Failover how much complexity will it add?
adel at baklawasecrets.com
adel at baklawasecrets.com
Sun Nov 8 15:00:25 CST 2009
Don't think I sent the below to the list, so resending:
Thanks Seth and James,
Things are getting a lot clearer. The BGP multihoming solution sounds like exactly what I want. I have more questions :-)
Now I suppose I would get my allocation from RIPE as I am UK based?
Do I also need to apply for an AS number?
As the IP block is "mine", it is ISP independent. i.e. I can take it with me when I decide to use two
completely different ISPs?
Is the obtaining of this IP block, what is referred to as PI space?
Of course internally I split the /24 up however I want - /28 for untrust range and maybe a routed DMZ block
Assuming I apply for IP block and AS number, whats involved and how long does it take to get these babies?>
I know the SSG550's have BGP capabilites. As I have two of these in HA mode, does it make sense to do the BGP
on these, or should I get dedicated BGP routers?
Fixing the internal routing policy so traffic is directed at the active BGP connection. Whats involved here,
preferring one BGP link over the other?
Thanks again, I obviously need to do some reading of my own, but all the suggestions so far have been very valuable
and definitely seem to be pointing in some fruitful directions.
On Sun 6:31 PM , James Hess <mysidia at gmail.com> wrote:
> On Sun, Nov 8, 2009 at 11:34 AM, wrote:
> > connections from different providers I would still have issues. So
> > I guess that if my primary Internet goes down I lose connectivity
> > to all the publicly addressed devices on that connection. Like
> > dmz hosts and so on. I would be interested to hear how this
> > can be avoided if at all or do I have to use the same provider.
> You assign multi-homed IP address space to your publicly addressed
> which are not specific to either ISP. You announce to both ISPs, and
> you accept some routes from both ISPs.
> You get multi-homed IPs, either by having an existing ARIN allocation,
> or getting a /22 from ARIN (special allocation available for
> multi-homing), or ask for a /24 from ISP A or ISP B for
> If Link A fails, the BGP session eventually times out and dies: ISP
> A's BGP routers withdraw the routes, the IP addresses are then
> associated only with provider B.
> And you design your internal routing policy to direct traffic
> within your network to the router with an active BGP session.
> Link A's failure is _not_ a total non-event, but a 3-5 minute partial
> disruption, while the BGP session times out and updates occur in other
> people's routers, is minimal compared to a 3 day outage, if serious
> repairs to upstream fiber are required.
More information about the NANOG