North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical "Simple" Multi-Homing ? (was Re: CIDR Report)
Gee, just when I thought I got the required answers to my "simple" multi-homing questions to/from the comp.protocols.tcp-ip News group, I started seeing these Nanog threads related to multi-homing, now I'm not so sure its "simple", or even if a "Simple" multi-homing to > 1 provider is possible?....[I've pasted the News posting below]. Our requirements are: - we needs link redundancy (a single location) � our web service requires 24 x 7 availability. - We can�t co-locate our web service to an ISP/Hosting-Provider at the current time. - Our current provider, UUNET (we�re using T1 burstable service), has a single POP in our location (Ottawa, Ontario Canada). We don�t want 2 links to the same provider (POP), or do we? - As far as I know there is only one provider in this area that has > 1 POP. [its not financially prudent for us to drop UUNET and go with them � read � we have a �contract�]. - We have been allocated a /24 from UUNET. BTW: Since last Thursday afternoon, we've been having T1 link flaky-ness and have been intermittantly up and down (mostly down). We replaced our router [it was delivered to the guy in charge of our network on Saturday night - sort-a link a pizza delivery - One router please, with a T1 for extra topping...:-)] and the T1 card and some cabling - the finger point is still fricken going on.....So please don't try to tell me that us small /24 guys don't need link redundancy and multi-homing....we do... I basically need to be educated and told whether the configuration described below will work. Based upon these Nanog threads, I'm concerned that when our primary link goes down, our IP /24 address block will not be globably routeable via our backup link/ISP since some ISPs filter /24s out? Comments? What are the alternatives? In summary, the configuration we "were" considering: - use only default routing. - we need to get our own ASN. - primary T1 link will uses local-preferece so all outgoing traffic will use this link. - backup T1 will use AS_Path manipulation to insert bogus AS entries to pad-out the AS length so incoming should prefer the primary T1. ThatsAll... > Below is the response I got from a "comp.protocols.tcp-ip" news group query, the ">" are my original questions, the other info. is from a person who responded to my questions.... In article <[email protected]>, Todd Sandor <[email protected]> wrote: > >Hi, I need some assistance/direction in trying to determine what I need >to do in order to multi-home to different providers. >It sounds simple enough �please provide help/hints/references. Cheers� > >I think the bottom line question is how to I reliably multi-home to >multiple (2 in this case) providers without a PI (provider-independent >IP address) and without an ASN? Maybe someone can direct me to a >document that described If you're going to run BGP, you need an ASN, but you don't need PI addresses. You can advertise your UUNET-assigned address block to your backup provider. As long as you tell UUNET to export it as well, you should be fine. For a good description of how to configure multi-homing with BGP, see <http://www.netaxs.com/~freedman/bgp.html>. >I've done some reading about BGP (e.g. Bassam Halabi's "Internet Routing >Architectures"), but have no "hands on" >experience. What I would like to be able to do is run BGP to each >provider and use one link as a primary link and the >second link as a backup. I think I would need to: >- Use default routing [dynamically learn 0/0 from both providers]. I >would use the BGP attribute "local" preference (or >Cisco's weight parameter) to affect outgoing traffic to use the primary >link. >- Would use AS_Path manipulation to insert bogus AS entries into the >AS_path attribute on the backup link to influence >inbound traffic [from what I understand this need to be done all the way >up to the NAP -- will my providers help me with >this (tell me the # of bogus entries I'll need to add?)]. If your primary ISP is a tier-1 like UUNET, 1-2 levels of padding should be sufficient. You may also need to send a community to your backup provider, if you don't want them using that connection for traffic from their own customers. This is because some providers use local-pref to prefer direct customer links over peering links. >- Would filter inbound routes to only accept 0/0. Filter outbound to >only send our address block. You should be able to ask the providers to only send you default routes. >- We currently have a Cisco 2610 -- is this sufficient? Is there a >particular IOS release we should run? For default routes, this should be fine. Any recent IOS should be OK. >- We have been allocated a /24 from UUNET. We are probably not going >to be able to justify a /20 from Arin in >order to get PI (provider independent) IP address space. I believe >we'll need to use an IP address from UUNET >or the future "other" provider. Few organizations other than ISPs can justify /20's and larger. >- It may be difficult to get an ASN (see question #1)�. > >Questions: > >1) The Arin ASN request information requires verification that you are a >multi-homed site -- if your just planning be >become multi-homed will Arin still give you a ASN? They want you to provide contact information for both providers. Once you purchase the service from the second provider, you'll be multi-homed and they'll give you the ASN. Until then, you don't need it. >2) If we were to use a private ASN, both providers would need to strip >this off [our IP addresses would seem to >be part of each providers AS], then the same IP address block (say our >/24) would have different ORIGIN >attributes -- other then being "illegal" would this cause routing >in-stabilities? Do some provider allow this? You shouldn't do this. >3) What are some of the reasons why Arin at page >"http://www.arin.net/regserv.html" specifies "Provider-independent >(portable) addresses obtained directly from ARIN are the least likely to >be globally Routable". Some ISPs filter out advertisements smaller than /19. So even though ARIN will assign /20's, they may not be seen by everyone. --
|