Re: [j-nsp] eBGP with internet provider from DataCenters
Le 15/11/2013 14:18, Yham a écrit : Hi Guys, Hi, If we have two active/active DataCenters on different geographical locations and going to peer with the same provider for internet. What are the pros and cons of having same Autonomous Number on both data centers. In other word which is more scalable and practical, having both data cernter on single public ASN or should be two different when peering with same internet providers. Can you please share you thoughts on it. How are your data centers interconnected? mh Regards ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] eBGP with internet provider from DataCenters
Thanks MH you ask this question, They have direct link between border routers, they have full mpls core connecting two data centers and there are also direct links at distribution layer. On Fri, Nov 15, 2013 at 9:27 AM, Michael Hallgren m.hallg...@free.frwrote: Le 15/11/2013 14:18, Yham a écrit : Hi Guys, Hi, If we have two active/active DataCenters on different geographical locations and going to peer with the same provider for internet. What are the pros and cons of having same Autonomous Number on both data centers. In other word which is more scalable and practical, having both data cernter on single public ASN or should be two different when peering with same internet providers. Can you please share you thoughts on it. How are your data centers interconnected? mh Regards ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] eBGP with internet provider from DataCenters
Hi Yham, Ah. I assumed by your original question that the datacenters were not interconnected. It sounds like you should be able to call both your datacenters, together, a single AS. You'll want to create a full ibgp mesh, and routing should be relatively straight forward. HTHs, Dave On 11/15/13 9:39 AM, Yham wrote: Thanks MH you ask this question, They have direct link between border routers, they have full mpls core connecting two data centers and there are also direct links at distribution layer. On Fri, Nov 15, 2013 at 9:27 AM, Michael Hallgren m.hallg...@free.frwrote: Le 15/11/2013 14:18, Yham a écrit : Hi Guys, Hi, If we have two active/active DataCenters on different geographical locations and going to peer with the same provider for internet. What are the pros and cons of having same Autonomous Number on both data centers. In other word which is more scalable and practical, having both data cernter on single public ASN or should be two different when peering with same internet providers. Can you please share you thoughts on it. How are your data centers interconnected? mh Regards ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] eBGP with internet provider from DataCenters
Hi Yham, On the Pro side, you would conserve one ASN by using the same ASN for both data centers. Also, if in the future the datacenters were to get some direct connectivity with each other, it would be relatively straight forward to join the network control planes together. I can't think of any other Pros, but perhaps there are some. On the Con side, each data center would hear about the other's network blocks via bgp advertisements to/from your providers. By default, each data center's peering routers would not learn the routes from the other data center, as their own ASN would appear in the AS path. The result: each data center would not have routes for the other. There is a way to override that, by configuring the BGP sessions with a allow one AS loop sort of syntax. (I know JUNOS allows this for L3VPNs using BGP as the CE-PE protocol, so I suspect Cisco does too.) Or, you could do something with static routes. There are probably several other solutions to this problem. While I'm all for conserving ASN resources, I think that having each datacenter have its own ASN is the cleaner way to do things. But that's just IMHO. HTHs, Dave On 11/15/13 8:18 AM, Yham wrote: Hi Guys, If we have two active/active DataCenters on different geographical locations and going to peer with the same provider for internet. What are the pros and cons of having same Autonomous Number on both data centers. In other word which is more scalable and practical, having both data cernter on single public ASN or should be two different when peering with same internet providers. Can you please share you thoughts on it. Regards ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] eBGP with internet provider from DataCenters
Hi Yham, Thanks for the map -- your situation is a lot more interesting than it first appeared! I'm guessing there may be some number of requirements and policy decisions that went into this. Without knowing all the back story, it makes it a little tricky to say what would be best solution. I realize I'm not answering the question you have asked, but I'm curious: Is there a reason that the BR-1 and BR-2 routers can't be part of the same AS as the Internal Internet with public ASN core? That would seem like a clean solution. If you can't do that, and you can't use private AS-es for the pair of BR-1/BR-2 routers, then when I look at your diagram, each BR-1/BR-2 pair *looks like* a single AS to me; while they are connected together through the MPLS network, that happens through a different private AS. So, somewhat ironically, I'm back at my original message with my same list of pros and cons. =-) HTHs, Dave ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] eBGP with internet provider from DataCenters
Le 15/11/2013 17:10, Dave Curado a écrit : Hi Yham, Thanks for the map -- your situation is a lot more interesting than it first appeared! I agree! :-) I'm guessing there may be some number of requirements and policy decisions that went into this. Without knowing all the back story, it makes it a little tricky to say what would be best solution. I realize I'm not answering the question you have asked, but I'm curious: Is there a reason that the BR-1 and BR-2 routers can't be part of the same AS as the Internal Internet with public ASN core? That would seem like a clean solution. If you can't do that, and you can't use private AS-es for the pair of BR-1/BR-2 routers, then when I look at your diagram, each BR-1/BR-2 pair *looks like* a single AS to me; while they are connected together through the MPLS network, that happens through a different private AS. Maybe wrapping things up in a BGP confederation architecture? Thoughts? So, somewhat ironically, I'm back at my original message with my same list of pros and cons. =-) mh HTHs, Dave ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] eBGP with internet provider from DataCenters
