I don't really have enough information to answer fully, but here are
first thoughts, and many inline questions.
>Take a look at the sketch here:
>
>http://www.allnetllc.net/plans/bgp.gif
>
>Routers 1A and 1B are Primary and secondary HSRP
>Routers 2A and 2B are Primary and secondary HSRP
>
>Two sites of a large Enterprise network are connected to 2 ISP's.
>The company has 2 assigned public IP address blocks. They would like
>to advertise 1 block from each site. The Internet routers at each of
>the sites are not (and cannot be) directly connected.
Who owns each address block? If they are provider-assigned,
additional rules will be needed in the external routing policy.
What can be assumed about default routes? Can I assume that each
firewall defaults to the pair of external routers at its site?
I will assume interior routing on C and D that has non-default routes only.
When you say no traffic from R1A/B can flow across C-D, do you
literally mean all traffic, or are routing updates allowed?
If the C-D link goes down, I am assuming that Site 1 will _not_ be
able to reach site 2.
In pseudo-RPSL, is this the external routing policy you are going for?
export: to ISP1 announce at ROUTER1A ADDR-BLOCK-1
to ISP2 announce at ROUTER1B ADDR-BLOCK-1
to ISP1 announce at ROUTER2A ADDR-BLOCK-2
to ISP2 announce at ROUTER2B ADDR-BLOCK-2
import: from ISP1 at ROUTER1A accept ALL AND NOT ADDR-BLOCK-2
from ISP2 at ROUTER1B accept ALL AND NOT ADDR-BLOCK-2
from ISP1 at ROUTER2A accept ALL AND NOT ADDR-BLOCK-1
from ISP2 at ROUTER2B accept ALL AND NOT ADDR-BLOCK-1
>
At 6:54 PM -0400 10/16/2000, Howard C. Berkowitz wrote:
>Traffic from the Internet that flows into the network from Router 1A
>(or 1B) must not cross the link between Router C and Router D.
>Traffic from the the Internet from Router 2A (or 2B) must not cross
>the link between Router C and Router D. Likewise, internal traffic
>destined for the Internet must get there via the local connection to
>the Internet, and not by crossing the link between Router C and D.
>
>Here is the Question:
>
>How many AS's are required to build this scenario (and have it
>work)? Remember that all these routers and both these address blocks
>are under a single administrative control...
If I understand you correctly, you will need one AS.
Router C and D know only about the default route and the enterprise
addresses at each site.
Routers R1A/R1B/R2A/R2B run BGP and advertise default into their
sites. The other site's address block, however, is filtered on BGP
input, so the router can only learn about the other site from
interior routing
--
"What Problem are you trying to solve?"
***send Cisco questions to the list, so all can benefit -- not
directly to me***
Howard C. Berkowitz [EMAIL PROTECTED]
Technical Director, CertificationZone.com
Senior Product Manager, Carrier Packet Solutions, NortelNetworks (for ID only)
but Cisco stockholder!
"retired" Certified Cisco Systems Instructor (CID) #93005
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
