Transcription
BGP MultihomingISP/IXP WorkshopsCisco ISPWorkshops 2005, Cisco Systems, Inc. All rights reserved.1
Why Multihome? RedundancyOne connection to internet means the networkis dependent on:Local router (configuration, software,hardware)WAN media (physical failure, carrier failure)Upstream Service Provider (configuration,software, hardware)Cisco ISPWorkshops 2005, Cisco Systems, Inc. All rights reserved.2
Why Multihome? ReliabilityBusiness critical applications demandcontinuous availabilityLack of redundancy implies lack of reliabilityimplies loss of revenueCisco ISPWorkshops 2005, Cisco Systems, Inc. All rights reserved.3
Why Multihome? Supplier DiversityMany businesses demand supplier diversity as amatter of courseInternet connection from two or more suppliersWith two or more diverse WAN pathsWith two or more exit pointsWith two or more international connectionsTwo of everythingCisco ISPWorkshops 2005, Cisco Systems, Inc. All rights reserved.4
Why Multihome? Not really a reason, but oft quoted Leverage:Playing one ISP off against the other for:Service QualityService OfferingsAvailabilityCisco ISPWorkshops 2005, Cisco Systems, Inc. All rights reserved.5
Why Multihome? Summary:Multihoming is easy to demand as requirement of anyoperationBut what does it really mean:In real life?For the network?For the Internet?And how do we do it?Cisco ISPWorkshops 2005, Cisco Systems, Inc. All rights reserved.6
Multihoming Definition More than one link external to the localnetworktwo or more links to the same ISPtwo or more links to different ISPs Usually two external facing routersone router gives link and provider redundancyonlyCisco ISPWorkshops 2005, Cisco Systems, Inc. All rights reserved.7
Multihoming The scenarios described here applyequally well to end sites being customersof ISPs and ISPs being customers of otherISPs Implementation detail may be differentCisco ISPWorkshopsend site ISPISP controls configISP1 ISP2ISPs share config 2005, Cisco Systems, Inc. All rights reserved.8
AS Numbers An Autonomous System Number is required byBGP Obtained from upstream ISP or RegionalRegistry (RIR)AfriNIC, APNIC, ARIN, LACNIC, RIPE NCC Necessary when you have links to more thanone ISP or an exchange point 16 bit integer, ranging from 1 to 65534Zero and 65535 are reserved64512 through 65534 are called Private ASNsCisco ISPWorkshops 2005, Cisco Systems, Inc. All rights reserved.9
Private-AS – Application ApplicationsAn ISP with customersmultihomed on theirbackbone (RFC2270)-orA corporate networkwith several regionsbut connections to theInternet only in thecore-orWithin a BGPConfederationCisco ISPWorkshops 2005, Cisco Systems, Inc. All rights 193.1.34.0/24B65003193.2.35.0/24A193.1.32.0/22 188010
Private-AS – removal Private ASNs MUST be removed from allprefixes announced to the public InternetInclude configuration to remove private ASNs in theeBGP template As with RFC1918 address space, private ASNsare intended for internal useThey should not be leaked to the public Internet Cisco IOSneighbor x.x.x.x remove-private-ASCisco ISPWorkshops 2005, Cisco Systems, Inc. All rights reserved.11
Configuring Policy Assumptions:prefix-lists are used throughouteasier/better/faster than access-lists Three BASIC Principlesprefix-lists to filter prefixesfilter-lists to filter ASNsroute-maps to apply policy Route-maps can be used for filtering, but this ismore “advanced” configurationCisco ISPWorkshops 2005, Cisco Systems, Inc. All rights reserved.12
Policy Tools Local preferenceoutbound traffic flows Metric (MED)inbound traffic flows (local scope) AS-PATH prependinbound traffic flows (Internet scope) Communitiesspecific inter-provider peeringCisco ISPWorkshops 2005, Cisco Systems, Inc. All rights reserved.13
