I have a nearly identical setup to what you're proposing except that I use
the T1's daily along with the DS3 and I'm multihomed to two providers. It
makes for some interesting tweaking but in the end it works quite well. Our
average web site load time used to be in the 5-6 second range but now with
the addition of the Localdirectors and BGP/multihoming our site load times
average close to .5 seconds but occasionally bounce up to 2-3 seconds if we
get some high-latency from one of the providers. I'm getting ready to
switch to two DS3's here in a few weeks which will simplify things a bit and
add much needed bandwidth. Anyway, I'll paste my config in here after I try
to answer your questions. My disclaimer is that I still haven't had the
time to become 'proficient' with BGP but my config works. :)
a. One thing I found was I was much better off to have the ISP send a
default route along with everything else and then weight it on my side. I
never got what I considered to be a satisfactory solution when I tried to do
it with static default routes. If you have the ISP send default routes then
you can pretty much guarantee that everything will be dynamic. I had a
couple situations where the BGP session went active but the links were fine
and data wouldn't switch over to the other links. (dynamic=good)
b. This strategy works well for me although you may want to find out where
those 4 T1's are homed to. Definately make sure they're not on the same
router as the DS3 and, although it'll close some of your load *balancing*
prospects I prefer to have the T1's split between different routers as well.
(all the redundant links don't do very well if the router that they home to
crashes....I had the 'opportunity' to learn that one as well)
c. Using the T1's for every day traffic is up do you. However, since you'll
be using BGP (and I guess even without BGP) any other person who happens to
be on the same router that you have a T1 on will always go through the T1
because it's the shortest path.
d. You'll have to worry about some of that but maybe not all. Your ISP
should be able to help you get through any sticky areas.
e. Ummm, I dunno...I'm open to suggestion :) I'm partial to using the
route-cache on links with that much bandwidth but I'd welcome a more
experienced answer as well.
f. Another router shouldn't be required unless you feel the need for
hardware redundancy as well. I'm currently using a 4700M for mine which is
underpowered but I should be replacing that with a 7206 in a couple weeks.
The limitation on the 4700 was memory and backplane speed...it seemed to
have plenty leftover horsepower for the situation I put it in. Even with
high bandwidth utilization the processor stayed at a very reasonable level.
If it'll help, I'll forward a copy of my 7206 config when I get that ready.
Here's a stripped version on my config....hope it helps!
!
interface Hssi0
description SMDS
no ip address
no ip directed-broadcast
encapsulation smds
crc 32
!
interface Hssi0.2 multipoint
ip address X.X.X.X
ip access-group 111 out
no ip directed-broadcast
bandwidth 32000
smds address c180.4703.1950
smds multicast ARP e180.4703.6039 207.68.0.0 255.255.255.0
smds multicast IP e180.4703.6039 207.68.0.0 255.255.255.0
smds enable-arp
!
interface Serial0
ip address X.X.X.X
ip access-group 111 out
no ip directed-broadcast
encapsulation ppp
no ip mroute-cache
bandwidth 1544
no fair-queue
hold-queue 100 out
!
interface Serial1
ip address X.X.X.X
ip access-group 111 out
no ip directed-broadcast
bandwidth 1544
no fair-queue
hold-queue 100 out
!
interface Serial2
ip address X.X.X.X
ip access-group 111 out
no ip directed-broadcast
encapsulation ppp
bandwidth 1544
no fair-queue
hold-queue 100 out
!
interface Serial3
ip address X.X.X.X
ip access-group 111 out
no ip directed-broadcast
encapsulation ppp
bandwidth 1544
no fair-queue
hold-queue 100 out
!
router bgp XXXXX
no synchronization
network X.X.X.X
neighbor X.X.X.X remote-as 7018
neighbor X.X.X.X timers 10 30
neighbor X.X.X.X distribute-list 10 out
neighbor X.X.X.X route-map attweight in
neighbor X.X.X.X route-map addas out
neighbor X.X.X.X remote-as 7018
neighbor X.X.X.X timers 10 30
neighbor X.X.X.X distribute-list 10 out
neighbor X.X.X.X route-map attweight in
neighbor X.X.X.X route-map addas out
neighbor X.X.X.X remote-as 7018
neighbor X.X.X.X timers 10 30
neighbor X.X.X.X distribute-list 10 out
neighbor X.X.X.X route-map attweight in
neighbor X.X.X.X route-map addas out
neighbor X.X.X.X remote-as 7018
neighbor X.X.X.X timers 10 30
neighbor X.X.X.X distribute-list 10 out
neighbor X.X.X.X route-map attweight in
neighbor X.X.X.X route-map addas out
neighbor X.X.X.X remote-as 11146
neighbor X.X.X.X timers 10 30
neighbor X.X.X.X distribute-list 10 out
neighbor X.X.X.X route-map baisweight in
neighbor X.X.X.X remote-as 11146
neighbor X.X.X.X timers 10 30
neighbor X.X.X.X distribute-list 10 out
neighbor X.X.X.X route-map baisweight in
maximum-paths 5
no auto-summary
!
