Transcription
BGP Multihoming&Failover using VRRPHani Rahrouhhr@wirelessnetware.caFirst Canadian MUMOctober 19th, 2015Montreal, CanadaNETWIRE.CA
About me Hani Rahrouh MikroTik Certified since 2008 MikroTik Consultant MikroTik Certified Trainer Since 2011 ining/partners/northamerica/canada MikroTik Distributor @ www.netwire.ca
Come to our free MikroTikworkshops and EventsCome join us for free workshop.We know MikroTik RouterBOARDs and RouterOS, sowe can answer all your questions and help you learnmore about the things you’re interested in.www.wirelessnetware.ca
OverviewFully redundant fault tolerant internetconnectivity BGP Multi-homingWhy Multi-home?How to Multi-home?Dynamic Failover using VRRPManual FailoverMonitoring
Everything aboutreliability and redundancyNETWIRE.CA
Two of everything
VRRPNETWIRE.CA
Redundant Router(GW)Virtual Router Redundancy Protocol (VRRP)
Gateway FailedRedundant gateway!
Is VRRP a good idea whenwe have connection-trackingenable on the routers!
Problems ARPTraffic originated by a VRRP cluster uses a Virtual MAC address of the form00-00-5e-00-01- VRID . Connection-Tracking Gateway failed
Redundant GatewayBGP Multi-Homing
Why Multi-home andWhy would I want it?It’s all about:Redundancy ”Fail-over”DiversityReliability
Why Multi-home?Redundancy ”Fail-over”One connection to internet means the networkis depend on: Local Router (Configuration, RouterOS andRouterBOARD) WAN Media (physical failure, carrier failure)
Why Multi-home?Reliability Business critical applications demandcontinuously availability Lack of redundancy implies lack of reliabilityimplies loss of revenue
Problems Connection tracking is unable to keep validtrack of connections with multi-homed BGPARP Table Refresh periodsClient gateway failureDowntimeHardware failure
Fully redundant fault tolerant internetconnectivity
ProviderCoreDistributionAccess?
Multi-homing DefinitionMulti-link “ External” to local network Two or more link to the same ISP Multiple Interfaces, Single IP address perinterfaceTwo or more link to different ISPs
Best path selection Lowest MED (default 0) Prefer the route with lowest router ID orORIGINATOR ID
MainBackupTwo or more link to the same ISP Multiple Links, Single IP address (space) Multiple Links, Multiple IP address (spaces)
How to Multi-home Basic Multihoming Multi-home with the same ISP
Basic MultihomingMulti-homing to the same ISP(One as backup only) Use private AS (AS 64511) There is no need for public ASN AS100 “ the provider AS” removes private AS andany customer sub-prefixes from internetannouncement
Two link to the same ISP Announce /24 aggregate on each linkMain link network: announce /24Backup link network: announce /24 withincreased metric When one link fails, the announcement of /24 aggregate via the backup link ensurecontinued connectivity.
Two link tothe sameISPMain Router Configuration
Two link to the same ISP132
Two link to the same ISP142 Lower metric is preferred Exchanged between AS and used tomake decision inside that AS, notpassed to third AS. Ignored if received from different ASs3
Two link to the same ISP12Used to hint an externalneighbour about pathpreference into an AS3
Two link tothe sameISPBackup Router Configuration
Two link to the same ISP123
Two link to the same ISP142 Lower metric is preferred Exchanged between AS and used tomake decision inside that AS, notpassed to third AS. Ignored if received from different ASs3
Two link to the same ISP12Used to hint an externalneighbour about pathpreference into an AS3
D- DynamicA- Activeb- BGPMED 50Main interfaceD- Dynamicb- BGPBackupinterface
VRRPEnable VRRP configurationon Core layer network
VRRP Setup on main Router2314NETWIRE.CA5
VRRP Setup on backup Router213NETWIRE.CA4
Main RouterFailedBackup Router
Problems Router crash!Interface failure
SolutionsMonitoring E-mail notificationSMSAccess RouterNETWIRE.CA
Access Router
The-DudeThe Dude is free of charge!
Question?
Enjoy!
BGP Multihoming & Failover using VRRP Hani Rahrouh hr@wirelessnetware.ca First Canadian MUM October 19th, 2015 Montreal, Canada. About me . Basic Multihoming Multi-homing to the same ISP (One as backup only)
