dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
5867
share rss forum feed


Adamyipitc

@xo.net

Cisco 2811 or 2911 or something else for dual-WAN bgp

I'm about to set up a network with two WAN connections, probably a 20Mb EoC and a bonded T1 (3Mb). I'd like a real setup (ASN, BGP) so that failovers and balancing are painless.

My experience with low-end round robin load balancing or active-passive failover is poor, which is why I'd like real BGP.

It looks to me like the 2911 is the best solution. Anybody have thoughts on this?

This will be for 25 very active users and 5 VOIP lines and one VPN connection that we'd like to be able to handle 10Mb without being hardware/software constrained.

Our vendor suggested a 2811 but I think that's just institutional momentum. Do you think a 2811 (or something from the 28xx series) is a bad idea? HP or Juniper good alternatives? We are not price sensitive.

Also, any suggestions on modules for the router? I presume that I will connect an external 48 port switch, but is there a different approach?



tubbynet
reminds me of the danse russe
Premium,MVM
join:2008-01-16
Chandler, AZ
kudos:1

most providers won't even talk bgp with you unless you go for a /24 from them. if you're wanting diverse carriers -- some isps require you to have your own allocated space.
good luck with that.
when you recover for the price from your providers/arin/et al -- get back to us.

My experience with low-end round robin load balancing or active-passive failover is poor, which is why I'd like real BGP.

you're doing it wrong.
i've set up several networks with such balancing -- even active/active. the only issue is continuity of business services (vpn, nats, etc). depending on your business requirement for such functions -- the cost for a netblock may be worth it. thats a cost benefit analysis left up to the reader.

q.
--
"...if I in my north room dance naked, grotesquely before my mirror waving my shirt round my head and singing softly to myself..."

Bink
Villains... knock off all that evil

join:2006-05-14
Castle Rock, CO
kudos:4
Reviews:
·VOIPO
reply to Adamyipitc

Second tubbynet See Profile’s recommendations—particularly when you talk about 25 “users.”

Unless you have a /24, no one wants to hear your BGP—and even then some don’t care about something as small as a /24.


nosx

join:2004-12-27
00000
kudos:5

1 recommendation

Given the requirements your organization is simply not large enough for global IP multihoming which require PI address space & a registered ASN, you would be much better off with 2 connections with diverse paths to edge routers in different POPs from the same provider. They will give you PA space you can advertise out both connections and use much in the same way without a registered ASN or PI allocation.

As far as the router goes, I would look at the ISR G2 attachment in this thread: »Re: Metro Ethernet: 2821 vs. 2921 router
It would indicate that the 2911 would be acceptable for your performance and feature requirements.



Adam

@rr.com

My vendor is saying 2811. Thanks for the advice.



Adam

@rr.com

If you all think that BGP isn't feasible, what's the best active-active solution?

In response to the VPN issue, we do have a long lasting VPN connection that we use heavily and I'd prefer to not have major outages based on failover (although an outage for a few minutes every few weeks is fine).


HELLFIRE
Premium
join:2009-11-25
kudos:18
reply to Adamyipitc

2811 @ ~23Mbps w/ serivces may be pushing it... plus how big a BGP table are you planning on taking?
I'd definately get as much RAM as you can if you're thinking of taking full BGP tables.

Is the VPN site to site, remote VPN, or a mix? How many tunnels?

Considering the somewhat low(er) opinion I've heard from ppl in this forum with 28x1 gear under load, I'd lean
towards the 29xx if you can get and afford it.

Just my 00000010 bits.

Regards



Adam

@rr.com

I'm pretty convinced that the 29x1 series is the way to go at this point.

The VPN is site to site (to Amazon, our data center) and probably won't have more than 10-15 tunnels up at any given time.

I should have been more clear before. We're a company growing from 4 last year to 15 right now to hopefully 25 in 6 months to hopefully 40+ in a year. We're looking for expandability and a high quality presence. As a Python developer with a team of 10 other developers and 5 business people, we're not interested in anything half-a$&ed.

We spend $3k/month on datacenter costs right now and $20k/month in rent and our payroll costs are $10k/business day so a few thousand dollars extra per year to reduce downtime by even an hour over that year is worth it.


sk1939
Premium
join:2010-10-23
Mclean, VA
kudos:10
Reviews:
·T-Mobile US
·Verizon FiOS
reply to Adamyipitc

Peering with an ISP is a horrible idea for so few users, mostly because of lack of need, and that it is not cost efficient. Many of my clients with dozens to hundreds of clients don't even peer, and we're talking about pipes into gig range. As tubby said, you need to get your own IPv4 range (and a large enough one at that), which will be hard since there is a premium on them due to the fact that we are out of them globally, as well as the equipment that can handle it.

Best active/active would be dual Metro-E (different providers) and at least a Cisco 2921 or Juniper J2320/SRX 3XX.

Bonded T1 is too expensive to use as primary net access, specially for the speed. If your going to stick with bonded T1, I would think thatyour using a portion of it for voice traffic as a trunk line for voice.

Connecting it to a switch is the best way to go about it, but there should be a firewall/ips/ids between them.

Edit: How do you have $20k a month in rent? Must be an expensive area.



Adam

@rr.com

@sk1939 thanks for the specifics - much appreciated.

Heh, midtown rent and we have to sign a 2 year lease so the space needs to be big enough for 40 ...

Frankly, I'm having alot of fun with the network stuff. It's been probably 7-8 years since I dealt with these things.