On 11/15/13 11:29 AM, Michael Hallgren wrote: Le 15/11/2013 17:10, Dave Curado a écrit : Hi Yham, Thanks for the map -- your situation is a lot more interesting than it first appeared! I agree! :-) I'm guessing there may be some number of requirements and policy decisions that went into this. Without knowing all the back story, it makes it a little tricky to say what would be best solution. I realize I'm not answering the question you have asked, but I'm curious: Is there a reason that the BR-1 and BR-2 routers can't be part of the same AS as the Internal Internet with public ASN core? That would seem like a clean solution. If you can't do that, and you can't use private AS-es for the pair of BR-1/BR-2 routers, then when I look at your diagram, each BR-1/BR-2 pair *looks like* a single AS to me; while they are connected together through the MPLS network, that happens through a different private AS. Maybe wrapping things up in a BGP confederation architecture? Thoughts? Great idea! ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] eBGP with internet provider from DataCenters
Hi Yham, FYI - I think one of my email messages on this thread didn't go out, the body of the message was larger than some threshold, and it requires a moderator approval. (they'll get to it at some point =-) can you comments on how AS-confederation will benefit more over having all BRs part of single public AS with iBGP peering with neighbors. Datacenter-1 one is already on public AS so it will be difficult to make changes. The only reason with two AS is architectural complexity when you suggest one AS for both DCs or do you think any routing issues can also be encounters. The way your current topology uses a number of private-ASes, it starts to look like a BGP confederation. The benefit of a confederation is the ability to present your network as a single AS, while internally using a set of private ASes allowing a separation of administrative and policy choices for each private AS. But that flexibility does come with a bit more complexity. (I'm sure there are people on this list who have worked with confederations and will hopefully chime in on this.) Since the two BR-1/BR-2 pairs are interconnected, and one already has a public ASN, making them all part of the same ASN and putting an ibgp mesh into place would be relatively easy, and would save a second public ASN from being used. At least, it looks relatively easy to me, and that is attractive. =-) HTHs, Dave ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] eBGP with internet provider from DataCenters
Le 15/11/2013 18:14, Dave Curado a écrit : Hi Yham, FYI - I think one of my email messages on this thread didn't go out, the body of the message was larger than some threshold, and it requires a moderator approval. (they'll get to it at some point =-) can you comments on how AS-confederation will benefit more over having all BRs part of single public AS with iBGP peering with neighbors. Datacenter-1 one is already on public AS so it will be difficult to make changes. The only reason with two AS is architectural complexity when you suggest one AS for both DCs or do you think any routing issues can also be encounters. The way your current topology uses a number of private-ASes, it starts to look like a BGP confederation. The benefit of a confederation is the ability to present your network as a single AS, while internally using a set of private ASes allowing a separation of administrative and policy choices for each private AS. But that flexibility does come with a bit more complexity. (I'm sure there are people on this list who have worked with confederations and will hopefully chime in on this.) Yes, I agree. Never do more complex than projected to be needed mid-term (or so). In other words, AS-confed if you feel that policing between your subs is or will become important, else: Since the two BR-1/BR-2 pairs are interconnected, and one already has a public ASN, making them all part of the same ASN and putting an ibgp mesh into place would be relatively easy, and would save a second public ASN from being used. At least, it looks relatively easy to me, and that is attractive. =-) Voilà ! Cheers, mh HTHs, Dave ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] eBGP with internet provider from DataCenters
Oups..., resend after ML police pointed out that message was too heavy. mh Le 15/11/2013 18:14, Michael Hallgren a écrit : Le 15/11/2013 17:53, Yham a écrit : can you comments on how AS-confederation will benefit more over having all BRs part of single public AS with iBGP peering with neighbors. cBGP (or whatever we call it) between your sub-AS would allow you to nicely, more flexibly than with IGP, manage how traffic flow between them. Datacenter-1 one is already on public AS so it will be difficult to make changes. Right. It's a good thing to introduce AS-confed early. Later migration may be a PITA... mh The only reason with two AS is architectural complexity when you suggest one AS for both DCs or do you think any routing issues can also be encounters. On Fri, Nov 15, 2013 at 11:40 AM, Dave Curado da...@curado.org mailto:da...@curado.org wrote: Hi Yham, Yes, with that link between the BR-1/BR-2 pair, I would tend to make them one AS. I just like keeping things as straight-forward as I can. =-) But using different ASes would work as well. That said, Michael Hallgren suggested doing an AS-confederation. I think that's a great idea to consider. Thanks, Dave snip/ ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp