Mailing List Archive: NANOG: users

Redundant Routes, BGP with MPLS provider

Index | Next | Previous | View Threaded

WTribble at sterneagee

Aug 30, 2012, 11:17 AM

Post #1 of 13 (525 views)
Permalink

Redundant Routes, BGP with MPLS provider

Hello all,

I am an Network Operator working in an Enterprise environment with offices all over the country(mostly connected via MPLS). We are currently working towards building a Disaster Recovery Site that will host some of our vendor routers and provide the capability to access these vendors from both our primary and backup data center locations. The routes(as advertised by the vendor's routers) will be the same at both locations. I would like to advertise the routes from multiple locations at the same time, rather than suppress the routes and advertise conditionally.

What is the best method to Instruct the provider's network to prefer the Primary Data Center routes over the DR site? Keep in mind that I am only peering with the provider over BGP and I have no visibility to the underlying MPLS architecture or configuration. Although if you have specific questions about their architecture, I can work to get answers.

Discussing in house, we have gone over a few different options:

-Advertise specific routes from primary site and summary routes from the DR site. Most specific will always be chosen.
-Prepend the routes from the DR site so that they will have a longer AS-path than the Primary location
-Use Community Strings to influence local preference.(Still working to find out if Provider will pass our community strings)

Just looking for some ideas and best practices. Any thoughts or insight would be much welcomed and appreciated. This is my first message on NANOG, so please be gentle. I apologize in advance if I have done something incorrectly.

Wes

________________________________
**************************************************************************************************
Sterne Agee Group, Inc. and its subsidiaries request that you do not transmit orders
and instructions regarding your Sterne Agee account by e-mail. Transactional details
do not supersede normal trade confirmations or statements. The information contained
in this transmission is privileged and confidential. It is intended for the use of the
individual or entity named above. The information contained herein is based on sources
we believe reliable but is not considered all-inclusive. Opinions are our current
opinions only and are subject to change without notice. Offerings are subject to prior
sale and/or change in price. Prices, quotes, rates and yields are subject to change
without notice. Sterne Agee & Leach, Inc. member FINRA and SIPC, is a registered
broker-dealer subsidiary of Sterne Agee Group, Inc. Generally, investments are NOT
FDIC INSURED, NOT BANK GUARANTEED, and MAY LOSE VALUE. Please contact
your Financial Advisor with information regarding specific investments. Sterne Agee
reserves the right to monitor all electronic correspondence.
**************************************************************************************************

morrowc.lists at gmail

Aug 31, 2012, 7:05 AM

Post #2 of 13 (510 views)
Permalink

Re: Redundant Routes, BGP with MPLS provider [In reply to]

On Thu, Aug 30, 2012 at 2:17 PM, Tribble, Wesley
<WTribble [at] sterneagee> wrote:

> -Prepend the routes from the DR site so that they will have a longer AS-path than the Primary location

yes

walter.keen at rainierconnect

Aug 31, 2012, 8:12 AM

Post #3 of 13 (509 views)
Permalink

Re: Redundant Routes, BGP with MPLS provider [In reply to]

Assuming the MPLS provider is a single company, and uses BGP at all sites to talk to your routers, I would simply set the MED (in cisco terms) to reflect what you desire.
http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094934.shtml

This assumes however that the failover you require is based on the router at the primary site going down. I understand it's for DR, but if you have your routing equipment on a UPS/Generator at the primary site, it's something to think about. DR may mean more than just your link or site going down, for some people it goes as far as the server farm going down (but the router still up). Something to think about.

----- Original Message -----

From: "Christopher Morrow" <morrowc.lists [at] gmail>
To: "Wesley Tribble" <WTribble [at] sterneagee>
Cc: nanog [at] nanog
Sent: Friday, August 31, 2012 7:05:17 AM
Subject: Re: Redundant Routes, BGP with MPLS provider

On Thu, Aug 30, 2012 at 2:17 PM, Tribble, Wesley
<WTribble [at] sterneagee> wrote:

> -Prepend the routes from the DR site so that they will have a longer AS-path than the Primary location

yes

bill at herrin

Aug 31, 2012, 8:49 AM

Post #4 of 13 (507 views)
Permalink

Re: Redundant Routes, BGP with MPLS provider [In reply to]

On Thu, Aug 30, 2012 at 2:17 PM, Tribble, Wesley
<WTribble [at] sterneagee> wrote:
> What is the best method to Instruct the provider's
>network to prefer the Primary Data Center routes
>over the DR site? Keep in mind that I am only
>peering with the provider over BGP and I have no
>visibility to the underlying MPLS architecture or
>configuration.

Hi Wesley,

For an Internet-based system, here's how you would do it. The private
MPLS-based network you describe won't be quite the same but it'll be
similar.

* Announce with a AS path length from the DR site that has at least 3
prepends. Get your own RIR-assigned AS number for this; you can use
private AS numbers but this will eventually confuse someone debugging
a connectivity problem.

* Local pref the accepted routes to prefer the primary site.

* At least two ISPs at the primary site.

* At the DR site, the usually single ISP should be the same as one of
the ISPs at the primary site. That way when there's trouble talking to
the two sites there's only one vendor to blame and it's the one you
pay directly. It also means the GRE tunnel traffic between sites tends
to stay on a single carrier.

* GRE tunnels between the sites running IBGP. One GRE tunnel for each
pair of Internet connections. Despite your best efforts you'll get a
trickle of traffic into the DR site during normal operation of the
primary. You'll want to send it back to the primary site and that
should all happen outside the firewall.

* In addition to your BGP announced addresses, get a small bank of IP
addresses from each ISP for each Internet connection at each site. I
usually ask for a /28 but a /29 is normally adequate. You'll need
these to anchor your GRE tunnels and management functions.