Originating Prefixes: Assumptions MUST announce assigned address block toInternet MAY also announce subprefixes – reachability isnot guaranteed Current RIR minimum allocation is /21Several ISPs filter RIR blocks on this boundarySeveral ISPs filter the rest of address space accordingto the IANA assignmentsThis activity is called “Net Police” by someCisco ISPWorkshops 2005, Cisco Systems, Inc. All rights reserved.14
Originating Prefixes Some ISPs publish their minimum allocation sizes per /8 lloc.htmlARIN:www.arin.net/reference/ip lRIPE mlNote that AfriNIC only publishes its current minimum allocation size,not the allocation size for its address blocks IANA publishes the address space it has assigned to end-sites andallocated to the RIRs:www.iana.org/assignments/ipv4-address-space Several ISPs use this published information to filter prefixes on:What should be routed (from IANA)The minimum allocation size from the RIRsCisco ISPWorkshops 2005, Cisco Systems, Inc. All rights reserved.15
“Net Police” prefix list issues meant to “punish” ISPs who pollute the routing tablewith specifics rather than announcing aggregates impacts legitimate multihoming especially at theInternet’s edge impacts regions where domestic backbone isunavailable or costs compared with internationalbandwidth hard to maintain – requires updating when RIRs startallocating from new address blocks don’t do it unless consequences understood andyou are prepared to keep the list currentCisco ISPWorkshops 2005, Cisco Systems, Inc. All rights reserved.16
Multihoming OptionsCisco ISPWorkshops 2005, Cisco Systems, Inc. All rights reserved.17
Multihoming Scenarios Stub network Multi-homed stub network Multi-homed network Configuration OptionsCisco ISPWorkshops 2005, Cisco Systems, Inc. All rights reserved.18
Stub NetworkAS101AS100 No need for BGP Point static default to upstream ISP Upstream ISP advertises stub network Policy confined within upstream ISP’s policyCisco ISPWorkshops 2005, Cisco Systems, Inc. All rights reserved.19
Multi-homed Stub NetworkAS65530AS100 Use BGP (not IGP or static) to loadshare Use private AS (ASN 64511) Upstream ISP advertises stub network Policy confined within upstream ISP’s policyCisco ISPWorkshops 2005, Cisco Systems, Inc. All rights reserved.20
Multi-Homed NetworkGlobal InternetAS200AS300AS100 Many situations possiblemultiple sessions to same ISPsecondary for backup onlyload-share between primary and secondaryselectively use different ISPsCisco ISPWorkshops 2005, Cisco Systems, Inc. All rights reserved.21
Multiple Sessions to an ISP Several optionsebgp multihopISPbgp multipathcef loadsharingbgp attributemanipulationAS 201Cisco ISPWorkshops 2005, Cisco Systems, Inc. All rights reserved.22
Multiple Sessions to an ISP– Example One Use eBGP multihopeBGP to loopback addresseseBGP prefixes learned with loopbackaddress as next hopAS 2001.1.1.1 Cisco IOSrouter bgp 65534neighbor 1.1.1.1 remote-as 200neighbor 1.1.1.1 ebgp-multihop 2!ip route 1.1.1.1 255.255.255.255 serial 1/0ip route 1.1.1.1 255.255.255.255 serial 1/1ip route 1.1.1.1 255.255.255.255 serial 1/2Cisco ISPWorkshops 2005, Cisco Systems, Inc. All rights reserved.AS 6553423
Multiple Sessions to an ISP– Example One Try and avoid use of ebgp-multihop unless:It’s absolutely necessary –or–Loadsharing across multiple links Many ISPs discourage its use, for example:We will run eBGP multihop, but do not support it as a standard offeringbecause customers generally have a hard time managing it due to: routing loops failure to realise that BGP session stability problems are usually dueconnectivity problems between their CPE and their BGP speakerCisco ISPWorkshops 2005, Cisco Systems, Inc. All rights reserved.24
