An interesting suggestion, but we can't assume that all three routers take full tables, they could take partial tables or just default routes, or there could be no bgp at all depending on how the network is configured. I am not stating that it is set up this way, but I have seen all of these situations before on production networks with multiple ISPs.
The other issues are: 1. Manipulating the attributes on every route received so that every route on all the routers make it to the maximum path bgp selection rule. Like you said, this is doable, but I would not advise anyone to do this without understanding exactly what they are doing. 2. Having 3 routes for every prefix on the Internet, this would equate to approximately 336,000 active routes in the table, just not a possibility unless you have very expensive hardware. -----Original Message----- From: Reimer, Fred [mailto:[EMAIL PROTECTED] Sent: Monday, September 08, 2003 11:58 AM To: Lupi, Guy; [EMAIL PROTECTED] Subject: RE: vlan urgent [7:74955] Theoretically, you don't even need a switch in the middle. If these are ISP-connected routers, and the firewall is doing the NAT, then the three routers must be doing BGP to the ISPs by definition. They would each have full routing tables. On the "inside" (external to PIX) segment, the three routers can run HSRP and the PIX can point to that one address. Between the three routers you can redistribute the routes so that all three routers have equal cost routes to all the Internet routes. It may take some fancy work, but it should be doable. So if Router 1 was the HSRP active on FastEthernet0/0, it would send a third of the traffic over its Serial0/0 interface, a third over the "backend" network between the routers on FastEthernet0/1 to router 2, and a third on the backend network on FastEthernet0/1 to router 3. If router 2 or 3 lost their connection, they would dynamically update router 1. If router 1 went down, then router 2 or 3 would take over as the HSRP active on FastEthernet0/0. Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -----Original Message----- From: Lupi, Guy [mailto:[EMAIL PROTECTED] Sent: Monday, September 08, 2003 9:56 AM To: [EMAIL PROTECTED] Subject: RE: vlan urgent [7:74955] The first thing I would do is determine whether or not you need to load share for outbound bandwidth. Typically an enterprise will have a lot more inbound traffic than outbound traffic, so if one of the circuits exceeds your outbound bandwidth needs by 30% or more, you may not need to load share across the multiple routers for outbound traffic. If this is the case, put all the routers in an HSRP group with the largest outbound pipe being active and the other 2 being standby to present one gateway to the firewall that is redundant across all of the routers. If that is not the case, then you have to determine how you are going to load share. A layer 3 switch with multiple default gateways will work, but then you have to determine whether or not the load sharing will be per-packet or per-destination. You then also have to work out the issue of a circuit failure. If a provider circuit fails, and the router's Ethernet that is plugged into the switch is still up, the switch will still route traffic to that device because it has no way of knowing that the router has no available path to forward the traffic. If HSRP is not an option, and you need to load share to accommodate your outbound traffic, you should use a routing protocol such as OSPF to communicate between the routers and the switch. You redistribute the static default route on each of the routers into OSPF, if there is a circuit failure the router will stop injecting the default and the switch will stop routing traffic to it. Inbound bandwidth shouldn't be a problem, this will be taken care of by normal routing, inbound traffic to your network from each provider hits its respective router and the router sends it to your firewall/switch. I would answer these questions before trying to determine how the switch should be configured. -----Original Message----- From: kaushalender [mailto:[EMAIL PROTECTED] Sent: Monday, September 08, 2003 8:29 AM To: [EMAIL PROTECTED] Subject: vlan urgent [7:74955] Hi group, I will be glad if some one can help me on itI have a problem .We are planning to put firewall in our network.The problem is that firewall can point to a single gateway but i have multiple gateways for my network because we have taken bandwidth from different providers and all three bandwidth is terminated on different router's .Now they are Suggesting that we have to put a L3 switch in between firewall and all three routers and give one static ip address to L3 switch and than firewall will point that static ip .Can some one suggest how i have to configure cisco 3550 L3 series switch.Plz help Regards Kaushalender **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74980&t=74955 -------------------------------------------------- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