Regards,
Bill Herrin

--
William D. Herrin ................ herrin [at] dirtside bill [at] herrin
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004

ler762 at gmail

Aug 31, 2012, 9:14 AM

Post #5 of 13 (507 views)
Permalink

Re: Redundant Routes, BGP with MPLS provider [In reply to]

On 8/30/12, Tribble, Wesley <WTribble [at] sterneagee> wrote:
> Hello all,
>
> I am an Network Operator working in an Enterprise environment with offices
> all over the country(mostly connected via MPLS). We are currently working
> towards building a Disaster Recovery Site that will host some of our vendor
> routers and provide the capability to access these vendors from both our
> primary and backup data center locations. The routes(as advertised by the
> vendor's routers) will be the same at both locations. I would like to
> advertise the routes from multiple locations at the same time, rather than
> suppress the routes and advertise conditionally.

At work, we have our internal routing protocol running on GRE over
IPSec tunnels & keep the BGP sessions with the MPLS provider limited
to just the MPLS network. And have an ACL on the MPLS network
interface that allows only what's expected in... some providers are
better than others at not having anything hit the 'deny any any log'
line

Regards,
Lee

>
> What is the best method to Instruct the provider's network to prefer the
> Primary Data Center routes over the DR site? Keep in mind that I am only
> peering with the provider over BGP and I have no visibility to the
> underlying MPLS architecture or configuration. Although if you have
> specific questions about their architecture, I can work to get answers.
>
> Discussing in house, we have gone over a few different options:
>
> -Advertise specific routes from primary site and summary routes from the DR
> site. Most specific will always be chosen.
> -Prepend the routes from the DR site so that they will have a longer AS-path
> than the Primary location
> -Use Community Strings to influence local preference.(Still working to find
> out if Provider will pass our community strings)
>
> Just looking for some ideas and best practices. Any thoughts or insight
> would be much welcomed and appreciated. This is my first message on NANOG,
> so please be gentle. I apologize in advance if I have done something
> incorrectly.
>
>
> Wes
>
>
> ________________________________
> **************************************************************************************************
> Sterne Agee Group, Inc. and its subsidiaries request that you do not
> transmit orders
> and instructions regarding your Sterne Agee account by e-mail. Transactional
> details
> do not supersede normal trade confirmations or statements. The information
> contained
> in this transmission is privileged and confidential. It is intended for the
> use of the
> individual or entity named above. The information contained herein is based
> on sources
> we believe reliable but is not considered all-inclusive. Opinions are our
> current
> opinions only and are subject to change without notice. Offerings are
> subject to prior
> sale and/or change in price. Prices, quotes, rates and yields are subject to
> change
> without notice. Sterne Agee & Leach, Inc. member FINRA and SIPC, is a
> registered
> broker-dealer subsidiary of Sterne Agee Group, Inc. Generally, investments
> are NOT
> FDIC INSURED, NOT BANK GUARANTEED, and MAY LOSE VALUE. Please contact
> your Financial Advisor with information regarding specific investments.
> Sterne Agee
> reserves the right to monitor all electronic correspondence.
> **************************************************************************************************
>

Bill.Ingrum at t-systems

Aug 31, 2012, 9:21 AM

Post #6 of 13 (508 views)
Permalink

RE: Redundant Routes, BGP with MPLS provider [In reply to]

I think having a GRE tunnel for the internal routing protocol is
unnecessary. Can you explain the reasoning behind this? I understand
the technical issue whereby GRE will allow multicast for EIGRP, OSPF,
etc, but why not just redistribute into BGP?

I work on a lot of MPLS CE routers, and in general you can accomplish
anything you need by redistributing your internal routing protocol into
BGP, and adjusting LP, MED and AS Prepend as needed.

Thanks,

Bill

-----Original Message-----
From: Lee [mailto:ler762 [at] gmail]
Sent: Friday, August 31, 2012 11:15 AM
To: Tribble, Wesley
Cc: nanog [at] nanog
Subject: Re: Redundant Routes, BGP with MPLS provider

On 8/30/12, Tribble, Wesley <WTribble [at] sterneagee> wrote:
> Hello all,
>
> I am an Network Operator working in an Enterprise environment with
> offices all over the country(mostly connected via MPLS). We are
> currently working towards building a Disaster Recovery Site that will
> host some of our vendor routers and provide the capability to access
> these vendors from both our primary and backup data center locations.

> The routes(as advertised by the vendor's routers) will be the same at
> both locations. I would like to advertise the routes from multiple
> locations at the same time, rather than suppress the routes and
advertise conditionally.

At work, we have our internal routing protocol running on GRE over IPSec
tunnels & keep the BGP sessions with the MPLS provider limited to just
the MPLS network. And have an ACL on the MPLS network
interface that allows only what's expected in... some providers are
better than others at not having anything hit the 'deny any any log'
line

Regards,
Lee

>
> What is the best method to Instruct the provider's network to prefer
> the Primary Data Center routes over the DR site? Keep in mind that I
> am only peering with the provider over BGP and I have no visibility to

> the underlying MPLS architecture or configuration. Although if you
> have specific questions about their architecture, I can work to get
answers.
>
> Discussing in house, we have gone over a few different options:
>
> -Advertise specific routes from primary site and summary routes from
> the DR site. Most specific will always be chosen.
> -Prepend the routes from the DR site so that they will have a longer
> AS-path than the Primary location -Use Community Strings to influence
> local preference.(Still working to find out if Provider will pass our
> community strings)
>
> Just looking for some ideas and best practices. Any thoughts or
> insight would be much welcomed and appreciated. This is my first
> message on NANOG, so please be gentle. I apologize in advance if I
> have done something incorrectly.
>
>
> Wes
>
>
> ________________________________
> **********************************************************************
> **************************** Sterne Agee Group, Inc. and its
> subsidiaries request that you do not transmit orders and instructions
> regarding your Sterne Agee account by e-mail. Transactional details do

