What would you do? Multiple ISP routing.

Discussion in 'Cisco' started by edavid3001@gmail.com, Mar 11, 2008.

  1. Guest

    Here is my layout in it's basic form;
    http://farm3.static.flickr.com/2055/2327338600_6ee901b2e2_o.jpg

    We just acquired 100Mb/s Internet connectivity from a local vendor.
    It has much less redundancy than our existing infrastructure which has
    two T1's running hundreds of miles in different directions to
    different POPs from the RBOC and a fiber ring between us and our RBOC
    & another peer.

    I have a large number of web servers in my DMZ. I obviously can't
    just re-route this setup to default gateway through the 100Mb/s side.
    All replies to inbound traffic would then route incorrectly.

    Because it was easy & I knew how to do it, I setup a transparent proxy
    in the DMZ and did a re-write rule on the firewall so all outbound
    port 80 traffic from the LAN gets send to this proxy. This proxy's
    default gateway is out through another firewall on the 100Mb/s side.
    There is a peer which it can talk to which defaults out the slower
    pipes. I can also just disable the re-write rule if there are
    problems.

    I can't transparently do SSL or other traffic. I could just setup
    another firewall, configure my DMZ networks to route specific through
    the old firewall, and have my PC's default gateway through this new
    firewall, hooked up to the 100Mb/s connection. We have a very
    restrictive firewall, so I don't desire recreating that on another
    firewall. Nor do I desire two sets of logs.

    Routers are not my specialty - we have another guy configure those.
    But it is mostly basic stuff. I'm learning about policy based
    routing.

    Could I setup the clients I want to go out over the 100Mb/s connection
    to NAT from a specific address on the main firewall, connect the two
    Cisco routers connected to the Internet together (along with all the
    public routing that entails) and then configure policy based routing
    so that if the source IP is that NAT address, it defaults to route out
    to the router on the 100Mb/s Internet and then a higher metric through
    my BGP peers?

    Does that make sense? Any pitfalls with this approach?
     
    , Mar 11, 2008
    #1
    1. Advertising

  2. amigan Guest

    Re: What would you do? Multiple ISP routing.

    I don't understand the "It has much less redundancy than our existing
    infrastructure". Why can't you just have BGP peering with all three
    Internet access points and use localpref to prefer the 100Mbps out?
    Seems to me adding another route out of your network should simply
    increase your redundancy. Use the old T1s as backup. Those routes
    will only kick in when peering with the ISP for the 100Mbps circuit
    goes out.

    Michael Medwid
     
    amigan, Mar 11, 2008
    #2
    1. Advertising

  3. Guest

    Re: What would you do? Multiple ISP routing.

    Multiple ISP BGP peering is a different beast than single ISP BGP
    peering. I'm not sure this old router has enough guts to handle the
    routing table needed. As I understand it, multiple BGP peering
    requires my router to cache a much larger routing table. Also, I
    don't have my own space from ARIN...
     
    , Mar 26, 2008
    #3
  4. Merv Guest

    Re: What would you do? Multiple ISP routing.


    > As I understand it, multiple BGP peering
    > requires my router to cache a much larger routing table. Also, I
    > don't have my own space from ARIN...



    All you need to accept is that number of routes required to make
    "good" routing decisions.

    If you want to route all traffic to new ISP and in case of failure
    fall back to current iSP,
    then all you need to do is accept default from both ISPs and local
    pref the default from the new ISP.

    Or you could accept partial routes for each ISP ( their AS + their
    customers) using AS path filters

    Or you could accept full routes if you rerouter has the CPU and memory
    to handle.
     
    Merv, Mar 27, 2008
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Chennak
    Replies:
    10
    Views:
    2,751
    Jyri Korhonen
    Jun 8, 2005
  2. Fred
    Replies:
    0
    Views:
    511
  3. Replies:
    69
    Views:
    1,377
    Azzz1588
    Jun 30, 2004
  4. Replies:
    1
    Views:
    440
    Doug McIntyre
    May 23, 2007
  5. richard
    Replies:
    4
    Views:
    596
    Mike Yetto
    Jan 31, 2010
Loading...

Share This Page