[115076] in North American Network Operators' Group
RE: Multi site BGP Routing design
daemon@ATHENA.MIT.EDU (John.Herbert@ins.com)
Fri Jun 5 20:36:03 2009
From: <John.Herbert@ins.com>
To: <cmadams@hiwaay.net>, <nanog@nanog.org>
Date: Fri, 5 Jun 2009 19:35:00 -0500
In-Reply-To: <20090606001655.GA1486707@hiwaay.net>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Depending on your security policies you may want to encrypt said tunnel als=
o.
Other than that, it all depends on it all depends. For example - if you rec=
eive / or have a default route pointing to the ISP, then the fact you have =
the same AS and won't receive the other site's routes in BGP doesn't matter=
at all - you'll follow a default from site 1 to the ISP, and the ISP will =
have a route to site 2 and can pass the traffic in the right direction. If =
you don't mind your traffic being passed unencrypted over the Internet, tha=
t is. You'll obviously need to adapt your firewall policies to allow for th=
at flow as well.
j.
________________________________
From: Chris Adams [cmadams@hiwaay.net]
Sent: Friday, June 05, 2009 20:16
To: nanog@nanog.org
Subject: Re: Multi site BGP Routing design
Once upon a time, Steve Bertrand <steve@ibctech.ca> said:
> Unless someone else has any better advice (I'm sure they do), you will
> need two separate public ASNs. Site 1 advertises it's space out of AS1,
> and site 2 advertises it's space from AS2.
I don't know that it's better advice, but another way to link the two
sites is via a tunnel (GRE or IPIP). Use the upstream IP on each router
as the local endpoint, and then run some routing protocol over the
tunnel.
--
Chris Adams <cmadams@hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.
