Re: Need provider suggestions - BGP transit over GRE tunnel
Just make sure you don't shoot yourself in the foot by telling the best route to the end of the tunnel is via the tunnel itself... I use it too: http://www.avonsys.com/blogpost367 but because I have no other choice. - Original Message - From: Robert Johnson fasterfour...@gmail.com To: C. Jon Larsen jlar...@richweb.com, nanog@nanog.org Sent: Saturday, 29 January, 2011 6:48:50 PM Subject: Re: Need provider suggestions - BGP transit over GRE tunnel My network spans a multicity geographic area using microwave radio links. The point of the GRE tunnel is to allow me to establish a BGP session to another AS using a consumer grade Internet connection (cheap) over the public Internet. I don't want to build out additional microwave paths to a new datacenter to become multihomed. On Fri, Jan 28, 2011 at 5:36 PM, C. Jon Larsen jlar...@richweb.com wrote: I have read your email a few times and i dont see how this makes sense. Why do you need a public AS and PI space? Your gre tunnel wont need it or be able to use it. A gre tunnel is just a replacement for a physical pipe. If your datacenter based presence goes down, you will need a pipe at your office, or some other location speaking bgp that can annouce your block anyway.
Re: Need provider suggestions - BGP transit over GRE tunnel
On Sun, 30 Jan 2011 00:49:34 +1300, Franck Martin said: Just make sure you don't shoot yourself in the foot by telling the best route to the end of the tunnel is via the tunnel itself... Did you mean routing *your* end of the tunnel to the tunnel itself, or announcing to the entire world that The Internet was best reached via your tunnel? I think we've seen spectacular failures in both modes... pgpk3N1yLPP97.pgp Description: PGP signature
Re: Need provider suggestions - BGP transit over GRE tunnel
On Sun, 30 Jan 2011, Franck Martin wrote: Just make sure you don't shoot yourself in the foot by telling the best route to the end of the tunnel is via the tunnel itself... Right, nail up a /32 static route for the remote gre tunnel endpoint on each side. That /32 is nailed up to the next hop that you want the gre tunnel to always traverse. If that next hop becomes unavailable, the tunnel will go down, which is what you want rather than the tunnel trying to come up across some other path it can find. I use it too: http://www.avonsys.com/blogpost367 but because I have no other choice. - Original Message - From: Robert Johnson fasterfour...@gmail.com To: C. Jon Larsen jlar...@richweb.com, nanog@nanog.org Sent: Saturday, 29 January, 2011 6:48:50 PM Subject: Re: Need provider suggestions - BGP transit over GRE tunnel My network spans a multicity geographic area using microwave radio links. The point of the GRE tunnel is to allow me to establish a BGP session to another AS using a consumer grade Internet connection (cheap) over the public Internet. I don't want to build out additional microwave paths to a new datacenter to become multihomed. On Fri, Jan 28, 2011 at 5:36 PM, C. Jon Larsen jlar...@richweb.com wrote: I have read your email a few times and i dont see how this makes sense. Why do you need a public AS and PI space? Your gre tunnel wont need it or be able to use it. A gre tunnel is just a replacement for a physical pipe. If your datacenter based presence goes down, you will need a pipe at your office, or some other location speaking bgp that can annouce your block anyway. -- This message has been scanned for viruses and dangerous content by the Richweb.com MailScanner, and is believed to be clean.
Need provider suggestions - BGP transit over GRE tunnel
My organization is planning to become multihomed in the near future. Currently we have redundant (router and physical path) links to a single AS where we get our transit, and speak BGP to them using a private ASN. This configuration has not been meeting our reliability requirements, so we will be getting our own ASN from ARIN, and moving from PA to PI IP space. Our new provider will be used for backup purposes only. We would like to minimize the monthly cost of this connection; to do this, we are planning to use a VZ business FIOS connection with symmetrical bandwidth to establish a GRE tunnel to a datacenter somewhere, and bring up a BGP session over that tunnel. I'd like to know if there are providers that offer such a service on a regular basis, and if so, if anyone is doing this and has words of wisdom. Thanks in advance.