Multiple Sessions to an ISPbgp multi path Three BGP sessionsrequiredAS 200ISP limit of 6 parallel pathsrouter bgp 201neighbor 1.1.2.1 remote-as 200neighbor 1.1.2.5 remote-as 200neighbor 1.1.2.9 remote-as 200maximum-paths 3AS 201Cisco ISPWorkshops 2005, Cisco Systems, Inc. All rights reserved.25
Multiple Sessions to an ISP Use eBGP multi-path toinstall multiple paths inIP tablerouter bgp 201ISPDEmaximum-path 1-6 Load share over thealternate pathsAper destination loadsharingAS 201Cisco ISPWorkshops 2005, Cisco Systems, Inc. All rights reserved.26
Multiple Sessions to an ISP Simplest scheme is to usedefaultsISP Learn/advertise prefixes forbetter control Planning and some workrequired to achieveloadsharingCDABPoint default towards one ISPLearn selected prefixes fromsecond ISPModify the number of prefixeslearnt to achieve acceptableload sharingAS 201 No magic solutionCisco ISPWorkshops 2005, Cisco Systems, Inc. All rights reserved.27
Preparing the networkBefore we begin Cisco ISPWorkshops 2005, Cisco Systems, Inc. All rights reserved.28
Preparing the Network We will deploy BGP across the network beforewe try and multihome BGP will be used therefore an ASN is required If multihoming to different ISPs, public ASNneeded:Either go to upstream ISP who is a registry member, orApply to the RIR yourself for a one off assignment, orAsk an ISP who is a registry member, orJoin the RIR and get your own IP address allocationtoo (this option strongly recommended)!Cisco ISPWorkshops 2005, Cisco Systems, Inc. All rights reserved.29
Preparing the NetworkInitial Assumptions The network is not running any BGP atthe momentsingle statically routed connection toupstream ISP The network is not running any IGP at allStatic default and routes through the networkto do “routing”Cisco ISPWorkshops 2005, Cisco Systems, Inc. All rights reserved.30
Preparing the NetworkFirst Step: IGP Decide on IGP: OSPF or ISIS Assign loopback interfaces and /32 addresses toeach router which will run the IGPLoopback is OSPF and BGP router idUsed for iBGP and route origination Deploy IGP (e.g. OSPF)IGP can be deployed with NO IMPACT on the existingstatic routingOSPF distance is 110, static distance is 1Smallest distance winsCisco ISPWorkshops 2005, Cisco Systems, Inc. All rights reserved.31
Preparing the NetworkSecond Step: iBGP Second step is toconfigure the localnetwork to use iBGPBAD iBGP can run onall routers, ora subset of routers, orjust on the upstream edgeFCEAS200 iBGP must run on allrouters which are in thetransit path betweenexternal connectionsCisco ISPWorkshops 2005, Cisco Systems, Inc. All rights reserved.32
Preparing the NetworkSecond Step: iBGP (Transit Path) iBGP must run on allrouters which are in thetransit path betweenexternal connections Routers C, E and F are notin the transit pathStatic routes or IGP willsufficeBADFCEAS200 Router D is in the transitpathWill need to be in iBGPmesh, otherwise routingloops will resultCisco ISPWorkshops 2005, Cisco Systems, Inc. All rights reserved.33
Preparing the NetworkLayers Typical SP networks have three layers:Core – the backbone, usually the transit pathDistribution – the middle, PoP aggregationlayerAggregation – the edge, the devicesconnecting customersCisco ISPWorkshops 2005, Cisco Systems, Inc. All rights reserved.34
