2 ISP's, 2 Routers, No BGP

[zinkann]

Currently i have two ASA's running active and secondary with one 2800 router going to our ISP. My question is, what do you guys think the best method of running 2 routers going to two separate ISP's strictly for failover? BGP is not an option because of my ISP. We also have quite a few public IP's (/28) hanging off the ASA. Thanks

CCNA, Network+

 

[jneiberger]

Do you have assigned address space from both ISPs? If so, are you trying to get failover for both address assignments?

 

[ADB100]

There was a new feature added to PIX/ASA 7.2 where you can havea redundant ISP link. I haven't tested it but it looks like it uses some sort of reachability check - like policy routing where it checks the next-hop is available. If it isn't it 'fails over' to the 2nd link - i.e. changes the routing table so the default route changes from ISP 1 to ISP 2. I think it's only good for outbound traffic and you only use one link in a normal situation, however I haven't looked into too much so I could be wrong

HTH

Andy

 

[jneiberger]

Basshead's problem, if I'm reading it correctly, is that he may have two /28s from different providers. It will be difficult to make both prefixes reachable through both ISPs, even with BGP.

Unless there is more to the story, I don't think it's a good design to have redundant links to multiple ISPs in this scenario.

 

[zinkann]

yeah, I've looked into multi homed stuff with BGP and I'd love to run it. I was more or less looking into redundancy options and see if it is possible to have two different add spaces with two different ISP's. Sounds like my best option is to get two separate internet links from the same ISP and run BGP. thanks

CCNA, Network+

 

[jneiberger]

If you have two links to the same ISP, you probably won't need BGP in the first place. It really depends on your ultimate design, but you probably don't need it.

If you must have redundant ISPs, you'll need at least a single /24 prefix assigned to your company. Nothing smaller than that will work. You'd then need your own Autonomous System number from ARIN. If you just want some redundancy with your internet links, go with two links to a single ISP and forget about BGP.

 

[brianinms]

Why would you get 2 circuits to the same ISP? There would be no redundancy with that configuration. For redundant circuits, you want 2 connections that use 2 different transports.

For Example

T1- Primary , Cable Modem - Backup

MetroE - Primary, T1 with a different provider - Backup


In the US, typically T1's with different carriers are often terminated in the same CO ... thus no redundancy.

 

[jneiberger]

It all depends on your requirements and what sorts of problems you're trying to protect against. If you're just trying to protect against link-level events, like circuit problems on a T1, then two connections to the same ISP is more than sufficient. Most people don't need more than that.

If you need even more redundancy but want to protect against problems within the ISP, most big ISPs offer circuits terminating in different POPs. I've done that before. I had two circuits with Sprint that terminated in Denver and Tacoma, respectively, then a had a third Global Crossing circuit.

We had all sorts of redundancy to protect against equipment failures, link failures, and ISP failures. In addition, one of those circuits came in the building on copper while the other two were on fiber. The fiber was protected by Qwest SHARP service, so we were safe from local fiber cuts.

The only thing that we weren't protected against was a complete failure of our local central office.

This type of discussion really boils down to this:

1. What sorts of things do you want to protect against? There are many varieties of redundancy depending on your requirements.

2. Once you've decided on #1, how much can you afford and how much technical expertise do you have? Do you actually have anyone who understands BGP and Internet routing policy and theory?

If you have assigned address space then cable modems and DSL connections are typically not good options. It can be difficult to work with your ISP to make your address space reachable over those connections. If they'll do it, more power to you, but I wouldn't count on it.

 

[zinkann]

Deal is, we only have one ISP now, with a 10M metro link, one router and a /28. I would like to have redundant internet connections, but it is near impossible to have that because of my address space. My other option is to have 2 internet connections from the same ISP (so my /28 will be ok on both links)going to two different POP's. But that would only protect against local fiber cuts, or a problem with one of the POP's. Originally i was wanting to add a small, back up connection like a T1, but i would have big issues with my address space. So, lets consider this topic dead......thanks guys

CCNA, Network+

 

[jneiberger]

Depending on your ISP, you might still be able to have a backup T1. We have that exact scenario where I currently work. We have a 10 Mbps connection from Qwest and a backup T1 at another site. Qwest has routing configured so that if our main connection goes down, our address space re-routes to the backup site without our intervention. Would something like that work for you? If so, ask you ISP if that's an option.

 

[zinkann]

They only supply metro and broadband access. All their internet traffic eventually goes out their two routers which are in the same building. I see what you mean but it just wouldn't work the way i wanted. thanks

CCNA, Network+

 

[jneiberger]

Yeah, we had that problem with another ISP a few years ago when we were considering migrating our entire enterprise network from frame relay to their MPLS network. It turns out that their entire network is run from a single node at a single POP in our area. We just didn't like that idea, so we didn't do it.

A few years later, we ended up using a different provider's MPLS product that was a bit more robust but even that had problems from time to time that wouldn't have happened if we had remained on frame relay. However, the benefits were substantial.