dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
1175
share rss forum feed

lildevil

join:2003-04-28
West Lafayette, IN

[Config] multihoming and full internet routes

Typically when I bring in a second circuit to a site I do an active/standby setup (I use HSRP for the 2 routers and weight one for primary and then prepend my subnets so outside customers come in the same provider my outgoing traffic is).

What happens when you take on full internet routes from both providers and the routers decide which provider is best for outgoing? Do you still prepend so that incoming traffic should always come in through one provider? How would this impact return traffic in either direction?



TomS_
Git-r-done
Premium,MVM
join:2002-07-19
London, UK
kudos:5

The short answer is: you cant force people to send traffic to you the way you want them to. You can try, and then they might figure out how to get around it.

The slightly longer answer is: everyone has the ability to tune their network and routers to route traffic the best way for them - hot potato, cold potato, least cost, lowest latency, etc. This may be contrary to what is "best for you". Perhaps your best bet is to try and work with your upstreams to find out what their communities are for depreferencing routes within their network and out to their upstreams. Most providers have a list of communities, some publish them and others dont, that allow you to do a little tweaking within their network and towards their upstream providers.

Welcome to the world of traffic engineering.

As for outbound, you can certainly influence how traffic should be routed out, since you control your side of the network. Use a route-map to apply a higher local pref (default is 100) to routes received from your preferred outbound path, and as long as that path is up, you'll always be routing out that way. If it goes down, you fail over to the next highest local pref (which in your case would be your second provider.)

But in this case, are full feeds really worth it? I mean, if you are only trying to prefer a single outbound link, why not just take a default route from each of your providers, and weigh one down using the local pref trick above? Is there a specific reason for taking full feeds?

edit: a nice little write up I found about local pref tweaking: »evilrouters.net/2009/03/07/using···routing/


aryoba
Premium,MVM
join:2002-08-22
kudos:4

Having full BGP routes from each ISP is preferred in order to decide which ISP provides the best path outbound to the destination. Default route hides the actual BGP path hence you are only one-sided vision of the (primary) ISP.

In regards of BGP, I always prefer longer/shorter prefix announcement such as advertising 1.1.1.0/24 on the primary ISP and advertising 1.1.0.0/23 on the backup ISP. This way I'm always sure that the primary ISP is primary path while the backup ISP is backup ISP.



TomS_
Git-r-done
Premium,MVM
join:2002-07-19
London, UK
kudos:5

said by aryoba:

Having full BGP routes from each ISP is preferred in order to decide which ISP provides the best path outbound to the destination. Default route hides the actual BGP path hence you are only one-sided vision of the (primary) ISP.

Yes, that much I understand. But if all you are trying to do is route out of one link at any one time, full routes are pointless because you dont gain anything from having them.

If, as you say, you have multiple providers and you want to pick the provider that gives you the best path to any given prefix, then yes, full tables all the way because you need that granularity.

But in the OPs case it seems kind of unnecessary.

cramer
Premium
join:2007-04-10
Raleigh, NC
kudos:8
reply to lildevil

I have complete control over how traffic leaves my network. I have little, if any, control over how things enter my network. The only real control you have is through the announcement(s) of your prefix(es) -- if you announce X/19 to only one provider, that's where all the traffic is going to come from.

(BGP load balancing in this manner has a small warehouse of problems... not the least of which is how often you can move the route -- ala. flap dampening, which is something Radware [Peer Director] never understood... their age old DNS trickery works like a charm, even today.)



Da Geek Kid

join:2003-10-11
::1
kudos:1
Reviews:
·Callcentric

said by cramer:

I have complete control over how traffic leaves my network. I have little, if any, control over how things enter my network. The only real control you have is through the announcement(s) of your prefix(es) -- if you announce X/19 to only one provider, that's where all the traffic is going to come from.

(BGP load balancing in this manner has a small warehouse of problems... not the least of which is how often you can move the route -- ala. flap dampening, which is something Radware [Peer Director] never understood... their age old DNS trickery works like a charm, even today.)

Actually, Entering and exiting should be completely in your control. if you are using it as a passive/active than all traffic flow to one. If you have an active/active as in load sharing than it makes no difference since the network should be aware where the traffic has entered.

your response of not knowing how a traffic is entering your network would create an async path which for some apps cause a havoc.

cramer
Premium
join:2007-04-10
Raleigh, NC
kudos:8

...would create an async path which for some apps cause a havoc.

Then never look at how traffic flows around the internet today -- hint: there's a lot of asymmetry in the world. (also, given some ISP networks, packets A and B, sent back-to-back, may follow different paths; that really can cause problems: packets arriving out-of-order.) Asymmetric forward and reverse paths rarely breaks anything -- in 99.999% of cases, you don't even know it's happening.


Da Geek Kid

join:2003-10-11
::1
kudos:1

lol, oh come on... duh! I'd like to know of an ISP who only has two ways out of the network from the same location... lol



TomS_
Git-r-done
Premium,MVM
join:2002-07-19
London, UK
kudos:5

1 recommendation

»images1.wikia.nocookie.net/__cb2···palm.jpg


lildevil

join:2003-04-28
West Lafayette, IN

1 edit
reply to lildevil

Thanks. I didn't mean to say that I'm only preferring one path. Thats what I'm doing currently in an active/standby setup. If it take on full routes then I'm essentially making both of my providers active/active. So lets say my Site takes ISP A to get to some other ISP Y and ISP B to reach ISP Z. How would you configure advertisements of your own prefixes in this case? Does it matter?

