Failover how much complexity will it add?
adel at baklawasecrets.com
adel at baklawasecrets.com
Sun Nov 8 14:17:03 CST 2009
Thanks Seth and James,
Things are getting a lot clearer. The BGP multihoming solution sounds like exactly what I want. I have more questions :-)
Now I suppose I would get my allocation from RIPE as I am UK based?
Do I also need to apply for an AS number?
As the IP block is "mine", it is ISP independent. i.e. I can take it with me when I decide to use two completely different ISPs?
Is the obtaining of this IP block, what is referred to as PI space?
Of course internally I split the /24 up however I want - /28 for untrust range and maybe a routed DMZ block etc.?
Assuming I apply for IP block and AS number, whats involved and how long does it take to get these babies?
I know the SSG550's have BGP capabilites. As I have two of these in HA mode, does it make sense to do the BGP on these, or should I get dedicated BGP routers?
Fixing the internal routing policy so traffic is directed at the active BGP connection. Whats involved here, preferring one BGP link over the other?
Thanks again, I obviously need to do some reading of my own, but all the suggestions so far have been very valuable and definitely seem to be pointing in some
On Sun 6:31 PM , "James Hess" mysidia at gmail.com sent:
> On Sun, Nov 8, 2009 at 11:34 AM, <adel@
> baklawasecrets.com> wrote:[..]
> > connections from different providers I would
> still have issues. So> I guess that if my primary Internet goes down I
> lose connectivity> to all the publicly addressed devices on that
> connection. Like> dmz hosts and so on. I would be interested
> to hear how this> can be avoided if at all or do I have to use the
> same provider.
> You assign multi-homed IP address space to your publicly addressed
> devices,which are not specific to either ISP. You announce to both ISPs, and
> you accept some routes from both ISPs.
> You get multi-homed IPs, either by having an existing ARIN allocation,
> or getting a /22 from ARIN (special allocation available for
> multi-homing), or ask for a /24 from ISP A or ISP B for
> If Link A fails, the BGP session eventually times out and dies: ISP
> A's BGP routers withdraw the routes, the IP addresses are then
> associated only with provider B.
> And you design your internal routing policy to direct traffic
> within your network to the router with an active BGP session.
> Link A's failure is _not_ a total non-event, but a 3-5 minute partial
> disruption, while the BGP session times out and updates occur in other
> people's routers, is minimal compared to a 3 day outage, if serious
> repairs to upstream fiber are required.
More information about the NANOG