> not supersede normal trade confirmations or statements. The
> information contained in this transmission is privileged and
> confidential. It is intended for the use of the individual or entity
> named above. The information contained herein is based on sources we
> believe reliable but is not considered all-inclusive. Opinions are our

> current opinions only and are subject to change without notice.
> Offerings are subject to prior sale and/or change in price. Prices,
> quotes, rates and yields are subject to change without notice. Sterne
> Agee & Leach, Inc. member FINRA and SIPC, is a registered
> broker-dealer subsidiary of Sterne Agee Group, Inc. Generally,
> investments are NOT FDIC INSURED, NOT BANK GUARANTEED, and MAY LOSE
> VALUE. Please contact your Financial Advisor with information
> regarding specific investments.
> Sterne Agee
> reserves the right to monitor all electronic correspondence.
>
************************************************************************
**************************
>

ler762 at gmail

Aug 31, 2012, 9:27 AM

Post #7 of 13 (504 views)
Permalink

Re: Redundant Routes, BGP with MPLS provider [In reply to]

On 8/31/12, Bill.Ingrum [at] t-systems <Bill.Ingrum [at] t-systems> wrote:
> I think having a GRE tunnel for the internal routing protocol is
> unnecessary.

It might be, but we have a requirement for multicast over the wan so
the GRE tunnels had to be there.

> Can you explain the reasoning behind this? I understand
> the technical issue whereby GRE will allow multicast for EIGRP, OSPF,
> etc, but why not just redistribute into BGP?

I see no reason to trust the provider that much.

> I work on a lot of MPLS CE routers, and in general you can accomplish
> anything you need by redistributing your internal routing protocol into
> BGP, and adjusting LP, MED and AS Prepend as needed.

Sure.. but how do you *know* you're not getting anything added/removed
by the provider?

Lee

>
> Thanks,
>
> Bill
>
> -----Original Message-----
> From: Lee [mailto:ler762 [at] gmail]
> Sent: Friday, August 31, 2012 11:15 AM
> To: Tribble, Wesley
> Cc: nanog [at] nanog
> Subject: Re: Redundant Routes, BGP with MPLS provider
>
> On 8/30/12, Tribble, Wesley <WTribble [at] sterneagee> wrote:
>> Hello all,
>>
>> I am an Network Operator working in an Enterprise environment with
>> offices all over the country(mostly connected via MPLS). We are
>> currently working towards building a Disaster Recovery Site that will
>> host some of our vendor routers and provide the capability to access
>> these vendors from both our primary and backup data center locations.
>
>> The routes(as advertised by the vendor's routers) will be the same at
>> both locations. I would like to advertise the routes from multiple
>> locations at the same time, rather than suppress the routes and
> advertise conditionally.
>
> At work, we have our internal routing protocol running on GRE over IPSec
> tunnels & keep the BGP sessions with the MPLS provider limited to just
> the MPLS network. And have an ACL on the MPLS network
> interface that allows only what's expected in... some providers are
> better than others at not having anything hit the 'deny any any log'
> line
>
> Regards,
> Lee
>
>
>>
>> What is the best method to Instruct the provider's network to prefer
>> the Primary Data Center routes over the DR site? Keep in mind that I
>> am only peering with the provider over BGP and I have no visibility to
>
>> the underlying MPLS architecture or configuration. Although if you
>> have specific questions about their architecture, I can work to get
> answers.
>>
>> Discussing in house, we have gone over a few different options:
>>
>> -Advertise specific routes from primary site and summary routes from
>> the DR site. Most specific will always be chosen.
>> -Prepend the routes from the DR site so that they will have a longer
>> AS-path than the Primary location -Use Community Strings to influence
>> local preference.(Still working to find out if Provider will pass our
>> community strings)
>>
>> Just looking for some ideas and best practices. Any thoughts or
>> insight would be much welcomed and appreciated. This is my first
>> message on NANOG, so please be gentle. I apologize in advance if I
>> have done something incorrectly.
>>
>>
>> Wes
>>
>>
>> ________________________________
>> **********************************************************************
>> **************************** Sterne Agee Group, Inc. and its
>> subsidiaries request that you do not transmit orders and instructions
>> regarding your Sterne Agee account by e-mail. Transactional details do
>
>> not supersede normal trade confirmations or statements. The
>> information contained in this transmission is privileged and
>> confidential. It is intended for the use of the individual or entity
>> named above. The information contained herein is based on sources we
>> believe reliable but is not considered all-inclusive. Opinions are our
>
>> current opinions only and are subject to change without notice.
>> Offerings are subject to prior sale and/or change in price. Prices,
>> quotes, rates and yields are subject to change without notice. Sterne
>> Agee & Leach, Inc. member FINRA and SIPC, is a registered
>> broker-dealer subsidiary of Sterne Agee Group, Inc. Generally,
>> investments are NOT FDIC INSURED, NOT BANK GUARANTEED, and MAY LOSE
>> VALUE. Please contact your Financial Advisor with information
>> regarding specific investments.
>> Sterne Agee
>> reserves the right to monitor all electronic correspondence.
>>
> ************************************************************************
> **************************
>>
>
>

Bill.Ingrum at t-systems

Aug 31, 2012, 9:33 AM

Post #8 of 13 (518 views)
Permalink

RE: Redundant Routes, BGP with MPLS provider [In reply to]

I work for an MPLS provider, so I guess I tend to trust them ;)

Bill

-----Original Message-----
From: Lee [mailto:ler762 [at] gmail]
Sent: Friday, August 31, 2012 11:28 AM
To: Ingrum, Bill
Cc: WTribble [at] sterneagee; nanog [at] nanog
Subject: Re: Redundant Routes, BGP with MPLS provider

On 8/31/12, Bill.Ingrum [at] t-systems <Bill.Ingrum [at] t-systems> wrote:
> I think having a GRE tunnel for the internal routing protocol is
> unnecessary.