Preparing the NetworkAggregation Layer iBGP is optionalMany ISPs run iBGP here, either partial routing (morecommon) or full routing (less common)Full routing is not needed unless customers want full tablePartial routing is cheaper/easier, might usually consist ofinternal prefixes and, optionally, external prefixes to aidexternal load balancingCommunities and peer-groups make this administratively easy Many aggregation devices can’t run iBGPStatic routes from distribution devices for address poolsIGP for best exitCisco ISPWorkshops 2005, Cisco Systems, Inc. All rights reserved.35
Preparing the NetworkDistribution Layer Usually runs iBGPPartial or full routing (as with aggregation layer) But does not have to run iBGPIGP is then used to carry customer prefixes (does notscale)IGP is used to determine nearest exit Networks which plan to grow large shoulddeploy iBGP from day oneMigration at a later date is extra workNo extra overhead in deploying iBGP, indeed IGPbenefitsCisco ISPWorkshops 2005, Cisco Systems, Inc. All rights reserved.36
Preparing the NetworkCore Layer Core of network is usually the transit path iBGP necessary between core devicesFull routes or partial routes:Transit ISPs carry full routes in coreEdge ISPs carry partial routes only Core layer includes AS border routersCisco ISPWorkshops 2005, Cisco Systems, Inc. All rights reserved.37
Preparing the NetworkiBGP Implementation Decide on:Best iBGP policy (full vs partial route mix)iBGP scaling technique (communities, route-reflectors, peergroups) Then deploy iBGP:Step 1: Introduce iBGP (making sure that BGP distance isgreater than IGP distance)Step 2: Install customer prefixes into iBGPStep 3: Make iBGP distance less than IGPCheck! Does the network still work?Step 4: Withdraw customer prefixes from the IGP/staticroutesStep 5: Restore BGP distance to greater than IGP distanceStep 6: Deployment of eBGP followsCisco ISPWorkshops 2005, Cisco Systems, Inc. All rights reserved.38
Preparing the NetworkConfiguration – Before BGPinterface loopback 0ip address 121.10.255.1 255.255.255.255!Add loopbackinterface serial 0/0configuration if notip address 121.10.0.1 255.255.255.252already there!interface serial 0/1ip address 121.10.0.5 255.255.255.252!router ospf 100network 121.10.255.1 0.0.0.0 area 0passive-interface loopback 0redistribute connected subnets! Point-to-point linksredistribute static subnets! Customer networks!ip route 121.10.24.0 255.255.252.0 serial 0/0ip route 121.10.28.0 255.255.254.0 serial 0/1Cisco ISPWorkshops 2005, Cisco Systems, Inc. All rights reserved.39
Preparing the NetworkConfiguration – Steps 1 & 2Cisco ISPWorkshops! interface and OSPF configuration unchanged!router bgp 100redistribute connected subnets route-map point-to-pointneighbor 121.10.1.2 remote-as 100neighbor 121.10.1.2 next-hop-selfAdd BGP and related.configuration in rednetwork 121.10.24.0 mask 255.255.252.0network 121.10.28.0 mask 255.255.254.0distance bgp 200 200 200!ip route 121.10.24.0 255.255.252.0 serial 0/0ip route 121.10.28.0 255.255.254.0 serial 0/1!route-map point-to-point permit 5match ip address 1set community 100:1!access-list1 permit 121.10.0.0 0.0.255.25540 2005, Cisco Systems, Inc. All rights reserved.
Preparing the NetworkConfiguration – Steps 3 & 4Cisco ISPWorkshops! interface configuration unchanged!OSPF redistributionrouter ospf 100has been removednetwork 121.10.255.1 0.0.0.0 area 0passive-interface loopback 0!router bgp 100redistribute connected route-map point-to-pointneighbor 121.10.1.2 remote-as 100neighbor 121.10.1.2 next-hop-self.network 121.10.24.0 mask 255.255.252.0network 121.10.28.0 mask 255.255.254.0distance bgp 20 20 20! reduced BGP distance!ip route 121.10.24.0 255.255.252.0 serial 0/0ip route 121.10.28.0 255.255.254.0 serial 0/1!.etc. 2005, Cisco Systems, Inc. All rights reserved.41
