[119137] in North American Network Operators' Group
Re: Failover how much complexity will it add?
daemon@ATHENA.MIT.EDU (Ken Gilmour)
Sun Nov 8 15:25:59 2009
In-Reply-To: <60758.1257711423@baklawasecrets.com>
From: Ken Gilmour <ken.gilmour@gmail.com>
Date: Sun, 8 Nov 2009 14:24:54 -0600
To: adel@baklawasecrets.com
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Hi Adel
There are companies like packet exchange (www.packetexchange.net)
(whom i have personally used) who will do all of the legwork for you,
such as applying for the ASN, address space, transit agreements, and
get the tail connections directly to your building. You just need to
pay them and buy the equipment (which they can also provide). Probably
easier in the long run.
NOTE: I am not an employee, or paid affiliate of packet exchange... I
have used them for services and am promoting them due to my own good
experiences with their services.
Regards,
Ken
2009/11/8 <adel@baklawasecrets.com>:
> Thanks Seth and James,
>
> Things are getting a lot clearer. =A0The BGP multihoming solution sounds =
like exactly what I want. =A0I have more questions :-)
>
> Now I suppose I would get my allocation from RIPE as I am UK based?
>
> Do I also need to apply for an AS number?
>
> As the IP block is "mine", it is ISP independent. =A0i.e. I can take it w=
ith me when I decide to use two completely different ISPs?
>
> Is the obtaining of this IP block, what is referred to as PI space?
>
> Of course internally I split the /24 up however I want - /28 for untrust =
range and maybe a routed DMZ block etc.?
>
> Assuming I apply for IP block and AS number, whats involved and how long =
does it take to get these babies?
>
> I know the SSG550's have BGP capabilites. =A0As I have two of these in HA=
mode, does it make sense to do the BGP on these, or should I get dedicated=
BGP routers?
>
> Fixing the internal routing policy so traffic is directed at the active B=
GP connection. =A0Whats involved here, preferring one BGP link over the oth=
er?
>
> Thanks again, I obviously need to do some reading of my own, but all the =
suggestions so far have been very valuable and definitely seem to be pointi=
ng in some
> fruitful directions.
>
> Adel
>
>
>
> On Sun =A0 6:31 PM , "James Hess" mysidia@gmail.com sent:
>> On Sun, Nov 8, 2009 at 11:34 AM, =A0<adel@
>> baklawasecrets.com> wrote:[..]
>> > connections from different providers I would
>> still have issues. =A0So> I guess that if my primary Internet goes down =
I
>> lose connectivity> to all the publicly addressed devices on that
>> connection. Like> dmz hosts and so on. =A0I would be interested
>> to hear how this> can be avoided if at all or do I have to use the
>> same provider.
>> You assign multi-homed IP address space to your publicly addressed
>> devices,which are not specific to either ISP. You announce to both ISPs,=
=A0and
>> you accept some routes from both ISPs.
>>
>> You get multi-homed IPs, either by having an existing ARIN allocation,
>> or getting a /22 from ARIN =A0(special allocation available for
>> multi-homing), or =A0ask for a /24 from =A0ISP A or ISP B =A0for
>> multihoming.
>>
>>
>> If =A0Link A fails, the BGP session eventually times out and dies: ISP
>> A's =A0BGP routers withdraw the routes, =A0the IP addresses are then
>> associated only with provider B.
>>
>> And you design your internal routing policy =A0to =A0direct =A0traffic
>> within your network to the router with an active BGP session.
>>
>> Link A's failure is _not_ a total non-event, =A0but a 3-5 minute partial
>> disruption, while the BGP session times out and updates occur in other
>> people's routers, is minimal compared to =A0a =A03 day outage, if seriou=
s
>> repairs to upstream fiber are required.
>>
>>
>> --
>> -J
>>
>>
>>
>
>
>
