BGP for disaster recovery site

Justin M. Streiner streiner at cluebyfour.org
Mon Sep 29 16:29:37 UTC 2008 

On Mon, 29 Sep 2008, CHRISTINE.M.BERNS at sargentlundy.com wrote:

> We currently have a routable block (class B) of IP addresses.  We are in
> the process of designing a disaster recovery site.  Our main site is
> already dual homed to two different Internet service providers via BGP.  A
> consultant told us that in order to allow us to test access to the DR site
> without affecting the production environment, we should get another block
> of addresses from ARIN and advertise those addresses out the DR site's
> Internet connection.  Can we even expect to get another block from ARIN if
> we already have a class B, and could we not accomplish the same thing by
> advertising a subnet of our existing Class B at the DR site?  I would
> actually prefer to advertise a subnet of our class B,  but am wondering if
> there are any reasons why this is not a good idea.  Also, I have seen
> reference to some Internet service providers possibly not accepting /24
> BGP routes and either dropping them or aggregating them to  a  /21 or /20
> or /19.    Are there recommendations as to what  is the longest prefix
> that we should advertise to guarantee that the prefix will be advertised
> throughout the Internet?

If you have a subnet or two within your /16 that you're not using at all 
today, you could use those to advertise from your DR site.  If you're 
using all of your /16 today, then you could apply to ARIN for more space, 
but keep in mind that just because you have a /16 today doesn't mean that 
ARIN will automatically hand you another /16 because you're running a DR 
site.

It is true that some providers might filter /24s out of 'legacy class B' 
space, however most providers I've seen are also loath to scribble on 
advertisements that they don't originate, i.e. aggregating smaller 
prefixes from your /16 back into that /16 if the origin AS isn't theirs.
It might also be a good idea to register route-objects with one of the 
routing registries (RADB, ALTDB, ARIN, etc...) since some providers do 
build their routing policies based on information from those sources.

There is no 100% guarantee of global reachability on any prefix you or 
anyone else advertises - just a reasonable expectation that things will 
work for the most part :)

jms

More information about the NANOG mailing list