ip classless
access-list 10 permit X.X.X.X
access-list 10 permit X.X.X.X
access-list 10 permit X.X.X.X
access-list 11 permit 0.0.0.0
!
route-map baisweight permit 10
match ip address 11
set weight 5000
!
route-map baisweight permit 20
set weight 0
!
route-map attweight permit 10
match ip address 11
set weight 1000
!
route-map attweight permit 20
set weight 0
!
route-map addas permit 10
set as-path prepend 13387 13387
-----Original Message-----
From: Jennifer Mellone [mailto:[EMAIL PROTECTED]]
Sent: Sunday, July 02, 2000 4:57 PM
To: [EMAIL PROTECTED]
Subject: BGP - 1 DS3, 4 backup T1s, 1 ISP
Hello folks that are also "Geeking Out" over the 4th of July---
We are revamping the Internet architecture, and we are going to have a brand
new external 7507 with 1 new DS3 and 4 T1s. There will be EBGP and static
routing. Right now the T1s are on the existing external router with static
routes and OSPF. The internal router (and it's replacement 7507) has/will
have static routes and EIGRP. EIGRP is the main protocol in the netork.
Anyway, the 4 T1s will backup the DS3, but when the backup occurs, I'd like
them to load share. I read that ebgp-multihop is the technique to use when
load sharing parallel links, using the loopbacks vs. the regular neighbor
addresses.
a. Can you tell me if my proposed BGP config is correct or point out things
that are wrong or missing? Config. is below.
b. Is this backup strategy good?
c. The T1s won't be used unless the DS3 dies, right?
d. Do I need to worry about filters or attributes (like weights, local
preference, MED, etc.) in this case?
e. Oh, should I do ip route-cache or no ip route-cache on the T1s and DS3?
I figure leave the defaults ip route-cache to save on CPU cycles.
f. I want this config. to be a stepping stone in case the we decide to
connect to another ISP. Would another external router be required?
- Jennifer Mellone
router bgp jjj {this is ARIN registered ASN for the company}
network k.k.k.k {this is registered class B to be advertised}
network l.l.l.l {registered class C which will go away later; re-ip to the
class B}
neighbor a.a.a.a remote-as xxx {xxx ISP's ASN; a.a.a.a loopback of ISP's
router for 1st t1}
neighbor a.a.a.a ebgp-multihop
neighbor a.a.a.a update-source loopback0
neighbor b.b.b.b remote-as xxx {xxx ISP's ASN; b.b.b.b loopback of ISP's
router for 2nd t1}
neighbor b.b.b.b ebgp-multihop
neighbor b.b.b.b update-source loopback0
neighbor c.c.c.c remote-as xxx {xxx ISP's ASN; c.c.c.c loopback of ISP's
router for 3rd t1}
neighbor c.c.c.c ebgp-multihop
neighbor c.c.c.c update-source loopback0
neighbor d.d.d.d remote-as xxx {xxx ISP's ASN; d.d.d.d loopback of ISP's
router for 4th t1}
neighbor d.d.d.d ebgp-multihop
neighbor d.d.d.d update-source loopback0
neighbor e.e.e.e remote-as xxx {xxx ISP's ASN; e.e.e.e is the ISP's DS3
serial link address}
!
ip route 0.0.0.0 0.0.0.0 h.82.10.145 210 {ISP's serial link address for 1st
T1}
ip route 0.0.0.0 0.0.0.0 h.82.10.149 210 {ISP's serial link address for 2nd
T1}
ip route 0.0.0.0 0.0.0.0 h.82.10.153 210 {ISP's serial link address for 3rd
T1}
ip route 0.0.0.0 0.0.0.0 h.82.10.157 210 {ISP's serial link address for 4th
T1}
ip route 0.0.0.0 0.0.0.0 e.e.e.e 205 {e.e.e.e ISP's DS3 serial link; low
admin distance to prefer this path}
ip route k.k.k.k 255.255.0.0 k.k.k.4 {to get to the k.k.k.k class b stuff;
k.k.k.4 is the virtual IP for the 2 firewalls}
ip route l.l.l.l 255.255.255.0 1.1.1.16 {remove this 1.1.1.1 class c stuff
later}
___________________________________
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
___________________________________
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
