in terms of "can it be done" - yes.
>
> Realistic? - in terms of "will it work" - probably, with work.
>
> Optimal? - in terms of "most bang for the money" - probably not.
>
> Unfortunately, high availability design requires an overall analysis of
> the environment, from the local telco to the abilities of staff to
> adequately monitor and manage the solution. Well beyond the scope of
> what is possible with a simple exchange of news postings. I wrote a book
> about the challenges, strictly addressing network issues, and barely
> scratched the surface after 300 pages.
>
> Good luck and have fun!
>


Realistic - is it the cleanest approach given the available
information and if not what aspect warants more research.

Optimal - same as realistic.


Thank you for your response. It is greatly appreciated.

Best Regards,
-bj
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
hsrp redundancy on catalyst 3750x to router spinnekop Cisco 0 01-19-2012 03:18 PM
Re: IP SLA and HSRP - Please help Darren Green Cisco 1 04-30-2008 07:33 AM
Campus Design Problem - Redundancy, HSRP, STP, VLANs... toddedu@yahoo.com Cisco 2 09-18-2007 01:42 PM
Help - huge problem w/HSRP 6506s, inter-VLAN routing and retransmissions papi Cisco 2 04-30-2005 12:31 PM
how HSRP redundancy can be applied to crypto IPSec profile ? He Ming Cisco 0 07-13-2004 03:28 AM



Advertisments