It might be, but we have a requirement for multicast over the wan so the
GRE tunnels had to be there.

> Can you explain the reasoning behind this? I understand the
> technical issue whereby GRE will allow multicast for EIGRP, OSPF, etc,

> but why not just redistribute into BGP?

I see no reason to trust the provider that much.

> I work on a lot of MPLS CE routers, and in general you can accomplish
> anything you need by redistributing your internal routing protocol
> into BGP, and adjusting LP, MED and AS Prepend as needed.

Sure.. but how do you *know* you're not getting anything added/removed
by the provider?

Lee

>
> Thanks,
>
> Bill
>
> -----Original Message-----
> From: Lee [mailto:ler762 [at] gmail]
> Sent: Friday, August 31, 2012 11:15 AM
> To: Tribble, Wesley
> Cc: nanog [at] nanog
> Subject: Re: Redundant Routes, BGP with MPLS provider
>
> On 8/30/12, Tribble, Wesley <WTribble [at] sterneagee> wrote:
>> Hello all,
>>
>> I am an Network Operator working in an Enterprise environment with
>> offices all over the country(mostly connected via MPLS). We are
>> currently working towards building a Disaster Recovery Site that will

>> host some of our vendor routers and provide the capability to access
>> these vendors from both our primary and backup data center locations.
>
>> The routes(as advertised by the vendor's routers) will be the same at

>> both locations. I would like to advertise the routes from multiple
>> locations at the same time, rather than suppress the routes and
> advertise conditionally.
>
> At work, we have our internal routing protocol running on GRE over
> IPSec tunnels & keep the BGP sessions with the MPLS provider limited
> to just the MPLS network. And have an ACL on the MPLS network
> interface that allows only what's expected in... some providers are
> better than others at not having anything hit the 'deny any any log'
> line
>
> Regards,
> Lee
>
>
>>
>> What is the best method to Instruct the provider's network to prefer
>> the Primary Data Center routes over the DR site? Keep in mind that I

>> am only peering with the provider over BGP and I have no visibility
>> to
>
>> the underlying MPLS architecture or configuration. Although if you
>> have specific questions about their architecture, I can work to get
> answers.
>>
>> Discussing in house, we have gone over a few different options:
>>
>> -Advertise specific routes from primary site and summary routes from
>> the DR site. Most specific will always be chosen.
>> -Prepend the routes from the DR site so that they will have a longer
>> AS-path than the Primary location -Use Community Strings to influence

>> local preference.(Still working to find out if Provider will pass our

>> community strings)
>>
>> Just looking for some ideas and best practices. Any thoughts or
>> insight would be much welcomed and appreciated. This is my first
>> message on NANOG, so please be gentle. I apologize in advance if I
>> have done something incorrectly.
>>
>>
>> Wes
>>
>>
>> ________________________________
>> *********************************************************************
>> *
>> **************************** Sterne Agee Group, Inc. and its
>> subsidiaries request that you do not transmit orders and instructions

>> regarding your Sterne Agee account by e-mail. Transactional details
>> do
>
>> not supersede normal trade confirmations or statements. The
>> information contained in this transmission is privileged and
>> confidential. It is intended for the use of the individual or entity
>> named above. The information contained herein is based on sources we
>> believe reliable but is not considered all-inclusive. Opinions are
>> our
>
>> current opinions only and are subject to change without notice.
>> Offerings are subject to prior sale and/or change in price. Prices,
>> quotes, rates and yields are subject to change without notice. Sterne

>> Agee & Leach, Inc. member FINRA and SIPC, is a registered
>> broker-dealer subsidiary of Sterne Agee Group, Inc. Generally,
>> investments are NOT FDIC INSURED, NOT BANK GUARANTEED, and MAY LOSE
>> VALUE. Please contact your Financial Advisor with information
>> regarding specific investments.
>> Sterne Agee
>> reserves the right to monitor all electronic correspondence.
>>
> **********************************************************************
> **
> **************************
>>
>
>

ikiris at gmail

Aug 31, 2012, 10:18 AM

Post #9 of 13 (504 views)
Permalink

Re: Redundant Routes, BGP with MPLS provider [In reply to]

I'd prefer to trust / get the provider to do the right thing over losing
the 40 mtu points.... and all the associated headache therein.