Re: Need provider suggestions - BGP transit over GRE tunnel
The general way this works for a small shop is two transits - one cheap provider who you move most of your bits over, and one more expensive but reliable link. Prepend / localpref / whathaveyou to your hearts content until pleased with your bandwidth bill, and when your cheap link toasts you're all set. What you're suggesting with the GRE over commodity links would *work*, but: (a) By the time you convince a network that they should do this for you, you're likely going to be out as much money as just brining up directly connected transit and not pushing much traffic at them. (b) You're using the GRE setup as your backup... over a setup thats about 100x less reliable than your primary link. -Jack Carrozzo
Re: Need provider suggestions - BGP transit over GRE tunnel
On Fri, Jan 28, 2011 at 11:10 AM, Robert Johnson fasterfour...@gmail.com wrote: My organization is planning to become multihomed in the near future. Currently we have redundant (router and physical path) links to a single AS where we get our transit, and speak BGP to them using a private ASN. This configuration has not been meeting our reliability requirements, so we will be getting our own ASN from ARIN, and moving from PA to PI IP space. Our new provider will be used for backup purposes only. We would like to minimize the monthly cost of this connection; to do this, we are planning to use a VZ business FIOS connection with symmetrical bandwidth to establish a GRE tunnel to a datacenter somewhere, and bring up a BGP session over that tunnel. I'd like to know if there are providers that offer such a service on a regular basis, and if so, if anyone is doing this and has words of wisdom. Hi Robert, I use a similar technique myself and it works reasonably well. Servint.net was willing to do it for me and he.net gave me a quote as well. Three pitfalls to watch out for: 1. A small portion of your traffic is going to wander in via the data center link and down the GRE tunnel during normal operations. You can tweak the announcement so that it isn't much, but it won't be zero either. 2. Make sure you originate the network announcement from your physical location, not from the data center. In other words, no network 10.2.3.0 mask 255.255.255.0 in the router bgp section at the data center. If the data center becomes disconnected from you, it should drop the announcement. 3. You'll need a small block (/29) of PA addresses at the data center to anchor the tunnel. Regards, Bill Herrin -- William D. Herrin her...@dirtside.comĀ b...@herrin.us 3005 Crane Dr. .. Web: http://bill.herrin.us/ Falls Church, VA 22042-3004
Re: Need provider suggestions - BGP transit over GRE tunnel
My network spans a multicity geographic area using microwave radio links. The point of the GRE tunnel is to allow me to establish a BGP session to another AS using a consumer grade Internet connection (cheap) over the public Internet. I don't want to build out additional microwave paths to a new datacenter to become multihomed. On Fri, Jan 28, 2011 at 5:36 PM, C. Jon Larsen jlar...@richweb.com wrote: I have read your email a few times and i dont see how this makes sense. Why do you need a public AS and PI space? Your gre tunnel wont need it or be able to use it. A gre tunnel is just a replacement for a physical pipe. If your datacenter based presence goes down, you will need a pipe at your office, or some other location speaking bgp that can annouce your block anyway. On Fri, 28 Jan 2011, Robert Johnson wrote: My organization is planning to become multihomed in the near future. Currently we have redundant (router and physical path) links to a single AS where we get our transit, and speak BGP to them using a private ASN. This configuration has not been meeting our reliability requirements, so we will be getting our own ASN from ARIN, and moving from PA to PI IP space. Our new provider will be used for backup purposes only. We would like to minimize the monthly cost of this connection; to do this, we are planning to use a VZ business FIOS connection with symmetrical bandwidth to establish a GRE tunnel to a datacenter somewhere, and bring up a BGP session over that tunnel. I'd like to know if there are providers that offer such a service on a regular basis, and if so, if anyone is doing this and has words of wisdom. Thanks in advance. -- This message has been scanned for viruses and dangerous content by the Richweb.com MailScanner, and is believed to be clean.