Preparing the NetworkConfiguration – Step 5Cisco ISPWorkshops! interface configuration unchanged!router ospf 100network 121.10.255.1 0.0.0.0 area 0passive-interface loopback 0!router bgp 100redistribute connected route-map point-to-pointneighbor 121.10.1.2 remote-as 100neighbor 121.10.1.2 next-hop-self.network 121.10.24.0 mask 255.255.252.0network 121.10.28.0 mask 255.255.254.0distance bgp 200 200 200! BGP distance restored!ip route 121.10.24.0 255.255.252.0 serial 0/0ip route 121.10.28.0 255.255.254.0 serial 0/1!.etc. 2005, Cisco Systems, Inc. All rights reserved.42
Preparing the NetworkConfiguration Summary Customer networks are now in iBGPiBGP deployed over the backboneFull or Partial or Upstream Edge only BGP distance is greater than any IGP Now ready to deploy eBGPCisco ISPWorkshops 2005, Cisco Systems, Inc. All rights reserved.43
Basic MultihomingLet’s learn to walk before we try running Cisco ISPWorkshops 2005, Cisco Systems, Inc. All rights reserved.44
Basic Multihoming No frills multihoming Will look at two cases:Multihoming with the same ISPMultihoming to different ISPs Will keep the examples easyUnderstanding easy concepts will make the more complexscenarios easier to comprehendCisco ISPWorkshops 2005, Cisco Systems, Inc. All rights reserved.45
Basic Multihoming This type is most commonplace at the edge of the InternetNetworks here are usually concerned with inbound trafficflowsOutbound traffic flows being “nearest exit” is usuallysufficient Can apply to the leaf ISP as well as Enterprise networksCisco ISPWorkshops 2005, Cisco Systems, Inc. All rights reserved.46
Two links to the same ISPBasic – No RedundancyCisco ISPWorkshops 2005, Cisco Systems, Inc. All rights reserved.47
Two links to the same ISP Can use BGP for this to aid loadsharinguse a private AS (ASN 64511) upstream ISP proxy aggregatesin other words, announces only your addressblock to the Internet (as would be done if youhad one statically routed connection)Cisco ISPWorkshops 2005, Cisco Systems, Inc. All rights reserved.48
Two links to the same ISPCAAS 100EAS 65534DB AS100 proxy aggregates for AS 65534Cisco ISPWorkshops 2005, Cisco Systems, Inc. All rights reserved.49
Two links to the same ISP Split /19 and announce as two /20s, one oneach linkbasic inbound loadsharing Example has no practical use, butdemonstrates the principlesCisco ISPWorkshops 2005, Cisco Systems, Inc. All rights reserved.50
Two links to the same ISP Router A Configurationrouter bgp 65534network 121.10.0.0 mask 255.255.240.0network 121.10.16.0 mask 255.255.240.0neighbor 122.102.10.2 remote-as 100neighbor 122.102.10.2 prefix-list routerC outneighbor 122.102.10.2 prefix-list default in!ip prefix-list default permit 0.0.0.0/0ip prefix-list routerC permit 121.10.0.0/20!ip route 121.10.0.0 255.255.240.0 null0ip route 121.10.16.0 255.255.240.0 null0Cisco ISPWorkshops 2005, Cisco Systems, Inc. All rights reserved.51
Two links to the same ISP Router B Configurationrouter bgp 65534network 121.10.0.0 mask 255.255.240.0network 121.10.16.0 mask 255.255.240.0neighbor 122.102.10.6 remote-as 100neighbor 122.102.10.6 prefix-list routerD outneighbor 122.102.10.6 prefix-list default in!ip prefix-list default permit 0.0.0.0/0ip prefix-list routerD permit 121.10.16.0/20!ip route 121.10.0.0 255.255.240.0 null0ip route 121.10.16.0 255.255.240.0 null0Cisco ISPWorkshops 2005, Cisco Systems, Inc. All rights reserved.52
Two links to the same ISP Router C Configurationrouter bgp 100neighbor 122.102.10.1 remote-as 65534neighbor 122.102.10.1 default-originateneighbor 122.102.10.1 prefix-list Customer inneighbor 122.102.10.1 prefix-list default out!ip prefix-list Customer permit 121.10.0.0/20ip prefix-list default permit 0.0.0.0/0Cisco ISPWorkshops 2005, Cisco Systems, Inc. All rights reserved.53