-Blake

On Fri, Aug 31, 2012 at 11:33 AM, <Bill.Ingrum [at] t-systems> wrote:

> I work for an MPLS provider, so I guess I tend to trust them ;)
>
> Bill
>
> -----Original Message-----
> From: Lee [mailto:ler762 [at] gmail]
> Sent: Friday, August 31, 2012 11:28 AM
> To: Ingrum, Bill
> Cc: WTribble [at] sterneagee; nanog [at] nanog
> Subject: Re: Redundant Routes, BGP with MPLS provider
>
> On 8/31/12, Bill.Ingrum [at] t-systems <Bill.Ingrum [at] t-systems> wrote:
> > I think having a GRE tunnel for the internal routing protocol is
> > unnecessary.
>
> It might be, but we have a requirement for multicast over the wan so the
> GRE tunnels had to be there.
>
> > Can you explain the reasoning behind this? I understand the
> > technical issue whereby GRE will allow multicast for EIGRP, OSPF, etc,
>
> > but why not just redistribute into BGP?
>
> I see no reason to trust the provider that much.
>
> > I work on a lot of MPLS CE routers, and in general you can accomplish
> > anything you need by redistributing your internal routing protocol
> > into BGP, and adjusting LP, MED and AS Prepend as needed.
>
> Sure.. but how do you *know* you're not getting anything added/removed
> by the provider?
>
> Lee
>
>
>
> >
> > Thanks,
> >
> > Bill
> >
> > -----Original Message-----
> > From: Lee [mailto:ler762 [at] gmail]
> > Sent: Friday, August 31, 2012 11:15 AM
> > To: Tribble, Wesley
> > Cc: nanog [at] nanog
> > Subject: Re: Redundant Routes, BGP with MPLS provider
> >
> > On 8/30/12, Tribble, Wesley <WTribble [at] sterneagee> wrote:
> >> Hello all,
> >>
> >> I am an Network Operator working in an Enterprise environment with
> >> offices all over the country(mostly connected via MPLS). We are
> >> currently working towards building a Disaster Recovery Site that will
>
> >> host some of our vendor routers and provide the capability to access
> >> these vendors from both our primary and backup data center locations.
> >
> >> The routes(as advertised by the vendor's routers) will be the same at
>
> >> both locations. I would like to advertise the routes from multiple
> >> locations at the same time, rather than suppress the routes and
> > advertise conditionally.
> >
> > At work, we have our internal routing protocol running on GRE over
> > IPSec tunnels & keep the BGP sessions with the MPLS provider limited
> > to just the MPLS network. And have an ACL on the MPLS network
> > interface that allows only what's expected in... some providers are
> > better than others at not having anything hit the 'deny any any log'
> > line
> >
> > Regards,
> > Lee
> >
> >
> >>
> >> What is the best method to Instruct the provider's network to prefer
> >> the Primary Data Center routes over the DR site? Keep in mind that I
>
> >> am only peering with the provider over BGP and I have no visibility
> >> to
> >
> >> the underlying MPLS architecture or configuration. Although if you
> >> have specific questions about their architecture, I can work to get
> > answers.
> >>
> >> Discussing in house, we have gone over a few different options:
> >>
> >> -Advertise specific routes from primary site and summary routes from
> >> the DR site. Most specific will always be chosen.
> >> -Prepend the routes from the DR site so that they will have a longer
> >> AS-path than the Primary location -Use Community Strings to influence
>
> >> local preference.(Still working to find out if Provider will pass our
>
> >> community strings)
> >>
> >> Just looking for some ideas and best practices. Any thoughts or
> >> insight would be much welcomed and appreciated. This is my first
> >> message on NANOG, so please be gentle. I apologize in advance if I
> >> have done something incorrectly.
> >>
> >>
> >> Wes
> >>
> >>
> >> ________________________________
> >> *********************************************************************
> >> *
> >> **************************** Sterne Agee Group, Inc. and its
> >> subsidiaries request that you do not transmit orders and instructions
>
> >> regarding your Sterne Agee account by e-mail. Transactional details
> >> do
> >
> >> not supersede normal trade confirmations or statements. The
> >> information contained in this transmission is privileged and
> >> confidential. It is intended for the use of the individual or entity
> >> named above. The information contained herein is based on sources we
> >> believe reliable but is not considered all-inclusive. Opinions are
> >> our
> >
> >> current opinions only and are subject to change without notice.
> >> Offerings are subject to prior sale and/or change in price. Prices,
> >> quotes, rates and yields are subject to change without notice. Sterne
>
> >> Agee & Leach, Inc. member FINRA and SIPC, is a registered
> >> broker-dealer subsidiary of Sterne Agee Group, Inc. Generally,
> >> investments are NOT FDIC INSURED, NOT BANK GUARANTEED, and MAY LOSE
> >> VALUE. Please contact your Financial Advisor with information
> >> regarding specific investments.
> >> Sterne Agee
> >> reserves the right to monitor all electronic correspondence.
> >>
> > **********************************************************************
> > **
> > **************************
> >>
> >
> >
>
>

paul4004 at gmail

Aug 31, 2012, 10:29 AM

Post #10 of 13 (505 views)
Permalink

Re: Redundant Routes, BGP with MPLS provider [In reply to]

Options

1) Ask the provider if they have any traffic engineering communities
available. Many of the large ones offer some.
2) Use BGP MED to influence the output path (works in most cases).
3) If that fails, use as-path pre-pending to influence the output path from
the provider towards you.

GRE tunnels are not necessary for MPLS in most use cases. Additionally,
many SPs support native multicast over their L3VPN services if you need
this -- shop around.

Finally, you mention the vendor can accept traffic on either router.
Consider just announcing the routes equally from both locations into MPLS
and letting the traffic more or less load balance as it sees fit on the way
to your vendor -- this is how the internet generally works.

