Failover how much complexity will it add?

Adam Armstrong lists at memetic.org
Mon Nov 9 13:39:34 UTC 2009


Ken Gilmour wrote:
> Hi Adel
>
> There are companies like packet exchange (www.packetexchange.net)
> (whom i have personally used) who will do all of the legwork for you,
> such as applying for the ASN, address space, transit agreements, and
> get the tail connections directly to your building. You just need to
> pay them and buy the equipment (which they can also provide). Probably
> easier in the long run.
>   
Sure, if you want to hand over your entire profit margin to a 3rd party. 
Do you really want to give away the keys to your business, and rely 
entirely upon a third party organisation? Better to acquire the skills 
which are vital to your organisation yourself.
> NOTE: I am not an employee, or paid affiliate of packet exchange... I
> have used them for services and am promoting them due to my own good
> experiences with their services.
>   
I used to work for them. Then as now, I honestly can see little purpose 
in their productset.

adam.
> 2009/11/8  <adel at baklawasecrets.com>:
>   
>> Thanks Seth and James,
>>
>> Things are getting a lot clearer.  The BGP multihoming solution sounds like exactly what I want.  I have more questions :-)
>>
>> Now I suppose I would get my allocation from RIPE as I am UK based?
>>
>> Do I also need to apply for an AS number?
>>
>> As the IP block is "mine", it is ISP independent.  i.e. I can take it with me when I decide to use two completely different ISPs?
>>
>> Is the obtaining of this IP block, what is referred to as PI space?
>>
>> Of course internally I split the /24 up however I want - /28 for untrust range and maybe a routed DMZ block etc.?
>>
>> Assuming I apply for IP block and AS number, whats involved and how long does it take to get these babies?
>>
>> I know the SSG550's have BGP capabilites.  As I have two of these in HA mode, does it make sense to do the BGP on these, or should I get dedicated BGP routers?
>>
>> Fixing the internal routing policy so traffic is directed at the active BGP connection.  Whats involved here, preferring one BGP link over the other?
>>
>> Thanks again, I obviously need to do some reading of my own, but all the suggestions so far have been very valuable and definitely seem to be pointing in some
>> fruitful directions.
>>
>> Adel
>>
>>
>>
>> On Sun   6:31 PM , "James Hess" mysidia at gmail.com sent:
>>     
>>> On Sun, Nov 8, 2009 at 11:34 AM,  <adel@
>>> baklawasecrets.com> wrote:[..]
>>>       
>>>> connections from different providers I would
>>>>         
>>> still have issues.  So> I guess that if my primary Internet goes down I
>>> lose connectivity> to all the publicly addressed devices on that
>>> connection. Like> dmz hosts and so on.  I would be interested
>>> to hear how this> can be avoided if at all or do I have to use the
>>> same provider.
>>> You assign multi-homed IP address space to your publicly addressed
>>> devices,which are not specific to either ISP. You announce to both ISPs,  and
>>> you accept some routes from both ISPs.
>>>
>>> You get multi-homed IPs, either by having an existing ARIN allocation,
>>> or getting a /22 from ARIN  (special allocation available for
>>> multi-homing), or  ask for a /24 from  ISP A or ISP B  for
>>> multihoming.
>>>
>>>
>>> If  Link A fails, the BGP session eventually times out and dies: ISP
>>> A's  BGP routers withdraw the routes,  the IP addresses are then
>>> associated only with provider B.
>>>
>>> And you design your internal routing policy  to  direct  traffic
>>> within your network to the router with an active BGP session.
>>>
>>> Link A's failure is _not_ a total non-event,  but a 3-5 minute partial
>>> disruption, while the BGP session times out and updates occur in other
>>> people's routers, is minimal compared to  a  3 day outage, if serious
>>> repairs to upstream fiber are required.
>>>
>>>
>>> --
>>> -J
>>>
>>>
>>>
>>>       
>>
>>     
>
>   





More information about the NANOG mailing list