Design Question?
Jeff Cady
this. It is going to be a cost savings to the company in implimenting
this setup we are eliminating 2 connections to the providers.
Site 1 Site 2
| |
----LAN---- ----LAN----
| |
| FW | | FW |
| |
----LAN---- ----LAN----
| | | |
| rtr1 | | rtr2 |-ds3-| rtr3 | | rtr4 |
| |
BGP BGP
To Provider A To Provider B
The Fire walls will not run any dynamic routing protocols. During a
Falure of eather the DS3 of eather one of the providers I would like
to dynamically route arround it does any one have any suggestions.
Like what Protocols OSPF vs IBGP. Let me know what you think.
Thanks
Jeff
Alan Strassberg
You are refering to default route redistribution I believe.
You want link failure detection and the ability to change
the default route if so. Given this, I'd vote for iBGP
between the router pairs and then redistribute this internally
to whatever routing protocol you use internally and flip the route.
BGP is a single tcp port (179) and is much easier to get thru
a firewall than multicast EIGRP or OSPF.
See Vince Jones' white paper on this and buy his book, it's
great (hi Vince :). The bible for High Availability.
http://www.networkingunlimited.com/white001.html
Another approach is using the Internet link as a
site-to-site VPN and fail over to this. I'm doing this now
and it works pretty well. Depends on what you need.
alan
Mike
run BGP, in your own AS, and let BGP select the routes to use. Or you could
use static routes and weight them so that the traffic goes out to each ISP,
with the ds3 as a backup.
Things to consider -
BGP:
ISP's need to agree on your AS and IP scheme.
You need to have about 80 megs of memory for full bgp route tables, plus
whatever the IOS version you are running has for memory requirements.
Make sure your CPU can handle the load of BGP
BGP may need to be tweaked a little for your AS, and to accomidate your
ISP's location on the Internet.
BGP is great when you get it to do what you want.
Static routes:
Statics give you a little more flexibility in the memory and cpu
requirements department
Administration can be a pain sometimes
No bgp configuration required, and they are usable with any ISP. (I
personally would most likely get a default route via bgp from each provider,
and weigh a static for the ds3 if I were to go with static routes)
"Jeff Cady" <je...@jcady.org> wrote in message
news:62d5878e.02032...@posting.google.com...
Vincent Jones
Another approach you could consider is to move the cross-tie to inside
the firewalls. The IBGP between external routers gets more complex (you
could do it with an "inverse VPN" rather than letting generic BGP
through your firewalls) but you would then have FW redundancy between
sites.
Site 1 Site 2
| |
| | rtr2 |-ds3-| rtr3 | |
| | | |
----LAN---- ----LAN----
| |
| FW | | FW |
| |
----LAN---- ----LAN----
| |
| rtr1 | | rtr4 |
| |
BGP BGP
To Provider A To Provider B
Another approach would be to eliminate rtr2 & rtr3 altogether and put
the cross-tie between rtr1 and rtr4. That would make the configuration
much simpler.
The possibilities are endless...limited only by your imagination and
budget :-)
Good luck and have fun!
--
Vincent C Jones, Consultant Expert advice and a helping hand
Networking Unlimited, Inc. for those who want to manage and
Tenafly, NJ Phone: 201 568-7810 control their networking destiny
http://www.networkingunlimited.com
SysAdm
for an internet site to be co-located ? or is this setup for two
office-style LANs to have internet connectivity ?
SysAdm
"Jeff Cady" <je...@jcady.org> wrote in message
news:62d5878e.02032...@posting.google.com...
Jeff Cady
Node which services our customers.
Jeff
"SysAdm" <wjo...@sitesmith.com> wrote in message news:<a85sq2$jp1$1...@helle.btinternet.com>...