On Fri, Aug 31, 2012 at 11:18 AM, Blake Dunlap <ikiris [at] gmail> wrote:

> I'd prefer to trust / get the provider to do the right thing over losing
> the 40 mtu points.... and all the associated headache therein.
>
> -Blake
>
> On Fri, Aug 31, 2012 at 11:33 AM, <Bill.Ingrum [at] t-systems> wrote:
>
> > I work for an MPLS provider, so I guess I tend to trust them ;)
> >
> > Bill
> >
> > -----Original Message-----
> > From: Lee [mailto:ler762 [at] gmail]
> > Sent: Friday, August 31, 2012 11:28 AM
> > To: Ingrum, Bill
> > Cc: WTribble [at] sterneagee; nanog [at] nanog
> > Subject: Re: Redundant Routes, BGP with MPLS provider
> >
> > On 8/31/12, Bill.Ingrum [at] t-systems <Bill.Ingrum [at] t-systems> wrote:
> > > I think having a GRE tunnel for the internal routing protocol is
> > > unnecessary.
> >
> > It might be, but we have a requirement for multicast over the wan so the
> > GRE tunnels had to be there.
> >
> > > Can you explain the reasoning behind this? I understand the
> > > technical issue whereby GRE will allow multicast for EIGRP, OSPF, etc,
> >
> > > but why not just redistribute into BGP?
> >
> > I see no reason to trust the provider that much.
> >
> > > I work on a lot of MPLS CE routers, and in general you can accomplish
> > > anything you need by redistributing your internal routing protocol
> > > into BGP, and adjusting LP, MED and AS Prepend as needed.
> >
> > Sure.. but how do you *know* you're not getting anything added/removed
> > by the provider?
> >
> > Lee
> >
> >
> >
> > >
> > > Thanks,
> > >
> > > Bill
> > >
> > > -----Original Message-----
> > > From: Lee [mailto:ler762 [at] gmail]
> > > Sent: Friday, August 31, 2012 11:15 AM
> > > To: Tribble, Wesley
> > > Cc: nanog [at] nanog
> > > Subject: Re: Redundant Routes, BGP with MPLS provider
> > >
> > > On 8/30/12, Tribble, Wesley <WTribble [at] sterneagee> wrote:
> > >> Hello all,
> > >>
> > >> I am an Network Operator working in an Enterprise environment with
> > >> offices all over the country(mostly connected via MPLS). We are
> > >> currently working towards building a Disaster Recovery Site that will
> >
> > >> host some of our vendor routers and provide the capability to access
> > >> these vendors from both our primary and backup data center locations.
> > >
> > >> The routes(as advertised by the vendor's routers) will be the same at
> >
> > >> both locations. I would like to advertise the routes from multiple
> > >> locations at the same time, rather than suppress the routes and
> > > advertise conditionally.
> > >
> > > At work, we have our internal routing protocol running on GRE over
> > > IPSec tunnels & keep the BGP sessions with the MPLS provider limited
> > > to just the MPLS network. And have an ACL on the MPLS network
> > > interface that allows only what's expected in... some providers are
> > > better than others at not having anything hit the 'deny any any log'
> > > line
> > >
> > > Regards,
> > > Lee
> > >
> > >
> > >>
> > >> What is the best method to Instruct the provider's network to prefer
> > >> the Primary Data Center routes over the DR site? Keep in mind that I
> >
> > >> am only peering with the provider over BGP and I have no visibility
> > >> to
> > >
> > >> the underlying MPLS architecture or configuration. Although if you
> > >> have specific questions about their architecture, I can work to get
> > > answers.
> > >>
> > >> Discussing in house, we have gone over a few different options:
> > >>
> > >> -Advertise specific routes from primary site and summary routes from
> > >> the DR site. Most specific will always be chosen.
> > >> -Prepend the routes from the DR site so that they will have a longer
> > >> AS-path than the Primary location -Use Community Strings to influence
> >
> > >> local preference.(Still working to find out if Provider will pass our
> >
> > >> community strings)
> > >>
> > >> Just looking for some ideas and best practices. Any thoughts or
> > >> insight would be much welcomed and appreciated. This is my first
> > >> message on NANOG, so please be gentle. I apologize in advance if I
> > >> have done something incorrectly.
> > >>
> > >>
> > >> Wes
> > >>
> > >>
> > >> ________________________________
> > >> *********************************************************************
> > >> *
> > >> **************************** Sterne Agee Group, Inc. and its
> > >> subsidiaries request that you do not transmit orders and instructions
> >
> > >> regarding your Sterne Agee account by e-mail. Transactional details
> > >> do
> > >
> > >> not supersede normal trade confirmations or statements. The
> > >> information contained in this transmission is privileged and
> > >> confidential. It is intended for the use of the individual or entity
> > >> named above. The information contained herein is based on sources we
> > >> believe reliable but is not considered all-inclusive. Opinions are
> > >> our
> > >
> > >> current opinions only and are subject to change without notice.
> > >> Offerings are subject to prior sale and/or change in price. Prices,
> > >> quotes, rates and yields are subject to change without notice. Sterne
> >
> > >> Agee & Leach, Inc. member FINRA and SIPC, is a registered
> > >> broker-dealer subsidiary of Sterne Agee Group, Inc. Generally,
> > >> investments are NOT FDIC INSURED, NOT BANK GUARANTEED, and MAY LOSE
> > >> VALUE. Please contact your Financial Advisor with information
> > >> regarding specific investments.
> > >> Sterne Agee
> > >> reserves the right to monitor all electronic correspondence.
> > >>
> > > **********************************************************************
> > > **
> > > **************************
> > >>
> > >
> > >
> >
> >
>

virendra.rode at gmail

Aug 31, 2012, 11:32 AM

Post #11 of 13 (511 views)
Permalink

Re: Redundant Routes, BGP with MPLS provider [In reply to]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 08/31/2012 09:21 AM, Bill.Ingrum [at] t-systems wrote:
> I think having a GRE tunnel for the internal routing protocol is
> unnecessary. Can you explain the reasoning behind this? I
> understand the technical issue whereby GRE will allow multicast for
> EIGRP, OSPF, etc, but why not just redistribute into BGP?
>
> I work on a lot of MPLS CE routers, and in general you can
> accomplish anything you need by redistributing your internal
> routing protocol into BGP, and adjusting LP, MED and AS Prepend as
> needed.
>
> Thanks,
>
> Bill
- -----------------------
Using bgp communities (MED attribute "inbound") helped influence our
path(s) between our mpls providers.

regards,
/virendra
>
> -----Original Message----- From: Lee [mailto:ler762 [at] gmail]
> Sent: Friday, August 31, 2012 11:15 AM To: Tribble, Wesley Cc:
> nanog [at] nanog Subject: Re: Redundant Routes, BGP with MPLS
> provider
>
> On 8/30/12, Tribble, Wesley <WTribble [at] sterneagee> wrote:
>> Hello all,
>>
>> I am an Network Operator working in an Enterprise environment
>> with offices all over the country(mostly connected via MPLS). We
>> are currently working towards building a Disaster Recovery Site
>> that will host some of our vendor routers and provide the
>> capability to access these vendors from both our primary and
>> backup data center locations.
>
>> The routes(as advertised by the vendor's routers) will be the
>> same at both locations. I would like to advertise the routes
>> from multiple locations at the same time, rather than suppress
>> the routes and
> advertise conditionally.
>
> At work, we have our internal routing protocol running on GRE over
> IPSec tunnels & keep the BGP sessions with the MPLS provider
> limited to just the MPLS network. And have an ACL on the MPLS
> network interface that allows only what's expected in... some
> providers are better than others at not having anything hit the
> 'deny any any log' line
>
> Regards, Lee
>
>
>>
>> What is the best method to Instruct the provider's network to
>> prefer the Primary Data Center routes over the DR site? Keep in
>> mind that I am only peering with the provider over BGP and I have
>> no visibility to
>
>> the underlying MPLS architecture or configuration. Although if
>> you have specific questions about their architecture, I can work
>> to get
> answers.
>>
>> Discussing in house, we have gone over a few different options:
>>
>> -Advertise specific routes from primary site and summary routes
>> from the DR site. Most specific will always be chosen. -Prepend
>> the routes from the DR site so that they will have a longer
>> AS-path than the Primary location -Use Community Strings to
>> influence local preference.(Still working to find out if Provider
>> will pass our community strings)
>>
>> Just looking for some ideas and best practices. Any thoughts or
>> insight would be much welcomed and appreciated. This is my
>> first message on NANOG, so please be gentle. I apologize in
>> advance if I have done something incorrectly.
>>
>>
>> Wes
>>
>>
>> ________________________________
>> **********************************************************************
>>
>>
**************************** Sterne Agee Group, Inc. and its
>> subsidiaries request that you do not transmit orders and
>> instructions regarding your Sterne Agee account by e-mail.
>> Transactional details do
>
>> not supersede normal trade confirmations or statements. The
>> information contained in this transmission is privileged and
>> confidential. It is intended for the use of the individual or
>> entity named above. The information contained herein is based on
>> sources we believe reliable but is not considered all-inclusive.
>> Opinions are our
>
>> current opinions only and are subject to change without notice.
>> Offerings are subject to prior sale and/or change in price.
>> Prices, quotes, rates and yields are subject to change without
>> notice. Sterne Agee & Leach, Inc. member FINRA and SIPC, is a
>> registered broker-dealer subsidiary of Sterne Agee Group, Inc.
>> Generally, investments are NOT FDIC INSURED, NOT BANK GUARANTEED,
>> and MAY LOSE VALUE. Please contact your Financial Advisor with
>> information regarding specific investments. Sterne Agee reserves
>> the right to monitor all electronic correspondence.
>>
> ************************************************************************
>
>
**************************
>>
>
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iF4EAREIAAYFAlBBA1kACgkQ3HuimOHfh+HhsgD7BGtBuiX9tw0leW5e2Jv3jT5E
OvAlvkc6bJgE6oSPwdYA/2AkjAWawOOJAIvkmIh6+jXQJo5IRJhl5u6IqtbwFKsy
=zUYy
-----END PGP SIGNATURE-----

ler762 at gmail

Aug 31, 2012, 3:29 PM

Post #12 of 13 (497 views)
Permalink

Re: Redundant Routes, BGP with MPLS provider [In reply to]

On 8/31/12, Bill.Ingrum [at] t-systems <Bill.Ingrum [at] t-systems> wrote:
> I work for an MPLS provider, so I guess I tend to trust them ;)

For certain definitions of "trust" I would also. But.. Monday? I was
told that $AGENCY had just completed an audit of our network and we
had to change the exec timeout from 15 to 10 minutes on all routers
and switches.

Apparently that extra 5 minutes is an unacceptable security risk. But
leaving the network wide-open to all sorts of routing hijinks via
MPLS? (I don't have route filters & acls on all of the mpls
interfaces yet) nada

We can't trust the people in our office area to not to take advantage
of an unattended terminal but we can trust our MPLS providers to not
take advantage of their unrestricted access? Seems backwards to me.

Regards,
Lee

>
> Bill
>
> -----Original Message-----
> From: Lee [mailto:ler762 [at] gmail]
> Sent: Friday, August 31, 2012 11:28 AM
> To: Ingrum, Bill
> Cc: WTribble [at] sterneagee; nanog [at] nanog
> Subject: Re: Redundant Routes, BGP with MPLS provider
>
> On 8/31/12, Bill.Ingrum [at] t-systems <Bill.Ingrum [at] t-systems> wrote:
>> I think having a GRE tunnel for the internal routing protocol is
>> unnecessary.
>
> It might be, but we have a requirement for multicast over the wan so the
> GRE tunnels had to be there.
>
>> Can you explain the reasoning behind this? I understand the
>> technical issue whereby GRE will allow multicast for EIGRP, OSPF, etc,
>
>> but why not just redistribute into BGP?
>
> I see no reason to trust the provider that much.
>
>> I work on a lot of MPLS CE routers, and in general you can accomplish
>> anything you need by redistributing your internal routing protocol
>> into BGP, and adjusting LP, MED and AS Prepend as needed.
>
> Sure.. but how do you *know* you're not getting anything added/removed
> by the provider?
>
> Lee
>
>
>
>>
>> Thanks,
>>
>> Bill
>>
>> -----Original Message-----
>> From: Lee [mailto:ler762 [at] gmail]
>> Sent: Friday, August 31, 2012 11:15 AM
>> To: Tribble, Wesley
>> Cc: nanog [at] nanog
>> Subject: Re: Redundant Routes, BGP with MPLS provider
>>
>> On 8/30/12, Tribble, Wesley <WTribble [at] sterneagee> wrote:
>>> Hello all,
>>>
>>> I am an Network Operator working in an Enterprise environment with
>>> offices all over the country(mostly connected via MPLS). We are
>>> currently working towards building a Disaster Recovery Site that will
>
>>> host some of our vendor routers and provide the capability to access
>>> these vendors from both our primary and backup data center locations.
>>
>>> The routes(as advertised by the vendor's routers) will be the same at
>
>>> both locations. I would like to advertise the routes from multiple
>>> locations at the same time, rather than suppress the routes and
>> advertise conditionally.
>>
>> At work, we have our internal routing protocol running on GRE over
>> IPSec tunnels & keep the BGP sessions with the MPLS provider limited
>> to just the MPLS network. And have an ACL on the MPLS network
>> interface that allows only what's expected in... some providers are
>> better than others at not having anything hit the 'deny any any log'
>> line
>>
>> Regards,
>> Lee
>>
>>
>>>
>>> What is the best method to Instruct the provider's network to prefer
>>> the Primary Data Center routes over the DR site? Keep in mind that I
>
>>> am only peering with the provider over BGP and I have no visibility
>>> to
>>
>>> the underlying MPLS architecture or configuration. Although if you
>>> have specific questions about their architecture, I can work to get
>> answers.
>>>
>>> Discussing in house, we have gone over a few different options:
>>>
>>> -Advertise specific routes from primary site and summary routes from
>>> the DR site. Most specific will always be chosen.
>>> -Prepend the routes from the DR site so that they will have a longer
>>> AS-path than the Primary location -Use Community Strings to influence
>
>>> local preference.(Still working to find out if Provider will pass our
>
>>> community strings)
>>>
>>> Just looking for some ideas and best practices. Any thoughts or
>>> insight would be much welcomed and appreciated. This is my first
>>> message on NANOG, so please be gentle. I apologize in advance if I
>>> have done something incorrectly.
>>>
>>>
>>> Wes
>>>
>>>
>>> ________________________________
>>> *********************************************************************
>>> *
>>> **************************** Sterne Agee Group, Inc. and its
>>> subsidiaries request that you do not transmit orders and instructions
>
>>> regarding your Sterne Agee account by e-mail. Transactional details
>>> do
>>
>>> not supersede normal trade confirmations or statements. The
>>> information contained in this transmission is privileged and
>>> confidential. It is intended for the use of the individual or entity
>>> named above. The information contained herein is based on sources we
>>> believe reliable but is not considered all-inclusive. Opinions are
>>> our
>>
>>> current opinions only and are subject to change without notice.
>>> Offerings are subject to prior sale and/or change in price. Prices,
>>> quotes, rates and yields are subject to change without notice. Sterne
>
>>> Agee & Leach, Inc. member FINRA and SIPC, is a registered
>>> broker-dealer subsidiary of Sterne Agee Group, Inc. Generally,
>>> investments are NOT FDIC INSURED, NOT BANK GUARANTEED, and MAY LOSE
>>> VALUE. Please contact your Financial Advisor with information
>>> regarding specific investments.
>>> Sterne Agee
>>> reserves the right to monitor all electronic correspondence.
>>>
>> **********************************************************************
>> **
>> **************************
>>>
>>
>>
>

mpetach at netflight

Sep 1, 2012, 4:22 PM

Post #13 of 13 (490 views)
Permalink

Re: Redundant Routes, BGP with MPLS provider [In reply to]

On Fri, Aug 31, 2012 at 9:21 AM, <Bill.Ingrum [at] t-systems> wrote:
> I think having a GRE tunnel for the internal routing protocol is
> unnecessary. Can you explain the reasoning behind this? I understand
> the technical issue whereby GRE will allow multicast for EIGRP, OSPF,
> etc, but why not just redistribute into BGP?
>
> I work on a lot of MPLS CE routers, and in general you can accomplish
> anything you need by redistributing your internal routing protocol into
> BGP, and adjusting LP, MED and AS Prepend as needed.
>
> Thanks,
> Bill

So, rather than run an IGP between siteA and siteZ across
a GRE tunnel, you'd prefer to redistribute your IGP into BGP
at siteA, advertise those routes upstream...and at siteZ, accept
the routes in via BGP, and then redistribute them into the IGP
for the other routers at siteZ, and vice versa?

Or would you have every router at siteA and siteZ participate
in BGP, so that all the routers at siteZ get the routes from
siteA intact?

(choice B tends to have practical implications on what
network gear you can run within the sites; many devices
that will happily speak OSPF or EIGRP won't be quite so
happy participating in an iBGP mesh. And choice A...well,
I think we all know the pitfall with choice A, so enough said
on that score).

Curious to hear the actual mechanism you'd use to make
this work in the real world.

Thanks!

Matt

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads