Redundancy concept help with BGP/IBGP and HSRP

Discussion in 'Cisco' started by Blackjack, Sep 21, 2004.

  1. Blackjack

    Blackjack Guest

    Posted this in comp.dcom.lans.ethernet... but I see this is probably
    the most appropriate place to ask so I will try and make this concise
    and coherent.

    Simply put, I will have 2 locations with internet connectivity to the
    same ISP (diverse routes (including local exchange) to two different
    cities) to manage. PPP will be utilized for intranet connectivity. The
    underlying configuration should allow each location to use their own
    internet connectivity, but will provide failover to the PPP connection
    if need be.

    My difficulty in understanding comes while trying to break out this
    next part.

    From what I understand, we will need to obtain an ASN to implement BGP
    on a serial interface at each location to continue to provide services
    given a failed internet link. IBGP would be used across the PPP link
    on the second router. Intranet traffic will be encapsulated in a FW-FW
    VPN Tunnel over the PPP link. A secondary PPP link may also be
    implemented as a failover to the primary PPP link. If I am not
    mistaken, this would most efficiently be implemented as per the
    'backup int' commands. That would require the locations utilize two
    routers. One for internet access and one for PPP/backup PPP. My
    reasoning for breaking it out like this is to implement HSRP on the
    PPP/backup PPP router.

    This gives me Internet redundancy inbound and outbound, as well as
    intranet redundancy... without the intranet dependency on the ISP.

    The two (three if you count the HSRP configuration) 2611XM routers
    (two FastEth ports) and HA - FWs at each location would be connected
    into two 3550 switches. I'm not exactly sure of the appropriate switch
    configuration... for all of this... but that is another issue.

    I guess my real question becomes: Is this a realistic implementation?
    What could be implemented/removed to make this more efficient?

    Regards,
    -bj
     
    Blackjack, Sep 21, 2004
    #1
    1. Advertising

  2. In article <>,
    Blackjack <> wrote:
    >Simply put, I will have 2 locations with internet connectivity to the
    >same ISP (diverse routes (including local exchange) to two different
    >cities) to manage. PPP will be utilized for intranet connectivity. The
    >underlying configuration should allow each location to use their own
    >internet connectivity, but will provide failover to the PPP connection
    >if need be.


    When you say PPP, do you mean a dial up connection?

    >My difficulty in understanding comes while trying to break out this
    >next part.
    >
    >From what I understand, we will need to obtain an ASN to implement BGP
    >on a serial interface at each location to continue to provide services
    >given a failed internet link. IBGP would be used across the PPP link


    This is the cleanest way to do it. Since both sites go to the same ISP,
    you don't need a public ASN, your ISP can allocate you a private ASN
    from the common range (65,000 & up, IIRC).

    >on the second router. Intranet traffic will be encapsulated in a FW-FW
    >VPN Tunnel over the PPP link. A secondary PPP link may also be
    >implemented as a failover to the primary PPP link. If I am not
    >mistaken, this would most efficiently be implemented as per the
    >'backup int' commands. That would require the locations utilize two


    Backup interface requires the link being backed up go down hard at the
    link level. You would be better off driving the failover with your BGP
    implementation.

    >routers. One for internet access and one for PPP/backup PPP. My
    >reasoning for breaking it out like this is to implement HSRP on the
    >PPP/backup PPP router.


    Keep your failover for routes and your failover for LAN access
    independent. HSRP is not required to use alternate routes, it is only
    useful for allowing one router to replace another without changing the
    default gateway configured on other LAN clients.

    >This gives me Internet redundancy inbound and outbound, as well as
    >intranet redundancy... without the intranet dependency on the ISP.
    >
    >The two (three if you count the HSRP configuration) 2611XM routers
    >(two FastEth ports) and HA - FWs at each location would be connected
    >into two 3550 switches. I'm not exactly sure of the appropriate switch
    >configuration... for all of this... but that is another issue.


    Your links are order of magnitude more failure prone than your routers.
    Make sure you've got real link diversity before you worry about router
    diversity unless you have money to burn. Keep in mind that configuration
    complexity will also lead to failures, as will inadequate management of
    the network and links during normal operation (the backup link is only
    useful if it still works when it is finally needed).

    >I guess my real question becomes: Is this a realistic implementation?
    >What could be implemented/removed to make this more efficient?
    >
    >Regards,
    >-bj


    Realistic? - in terms of "can it be done" - yes.

    Realistic? - in terms of "will it work" - probably, with work.

    Optimal? - in terms of "most bang for the money" - probably not.

    Unfortunately, high availability design requires an overall analysis of
    the environment, from the local telco to the abilities of staff to
    adequately monitor and manage the solution. Well beyond the scope of
    what is possible with a simple exchange of news postings. I wrote a book
    about the challenges, strictly addressing network issues, and barely
    scratched the surface after 300 pages.

    Good luck and have fun!
    --
    Vincent C Jones, Consultant Expert advice and a helping hand
    Networking Unlimited, Inc. for those who want to manage and
    Tenafly, NJ Phone: 201 568-7810 control their networking destiny
    http://www.networkingunlimited.com
     
    Vincent C Jones, Sep 24, 2004
    #2
    1. Advertising

  3. Blackjack

    Blackjack Guest

    My apologies for the delay in response. Comments inline:

    (Vincent C Jones) wrote in message news:<ciufus$abh$>...
    > In article <>,
    > Blackjack <> wrote:
    > >Simply put, I will have 2 locations with internet connectivity to the
    > >same ISP (diverse routes (including local exchange) to two different
    > >cities) to manage. PPP will be utilized for intranet connectivity. The
    > >underlying configuration should allow each location to use their own
    > >internet connectivity, but will provide failover to the PPP connection
    > >if need be.

    >
    > When you say PPP, do you mean a dial up connection?
    >


    My apologies. Point-to-Point (PTP): T1 connection between locations.
    Not LAN access via a dialup.

    >
    > >My difficulty in understanding comes while trying to break out this
    > >next part.
    > >
    > >From what I understand, we will need to obtain an ASN to implement BGP
    > >on a serial interface at each location to continue to provide services
    > >given a failed internet link. IBGP would be used across the PPP link

    >
    > This is the cleanest way to do it. Since both sites go to the same ISP,
    > you don't need a public ASN, your ISP can allocate you a private ASN
    > from the common range (65,000 & up, IIRC).
    >


    Excellent.

    >
    > >on the second router. Intranet traffic will be encapsulated in a FW-FW
    > >VPN Tunnel over the PPP link. A secondary PPP link may also be
    > >implemented as a failover to the primary PPP link. If I am not
    > >mistaken, this would most efficiently be implemented as per the
    > >'backup int' commands. That would require the locations utilize two

    >
    > Backup interface requires the link being backed up go down hard at the
    > link level. You would be better off driving the failover with your BGP
    > implementation.
    >


    Again, my apologies for mis-stating the link type.

    >
    > >routers. One for internet access and one for PPP/backup PPP. My
    > >reasoning for breaking it out like this is to implement HSRP on the
    > >PPP/backup PPP router.

    >
    > Keep your failover for routes and your failover for LAN access
    > independent. HSRP is not required to use alternate routes, it is only
    > useful for allowing one router to replace another without changing the
    > default gateway configured on other LAN clients.
    >


    BGP for internet route failover is mandatory. It seems BGP should be
    used for Intranet route failover as well in order to maintain
    consistency. HSRP needs to be implemented because of the computing
    enviroment.

    >
    > >This gives me Internet redundancy inbound and outbound, as well as
    > >intranet redundancy... without the intranet dependency on the ISP.
    > >
    > >The two (three if you count the HSRP configuration) 2611XM routers
    > >(two FastEth ports) and HA - FWs at each location would be connected
    > >into two 3550 switches. I'm not exactly sure of the appropriate switch
    > >configuration... for all of this... but that is another issue.

    >
    > Your links are order of magnitude more failure prone than your routers.
    > Make sure you've got real link diversity before you worry about router
    > diversity unless you have money to burn. Keep in mind that configuration
    > complexity will also lead to failures, as will inadequate management of
    > the network and links during normal operation (the backup link is only
    > useful if it still works when it is finally needed).
    >


    Cost is always a factor, but it is not the driving factor. My goal is
    to keep the implementation as clean as possible from all aspects while
    providing failover methods that approach eliminating any client that
    is utilizing our service from detecting that failover has occurred.

    >
    > >I guess my real question becomes: Is this a realistic implementation?
    > >What could be implemented/removed to make this more efficient?
    > >
    > >Regards,
    > >-bj

    >
    > Realistic? - in terms of "can it be done" - yes.
    >
    > Realistic? - in terms of "will it work" - probably, with work.
    >
    > Optimal? - in terms of "most bang for the money" - probably not.
    >
    > Unfortunately, high availability design requires an overall analysis of
    > the environment, from the local telco to the abilities of staff to
    > adequately monitor and manage the solution. Well beyond the scope of
    > what is possible with a simple exchange of news postings. I wrote a book
    > about the challenges, strictly addressing network issues, and barely
    > scratched the surface after 300 pages.
    >
    > Good luck and have fun!
    >


    Realistic - is it the cleanest approach given the available
    information and if not what aspect warants more research.

    Optimal - same as realistic.


    Thank you for your response. It is greatly appreciated.

    Best Regards,
    -bj
     
    Blackjack, Sep 28, 2004
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. He Ming
    Replies:
    0
    Views:
    4,057
    He Ming
    Jul 13, 2004
  2. Gary

    HSRP/BGP Failover

    Gary, Jul 31, 2004, in forum: Cisco
    Replies:
    1
    Views:
    7,253
    Barry Margolin
    Jul 31, 2004
  3. Replies:
    2
    Views:
    1,022
  4. ascendmax

    HSRP w/ BGP Tracking

    ascendmax, Jul 28, 2008, in forum: Cisco
    Replies:
    1
    Views:
    6,759
    ascendmax
    Jul 29, 2008
  5. spinnekop
    Replies:
    0
    Views:
    1,657
    spinnekop
    Jan 19, 2012
Loading...

Share This Page