Equipment Support > Hardware By Brand > Cisco > Design concept!

Design concept!

reply to Teezee
You seem to have big projects coming in, huh?

If I were you I would break down the concerns into smaller ones and start working on them one by one. I would start by asking myself these questions.

1. What does your boss expect to have?

2. How does exactly the BGP come into place? Is it just for your internal private network connectivity within MPLS network or is it also including Internet access with the ISP?

3. How does your internal private network connectivity currently look like? Do you have some kind of site-to-site IPSec VPN between main offices and remote offices? Or else?

reply to Teezee
Hey guys!

Thanks for the heads up on things. Nosx oh Nosx!! i know i can always count on you to say something useful.....i appreciate bro, now if i say i wasn't expecting you to say a word ARYOBA! i am lying truth be told, i was hoping to get some words from you too!! I could remember hitting this blog first time and you really helped me with concept of design that i am using presently on my network and ever since then, its been a bliss and wonderful challenges coming up ma way in the world of Cisco. Thanks Aryoba!!

Now to ans your questions ARYOBA.

1. My boss expect that i come up with this design into play to support our present network need. Matter of fact the device i mean R2 and ASA are coming in on Monday the 19th. I should be getting all dirty with configuring them!! in other words ma hands are really getting itchy for that!! He's actually expect that the routers would do load balancing for now and route information across the internet, while the ASA does what's best known for...securing the network i mean with the AIP-SSM10 on it!! i know i am way heads on with that baby!!! Presently on R1 i have EZ VPN on it....i intend pushing it down to the ASA and most likely have a s2s later in the year configured on it to other branch offices.

2. The BGP is not for my internal network alone, we do have some other branches in some other Geo-political zone and we are thinking of building a 1 network scenario. Meaning have all the branches talking together and having one source of information from the expected data center we would be choosing. So that's where the BGP & MPLS bleeds into the look of things. The both would be across my network and other branches along side the ISP's.

3. I guess i have answered the 3rd question up....s2s is coming up really soon but for now what i have is EZ VPN! but having a bit worries about the GLBP i intend configuring for load balancing! i know i can configure a static pat on the router to open up ports for the ASA with EZ VPN on it....but since GLBP uses round robin to send packets across to the routers, my worries would be just incase it sends a return packet to R2, that means my connection is toast!! like i said i am just trying to ahead....but what do you think yourself?

Thanks for taking our time to read these....i do appreciate!

reply to Teezee
The ASA cannot do load balancing across two WAN connections—so unless you’re doing BGP with those two ISPs, you’re SOL here.

reply to Teezee
If this were a flat LAN, the ASA and the two routers, and the routers were doing the heavy lifting
(ie. NAT, VPN), put the ASA in transparent mode, run HSRP between the LAN interfaces of R1 and R2
tracking on the status of the corresponding WAN interface of the router. BGP could almost be an
afterthought, but this would depend how reliable the info is from your boss.

If you don't want the ASA in transparent mode, then this would allow you could have an OSPF or EIGRP
neighbor relationship between the ASA and the LAN interfaces of R1 and R2's LAN interfaces. I'd have
to doublecheck the exact configs again, but one of the clients I support has this as a standard layout
at all their locations and runs HSRP in their core/dist -- where you have R1 and R2 now -- and based
on the status of the neighbor relationship and HSRP status will determines which telco (two independent
international carriers) user traffic will go out. Gives one alittle less control traffic-wise,
but at least it doesn't leave you playing too many guessing games with the configs.

Just my 00000010 bits.

@Bink
True as the ASA can only do failover between two providers, but if Teezee has management and access to
both R1 and R2 locally, then this is kind of a moot point.

Regards

While its true that the ASA isnt going to do the load balancing desired, R1 is still be able to send traffic to R2 if R2 has a better path, but if R1 and R2 have the same path (ex both only have default outbound) whoever recv's the packet from the ASA is going to send the packet to the WAN which would effectively put it into an active/standby setup.

Edit: its also 3am, go to bed hellfire.

reply to Teezee
More questions to clear up the air

1. How is routing in place between R1 and ISP1? Is it just static route? Or is there dynamic routing in place?

2. How will routing be between R2 and ISP2? Would it be just static route? Or would there be dynamic routing in place?

3. Are there routers or Layer-3 switches within the LAN behind the ASA? If not, will there be plan to have them?

4. How will your MPLS provider deliver their service to your network? Will they just drop muxes or will they also drop their managed-routers or switches at your location?

5. What type of cable will your network receive from the MPLS provider? Would it be SC or LC (fiber)? Coax (DS3/E3)? Copper (T1/E1)? Ethernet hand-off? Or else?

Guys!

I am so overwhelmed at your suggestions, thanx everyone! Sorry it's sunday and i needed to take some time off the pc and get some rest! though didn't that much! but the little i did i'm greatful to God for it! So sorry i am responding rather late!

@ Hell, i am still wondering what inspired that name for you? Sure do cisco gears go thru a lot with you Hell! I don't have a Flat LAN, i do have a structured network of 7 VLANS, i do have 2 core switches so to say 3750 & 3560. These duo do inter-vlan routing and also enabled RIP v2 on them and also L3 ether-channel cos they span over 2 buildings. HSRP is not much of what i would want to use though! i think i'd like the idea of GLBP! But hey i am still at the concept stage! i might just take a good look at your suggestion and see which would not b more of a config overhead for me! I guess something we all love to keep it simple and straight forward cos of some other persons!

@ Nosx! thanx for the heads up again! Your suggestions is well taken and would consider!