Two links to the same ISP Router D Configurationrouter bgp 100neighbor 122.102.10.5 remote-as 65534neighbor 122.102.10.5 default-originateneighbor 122.102.10.5 prefix-list Customer inneighbor 122.102.10.5 prefix-list default out!ip prefix-list Customer permit 121.10.16.0/20ip prefix-list default permit 0.0.0.0/0Cisco ISPWorkshops 2005, Cisco Systems, Inc. All rights reserved.54
Two links to the same ISP Router E is AS100 border routerremoves prefixes in the private AS fromexternal announcementsimplements the proxy aggregation for thecustomer prefixesCisco ISPWorkshops 2005, Cisco Systems, Inc. All rights reserved.55
Two links to the same ISP Router E Configurationrouter bgp 100network 121.10.0.0 mask 255.255.224.0neighbor 122.102.10.17 remote-as 110neighbor 122.102.10.17 filter-list 1 out!ip route 121.10.0.0 255.255.224.0 null0!ip as-path access-list 1 deny 65534 ip as-path access-list 1 permit Private AS still visible inside AS100Cisco ISPWorkshops 2005, Cisco Systems, Inc. All rights reserved.56
Two links to the same ISP Big Problem:no backup in case of link failure /19 address block not announced AS Path filtering “awkward”easier to use bgp commandneighbor x.x.x.x remove-private-ASCisco ISPWorkshops 2005, Cisco Systems, Inc. All rights reserved.57
Two links to the same ISPOne link primary, the other link backup onlyCisco ISPWorkshops 2005, Cisco Systems, Inc. All rights reserved.58
Two links to the same ISP(one as backup only) Applies when end-site has bought a largeprimary WAN link to their upstream asmall secondary WAN link as the backupFor example, primary path might be an E1,backup might be 64kbpsCisco ISPWorkshops 2005, Cisco Systems, Inc. All rights reserved.59
Two links to the same ISP(one as backup only)primaryCAAS 100EAS 65534DBbackup AS100 removes private AS and any customersubprefixes from Internet announcementCisco ISPWorkshops 2005, Cisco Systems, Inc. All rights reserved.60
Two links to the same ISP(one as backup only) Announce /19 aggregate on each linkprimary link:Outbound – announce /19 unalteredInbound – receive default routebackup link:Outbound – announce /19 with increased metricInbound – received default, and reduce local preference When one link fails, the announcement of the/19 aggregate via the other link ensurescontinued connectivityCisco ISPWorkshops 2005, Cisco Systems, Inc. All rights reserved.61
Two links to the same ISP(one as backup only) Router A Configurationrouter bgp 65534network 121.10.0.0 mask 255.255.224.0neighbor 122.102.10.2 remote-as 100neighbor 122.102.10.2 description RouterCneighbor 122.102.10.2 prefix-list aggregate outneighbor 122.102.10.2 prefix-list default in!ip prefix-list aggregate permit 121.10.0.0/19ip prefix-list default permit 0.0.0.0/0!Cisco ISPWorkshops 2005, Cisco Systems, Inc. All rights reserved.62
Two links to the same ISP(one as backup only) Router B Configurationrouter bgp 65534network 121.10.0.0 mask 255.255.224.0neighbor 122.102.10.6 remote-as 100neighbor 122.102.10.6 description RouterDneighbor 122.102.10.6 prefix-list aggregate outneighbor 122.102.10.6 route-map routerD-out outneighbor 122.102.10.6 prefix-list default inneighbor 122.102.10.6 route-map routerD-in in!.next slideCisco ISPWorkshops 2005, Cisco Systems, Inc. All rights reserved.63
Two links to the same ISP(one as backup only)ip prefix-list aggregate permit 121.10.0.0/19ip prefix-list default permit 0.0.0.0/0!route-map routerD-out permit 10match ip address prefix-list aggregateset metric 10route-map routerD-out permit 20!route-map routerD-in permit 10set local-preference 90!Cisco ISPWorkshops 2005, Cisco Systems, Inc. All rights reserved.64