Correct me if I'm wrong but if I get two Metro-E connections from two providers, won't that still be over the same Verizon physical infrastructure and therefore I'm hardly getting any increased redundancy except for the hardware on either end which probably never goes down?

Maybe the best solution is:

1 10Mb fiber for 1k
1 20Mb MetroE for 1k
Cisco 2921 or Juniper SRX 3XX for $2,500

Would a low-end Time Warner 5 up/50 down make sense instead of one of the other lines since we've already knocked down bgp?

If we're down for a solid hour every 6 months, it's not a big deal. My bigger concern is little 10 minute outages every month.


HELLFIRE
Premium
join:2009-11-25
kudos:18
reply to Adamyipitc

For dual provider (no BGP), the general setup I've seen is a primary circuit -- MPLS, private line,
fractional-Tx / Ex, and a backup line -- usually cable or DSL, with some sort of failover mechanism,
triggered manually or automatically, when a link takes a hit. The actual circuit type you get really
depends on the business need and expected SLA.

In IOS, you can use a combination or routing, OER and/or IP SLA to facilitate this.

Regards


aryoba
Premium,MVM
join:2002-08-22
kudos:4
reply to nosx

said by nosx:

Given the requirements your organization is simply not large enough for global IP multihoming which require PI address space & a registered ASN, you would be much better off with 2 connections with diverse paths to edge routers in different POPs from the same provider. They will give you PA space you can advertise out both connections and use much in the same way without a registered ASN or PI allocation.

With redundant Internet circuits of diverse path/POP to the same Internet provider, you still can do BGP with smaller subnet than /24. The /24 or larger subnet requirement is typically only for multiple Internet providers.

aryoba
Premium,MVM
join:2002-08-22
kudos:4
reply to Adam

said by Adam :

Correct me if I'm wrong but if I get two Metro-E connections from two providers, won't that still be over the same Verizon physical infrastructure and therefore I'm hardly getting any increased redundancy except for the hardware on either end which probably never goes down?

I'm assuming you are talking midtown Manhattan with Verizon as LEC. Yes, you still use Verizon infrastructure regardless of ISP you pick. However with diverse POP, each of your circuits terminate on different location or building where each POP could be power fed from different power plant. Depending on how far you want of the redundancy, you could also have redundant muxes and redundant fiber run within your building.

aryoba
Premium,MVM
join:2002-08-22
kudos:4

1 edit
reply to Adam

said by Adam :

If you all think that BGP isn't feasible, what's the best active-active solution?

What you could also consider is to partner up with data center/co-location solution company. You may want to have redundant circuits from your building to different data center building of the same solution company. The company then will take care of redundant Internet connection using BGP for you.

The advantage of using this kind of solution company is that you don't need to have your own subnet or your own AS when you need to run BGP with Internet provider. Typically this kind of solution company already has established redundant BGP infrastructure with various Internet provider where they have their own BGP AS, peer with major (Tier-1) Internet providers, have large subnet blocks for Internet connectivity, and have good relationship with LEC such as Verizon in your area to speed up any local loop build issue. The company provides this established infrastructure for all of their clients so that the clients don't need to build their own redundant Internet infrastructure or even worry about it.

In other words, yes you still have good active-active solution with BGP however you don't to build your own BGP Internet solution since the company provides it for you with typically lower price and specially less headache.

Further, this kind of company typically has expertise of consulting, managing, and high level of ISP/telco leverage should there any issue or concern with network connectivity. They may provide you with managed firewall/security in their cloud, quick resolve of any circuit issues, and be high-valued partner to your company so that you don't have deal with hurdles when it comes with ISP, circuit issue, or any network concern in general.

sk1939
Premium
join:2010-10-23
Mclean, VA
kudos:10
Reviews:
·T-Mobile US
·Verizon FiOS
reply to Adam

Mid-town is killer for rent.

As aryoba said, it could be the same, or it could be different. You would have to talk to the provider for that.

The most cost effective solution would be the routers listed, a Metro-E link, and cable with static for backup/failover.

If money were no limit, then the fiber/Metro-E would work.



mikeeo
Premium
join:2000-03-12
Newark, DE
reply to Adam

said by Adam :

My vendor is saying 2811. Thanks for the advice.

I'd get a new vendor because the 2811 is EoS/EoL.

And if your internet presence requires BGP redundancy then it will be quite easy to get a /24.

Make sure you get a 3900 series if you want to take more than a default route from your providers...

adamn

join:2011-08-22
New York, NY

said by mikeeo:

I'd get a new vendor because the 2811 is EoS/EoL.

I agree. I've decided to go with XO who will supply 20Mb EoC and a T1 - they'll allow BGP with an ASN they'll give me.

The router will be Juniper SRX 220 or 240 (not sure yet) with an extra EX series switch.

If I decide to get fiber, that will replace the T1. Cable won't allow BGP so it's not an option.


chris
Poor Impulse Control
Premium
join:2000-08-13
Middletown, CT
reply to HELLFIRE

said by HELLFIRE:

2811 @ ~23Mbps w/ serivces may be pushing it... plus how big a BGP table are you planning on taking?
I'd definately get as much RAM as you can if you're thinking of taking full BGP tables.

Is the VPN site to site, remote VPN, or a mix? How many tunnels?

Considering the somewhat low(er) opinion I've heard from ppl in this forum with 28x1 gear under load, I'd lean
towards the 29xx if you can get and afford it.

Just my 00000010 bits.

Regards

I would never do full table with something this small - default route only.

sk1939
Premium
join:2010-10-23
Mclean, VA
kudos:10
reply to adamn

The SRX240 is a nice router, and should work well for your needs.