@ Aryoba! you know it's as if you ma virtual angel hehehehe

I must say i love your sense of direction! you making me to see things from a more tech point of view! to ans your ?s!

1. Its a static Route btw R1 and ISP1 out bound, in bound presently it does RIP v2 btwn it's self (R1)and 3570 & 3560 that does inter-vlan routing for ma 7 vlans i have.

2. Static but for now i haven't brought it into the full scheme of my network, definately would this week.

3. Yes yes yes! i guess from the ans to que1 you'd know! More heads up on design plans would really be appreciated!

4. For this much i can say! on the bigger picture of MPLS coming into ma network, we currently have just sent and RFP to vendors aka (SERVICE PROVIDERS) and awaiting their response and design plan! So for now, i am just trying to get my inhouse neat and tight enough just before they come in to suggest anything with regards to MPLS coming into my network. But my guess about things would be them dropping off a their managed-routers or we(my company) might provide that. I can't say that much not until end of this month. I'd be able to say! Hope that xplains a lot!

5. For now, ISP2 is a copper thing..... ISP1 is a Fiber but gets into ma end as a Radio microwave link!

I do hope i've ansd your question very well? please let me know if you need more infos! i'd sure be glad to let you know more!

But in all guys i do appreciate your time out putting heads alongside with me to get this design concept all clear! I appreciate!

Regards
Teddy

reply to Teezee
Never done or seen GLBP before outside of Netacad, so maybe it's just the conservative in me to
stick with what I know

Something I'm also curious about is why you're using RIPv2 and not something like OSPF or EIGRP? Is
there a specific technical reason, or is it again sticking with the known / what works?

Regards

Hell oh Hell kinda dig reading from you! it's all good. GLBP is something i think you'd love to see in action really. It's something redundancy protocol that Cisco created that i'd say i love the idea. Now for me i chose to call GLBP BGP Jr, see the similarity in the name, i mean just take off the L in GLBP and flip the G in btwn the B&P. It works just like BGP but on a much more lower scale.

In ma case, i'll have the two routers active at the same time unlike what i'd have when i do HSRP....one is going to be active and the other standby! They both would be active and participate in handling packets in and out of my network to WAN. 1 would be the AVG Active Virtual Gateway which is the master and the other AVF Active Virtual Forwarder which is more like the standby but difference is, it also receives packets and sends it out!, when the master fails, it kicks in immediately to become the AVG. Although similar commands to HSRP but great difference in concept of work. I'll tell ya this, you'd love it when you xperience it!

As to why i am using RIP v2 instead of EIGRP or OSPF, i am looking at it from this perspective that i have rather a small network of just 190 computers and i am xpecting it to get 250 within the next couple of months, but with the project i have at hand now, believe me, i am really considering it now to scale up to EIGRP or OSPF since it's an all cisco network i have! and from much i have gathered, other branch offices coming on board same project are using all cisco gears too! So i am giving it a good rethink.

Thanks for asking and i hope this been informative to you! would look our for more question from ya!!! Cheers mate!

Teddy

reply to Teezee

reply to Teezee

said by Teezee :

Hell oh Hell kinda dig reading from you! it's all good. GLBP is something i think you'd love to see in action really. It's something redundancy protocol that Cisco created that i'd say i love the idea. Now for me i chose to call GLBP BGP Jr, see the similarity in the name, i mean just take off the L in GLBP and flip the G in btwn the B&P. It works just like BGP but on a much more lower scale.

In ma case, i'll have the two routers active at the same time unlike what i'd have when i do HSRP....one is going to be active and the other standby! They both would be active and participate in handling packets in and out of my network to WAN. 1 would be the AVG Active Virtual Gateway which is the master and the other AVF Active Virtual Forwarder which is more like the standby but difference is, it also receives packets and sends it out!, when the master fails, it kicks in immediately to become the AVG. Although similar commands to HSRP but great difference in concept of work. I'll tell ya this, you'd love it when you xperience it!
Teddy

reply to Teezee
Aryoba!

I was xpectin to read your reply. I guess i don't have a choice but brace up for the big challenge taking on the world of BGP. I am kinda excited about this really! Like you said i gat a big project coming up! This is the first of it's kind i am dealing with and willing to back on the experience that comes outa this. Like you know there's always first time to everything!!! after which one gets use to things!

On your 2 reply what do you suggest i do, if you don't mind i'd love to pick your brain a lile, if you were in ma shoes what would be your best practice to do with regards to the design i have!

Oh yeah i just finished rack mounting the ASA i mentioned earlier...it just gat in some hours ago!! So just asking....going by my diagram, what mode would you best advice i configure the ASA considering it has the IPS module in it?

Hope to read from you real soon!

Cheers
Teddy

reply to Teezee
»www.cisco.com/en/US/tech/tk365/t···2c.shtml

Something you may find useful that I found while trolling the Cisco.com site, Teezee. Makes for good reference material.

One thing of note is transparent knocks back alot of your L3
functionality, like routing protocols and VPN termination. Read
the ASA/PIX transparent guide for full details.

Regards

Howdy Guyz!

Hell and Aryoba! i am so so ever greatful for the tips and bits given to me! thanks alot guyz!

I've been busy doing some other stuff should have replied way b4 now but, gat swamped with lots and lots of work. I heard all you have to say....would put them into consideration while drawing up ma plans and design!

I appreciate. Do have a wonderful week ahead and be sure i'd buzz you'all when there's a need for it! Thanks guys you guyz are the best!

Cheers mates
Teddy