Two links to the same ISP(one as backup only) Router C Configuration (main link)router bgp 100neighbor 122.102.10.1 remote-as 65534neighbor 122.102.10.1 default-originateneighbor 122.102.10.1 prefix-list Customer inneighbor 122.102.10.1 prefix-list default out!ip prefix-list Customer permit 121.10.0.0/19ip prefix-list default permit 0.0.0.0/0Cisco ISPWorkshops 2005, Cisco Systems, Inc. All rights reserved.65
Two links to the same ISP(one as backup only) Router D Configuration (backup link)router bgp 100neighbor 122.102.10.5 remote-as 65534neighbor 122.102.10.5 default-originateneighbor 122.102.10.5 prefix-list Customer inneighbor 122.102.10.5 prefix-list default out!ip prefix-list Customer permit 121.10.0.0/19ip prefix-list default permit 0.0.0.0/0Cisco ISPWorkshops 2005, Cisco Systems, Inc. All rights reserved.66
Two links to the same ISP(one as backup only) Router E Configurationrouter bgp 100neighbor 122.102.10.17 remote-as 110neighbor 122.102.10.17 remove-private-ASneighbor 122.102.10.17 prefix-list Customer out!ip prefix-list Customer permit 121.10.0.0/19 Router E removes the private AS andcustomer’s subprefixes from externalannouncements Private AS still visible inside AS100Cisco ISPWorkshops 2005, Cisco Systems, Inc. All rights reserved.67
Two links to the same ISPWith Redundancy and LoadsharingCisco ISPWorkshops 2005, Cisco Systems, Inc. All rights reserved.68
Loadsharing to the same ISP More common case End sites tend not to buy circuits and leavethem idle, only used for backup as in previousexample This example assumes equal capacity circuitsUnequal capacity circuits requires more refinement –see laterCisco ISPWorkshops 2005, Cisco Systems, Inc. All rights reserved.69
Loadsharing to the same ISPLink oneCAAS 100EAS 65534DBLink two Border router E in AS100 removes private AS and anycustomer subprefixes from Internet announcementCisco ISPWorkshops 2005, Cisco Systems, Inc. All rights reserved.70
Loadsharing to the same ISP(with redundancy) Announce /19 aggregate on each link Split /19 and announce as two /20s, one on each linkbasic inbound loadsharingassumes equal circuit capacity and even spread of traffic acrossaddress block Vary the split until “perfect” loadsharing achieved Accept the default from upstreambasic outbound loadsharing by nearest exitokay in first approx as most ISP and end-site traffic is inboundCisco ISPWorkshops 2005, Cisco Systems, Inc. All rights reserved.71
Loadsharing to the same ISP(with redundancy) Router A Configurationrouter bgp 65534network 121.10.0.0 mask 255.255.224.0network 121.10.0.0 mask 255.255.240.0neighbor 122.102.10.2 remote-as 100neighbor 122.102.10.2 prefix-list routerC outneighbor 122.102.10.2 prefix-list default in!ip prefix-list default permit 0.0.0.0/0ip prefix-list routerC permit 121.10.0.0/20ip prefix-list routerC permit 121.10.0.0/19!ip route 121.10.0.0 255.255.240.0 null0ip route 121.10.0.0 255.255.224.0 null0Cisco ISPWorkshops 2005, Cisco Systems, Inc. All rights reserved.72
Loadsharing to the same ISP(with redundancy) Router B Configurationrouter bgp 65534network 121.10.0.0 mask 255.255.224.0network 121.10.16.0 mask 255.255.240.0neighbor 122.102.10.6 remote-as 100neighbor 122.102.10.6 prefix-list routerD outneighbor 122.102.10.6 prefix-list default in!ip prefix-list default permit 0.0.0.0/0ip prefix-list routerD permit 121.10.16.0/20ip prefix-list routerD permit 121.10.0.0/19!ip route 121.10.16.0 255.255.240.0 null0ip route 121.10.0.0 255.255.224.0 null0Cisco ISPWorkshops 2005, Cisco Systems, Inc. All rights reserved.73
