Andrew Cook gave an excellent response, to which I have some inline comments.
The whole multihoming issue is very complex. I discuss it at some
length in Chapter 7 of my _WAN Survival Guide_ (Wiley, ISBN
0471384283), but as part of a broader discussion of fault tolerance
and load distribution. I'll get into much more detail in my next
book on exterior routing, but that isn't available yet.\
In the meantime, RFCs 1998 and 2270 give some insight.
>Hi Jacek,
>
>If the secondary IP on FastEthernet0 is from your address space and there is
>no dynamic routing between the customer and ISP B (ISP B has no knowledge of
>your address space at the customer site), then traffic from your IP block
should NOT return via ISP B.
The situation would be handled differently if your address space was
allocated to you directly (i.e., provider independent or PI), or if
it was sub-assigned by one of your providers (i.e., provider assigned
or PA).
With PI space, if you are doing this for fault tolerance as well as
load distribution, you must:
announce your less-specific aggregate to both ISPs
announce the more-specific prefixes to the ISP you prefer to have
traffic to that block come into your AS
With PA space, you must:
anounce your less-specific aggregate to both ISPs
announce the more-specific prefixes to the ISP you prefer to have
traffic to that block come into your AS
be sure that the assigning AS advertises your more-specific as well
as its aggregate
be sure that the other AS coordinates with the owning AS that it can
announce a more-specific from another AS's space.
(must in Europe, strongly recommended elsewhere) Be sure that all
three AS (you and the two ISP) register the routing policies describing
this in a public routing registry.
>
>
>If you can't/won't use BGP to solve this, I only see the following choices
>left:
To be a little more blunt,
You can't get 100% compliance with what you appear to want even if
you use BGP. You can, however, increase the probability it will
happen most of the time.
In many global routing situations, saying you can't use BGP is about
as relevant as a man drowning in the ocean saying, "but the US
constitution gives me a right to life." The ocean doesn't care.
AS with whom you have no business relationship (i.e., that collect
no money from you) are under no obligation to follow policies you
announce with BGP. They certainly aren't going to follow policies
that they don't know about because you aren't announcing the information
about your policy in BGP, or in routing registries.
In other words, there's a reasonable mind set that comes from working
in routing that's limited to an enterprise -- that you can control
all flow given sufficiently powerful policy enforcement mechanisms.
To work effectively in ISP/global routing, you have to accept that
you are no longer in complete control, and accept that the best you
can do is influence to some extent.
If you need tighter control than that, an interprovider VPN is the
only alternative. VPNs, however, require that you know all the
endpoints before configuring. They do not support connectivity to or
from arbitrary Internet addresses.
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