To answer about why its needed in this situation my company has a lot of internet facing applications that connect out to resources around the world and vice versa there are client apps out there that connect back to resources in my site. Hence I felt that turning up full routes from multiple providers will "enhance" the experience.



TomS_
Git-r-done
Premium,MVM
join:2002-07-19
London, UK
kudos:5

2 edits

In that case I would just announce them to both ISPs equally without any tweaking, and let the remote networks determine the best way to get back to you.

Tweak only when absolutely necessary. You can try prepending if things are really unbalanced (once maybe twice to the ISP with the most traffic.) This might help to even things out by making your busiest ISP look like a longer path, and most people probably arent trying to be too smart and just leaving BGP to its vices for the most part, but you can never guarantee that someone wont try and out smart you.

What you say makes perfect sense, and is the precise reason you should take full routes - to get a granular view of the Internet so you can choose the best path out.

Just make sure that both of your routers are sharing BGP routes between them and that the BGP table is used to determine how to get out of your network (i.e. dont redist into OSPF etc which is just blegh anyway, form an iBGP mesh inside your network) and your network should choose the right way out.

Re prepending, this is where BGP communities can come in handy. Your ISPs probably have some, or maybe they can do something for you... Most offer the ability to prepend to certain upstreams, so if you can work out that via ISP A, most traffic is comming in through their upstream A, you can tag your routes with a community that instructs their routers to prepend their AS to routes they announce to upstream A. This can help you fine tune a bit more, since if you announce a longer path, everyone sees a longer path, but it may be that you only need a certain upstream of your upstream to see a longer one... if that makes sense...

edit: also be really careful about how you go about advertising your prefixes out. Ive seen it happen a couple of times where someone announces all of the routes they leared from one upstream to their other upstreams, and they just accept it, making you a transit AS which is really bad when you shouldnt be one.

Be very explicit with your outbound prefix filters to only allow your prefixes out. Any decent provider should filter any given customers incoming routes to only allow the ones they should be advertising, but sometimes things are overlooked.

Most recent example I can think of is an Australian ISP called Dodo announcing Optus routes to Telstra, and Telstra believing them. It went pretty pear shaped for a little bit, practically taking Telstra off the air...


lildevil

join:2003-04-28
West Lafayette, IN

Thanks very much! Yes I will be very granular with my outbound advertisements and I am running IBGP between the two routers. As far as IGRP routing behind the routers I'll prob wont do that but just make a HSRP address between the two routers and have my ASAs static route point to that.



TomS_
Git-r-done
Premium,MVM
join:2002-07-19
London, UK
kudos:5

You should probably just announce your entire subnet as a single aggregate. At they very worst, a series of /24's, but only if theres a good reason you need to do it.

De-aggregation is frowned upon by some, and most networks wont accept anything smaller than a /24 from their upstreams.


aryoba
Premium,MVM
join:2002-08-22
kudos:4
reply to lildevil

said by lildevil:

Thanks very much! Yes I will be very granular with my outbound advertisements and I am running IBGP between the two routers. As far as IGRP routing behind the routers I'll prob wont do that but just make a HSRP address between the two routers and have my ASAs static route point to that.

When you set the iBGP between the router, make sure you also consider the NEXT_HOP to avoid routing confusion between the two routers. This means that one router has to know the other router's NEXT_HOP to reach either ISP to verify a adequate iBGP relationship.


TomS_
Git-r-done
Premium,MVM
join:2002-07-19
London, UK
kudos:5

Theres a good write up about handling BGP next hop here:

»blog.ioshints.info/2011/08/bgp-n···ing.html

There are a couple of ways to handle it, seemingly with their own pros and cons.


lildevil

join:2003-04-28
West Lafayette, IN
reply to lildevil

Thanks for the link.

One followup question if anyone knows... how do you multihome with a carrier like Internap or Inteliquent who multihome themselves to multiple ISPs? Can you still pull "their" full routes?


aryoba
Premium,MVM
join:2002-08-22
kudos:4

Getting full BGP tables from ISP and BGP multihome are mutually exclusive issues. Getting full routes (in this case getting full BGP tables) simply means that you receive unfiltered BGP table from the ISP where the ISP simply dumps all BGP NLRI off their table to yours without special treatment. BGP multihome means that you peers (eBGP peers) with multiple providers (in this case, multiple ISP) with the intent to get the best path to certain destination.

With that in mind, you can still receive full Internet routes simply by peering with one ISP. However you should receive better path selection through ISP 2 to reach their customer (direct peers) instead of going through ISP 1 assuming the customer only peers with ISP 2, hence the whole idea of BGP multihome.


jh2010

join:2009-09-03
Brooklyn, NY
reply to lildevil

The Full Internet Routing table is a waste of memory unless you have a lot of ISP connections.

You are better off with having your ISPs send you a default route and their Directly connected AS Networks. You can go to two or three AS hops if you really want to.

This way you can use the best path for close Networks(One or two AS'es away) and just use the default route for other Networks. You don't really care about Networks that are several AS'es away(BGP generally routes on least AS hops for best path).