Loadsharing to the same ISP(with redundancy) Router C Configurationrouter bgp 100neighbor 122.102.10.1 remote-as 65534neighbor 122.102.10.1 default-originateneighbor 122.102.10.1 prefix-list Customer inneighbor 122.102.10.1 prefix-list default out!ip prefix-list Customer permit 121.10.0.0/19 le 20ip prefix-list default permit 0.0.0.0/0 Router C only allows in /19 and /20 prefixes fromcustomer block Router D configuration is identicalCisco ISPWorkshops 2005, Cisco Systems, Inc. All rights reserved.74
Loadsharing to the same ISP(with redundancy) Router E Configurationrouter bgp 100neighbor 122.102.10.17 remote-as 110neighbor 122.102.10.17 remove-private-ASneighbor 122.102.10.17 prefix-list Customer out!ip prefix-list Customer permit 121.10.0.0/19 Private AS still visible inside AS100Cisco ISPWorkshops 2005, Cisco Systems, Inc. All rights reserved.75
Loadsharing to the same ISP(with redundancy) Default route for outbound traffic?Use default-information originate for the IGPand rely on IGP metrics for nearest exite.g. on router A:router ospf 65534default-information originate metric 2 metric-type 1Cisco ISPWorkshops 2005, Cisco Systems, Inc. All rights reserved.76
Loadsharing to the same ISP(with redundancy) Loadsharing configuration is only on customerrouter Upstream ISP has toremove customer subprefixes from externalannouncementsremove private AS from external announcements Could also use BGP communitiesCisco ISPWorkshops 2005, Cisco Systems, Inc. All rights reserved.77
Two links to the same ISPMultiple Dualhomed Customers(RFC2270)Cisco ISPWorkshops 2005, Cisco Systems, Inc. All rights reserved.78
Multiple Dualhomed Customers(RFC2270) Unusual for an ISP just to have one dualhomed customerValid/valuable service offering for an ISP with multiple PoPsBetter for ISP than having customer multihome with anotherprovider! Look at scaling the configuration Simplifying the configurationUsing templates, peer-groups, etcEvery customer has the same configuration (basically)Cisco ISPWorkshops 2005, Cisco Systems, Inc. All rights reserved.79
Multiple Dualhomed Customers(RFC2270)CAS 100EA1 AS 65534B1DA2 AS 65534B2 Border router E in AS100 removesprivate AS and any customersubprefixes from Internet announcementCisco ISPWorkshops 2005, Cisco Systems, Inc. All rights reserved.A3AS 65534B380
Multiple Dualhomed Customers(RFC2270) Customer announcements as per previousexample Use the same private AS for each customerdocumented in RFC2270address space is not overlappingeach customer hears default only Router An and Bn configuration same as RouterA and B previouslyCisco ISPWorkshops 2005, Cisco Systems, Inc. All rights reserved.81
Multiple Dualhomed Customers(RFC2270) Router A1 Configurationrouter bgp 65534network 121.10.0.0 mask 255.255.224.0network 121.10.0.0 mask 255.255.240.0neighbor 122.102.10.2 remote-as 100neighbor 122.102.10.2 prefix-list routerC outneighbor 122.102.10.2 prefix-list default in!ip prefix-list default permit 0.0.0.0/0ip prefix-list routerC permit 121.10.0.0/20ip prefix-list routerC permit 121.10.0.0/19!ip route 121.10.0.0 255.255.240.0 null0ip route 121.10.0.0 255.255.224.0 null0Cisco ISPWorkshops 2005, Cisco Systems, Inc. All rights reserved.82
Multiple Dualhomed Customers(RFC2270) Router B1 Configurationrouter bgp 65534network 121.10.0.0 mask 255.255.224.0network 121.10.16.0 mask 255.255.240.0neighbor 122.102.10.6 remote-as 100neighbor 122.102.10.6 prefix-list routerD outneighbor 122.102.10.6 prefix-list default in!ip prefix-list default permit 0.0.0.0/0ip prefix-list routerD permit 121.10.16.0/20ip prefix-li
bgp multi path Three BGP sessions required limit of 6 parallel paths router bgp 201 neighbor 1.1.2.1 remote-as 200 neighbor 1.1.2.5 remote-as 200 neighbor 1.1.2.9 remote-as 200 maximum-paths 3 ISP AS 201 AS 200
