Two weeks in the past I defined why you would possibly wish to run IBGP between CE-routers on a multihomed website. One of many weblog readers didn’t like my concepts:
In such a small deployment I assume that each ISPs supply transit, in order that each CEs would get a default route from their upstream.
On this case I’d not iBGP the CEs collectively however have HSRP working on the 2 CEs and observe the uplink (interface and/of BGP session) to find out the lively gateway.
Let’s see what may probably go flawed with that design.
Community topology
To IBGP Or To not IBGP
Assuming each PE-routers promote solely the default route, a CE-router know the place to propagate a packet it receives by means of the LAN interface if:
- The PE-CE hyperlink is up
- The PE-CE BGP session is operational
- PE-router marketed a default route over the PE-CE BGP session.
It’s simple to regulate HSRP/VRRP precedence based mostly on uplink standing. I by no means tried to do it based mostly on a state of a BGP session, and it’s fascinating to attempt to do it based mostly on the presence of a selected prefix in RIB.
Some community working methods can modify HSRP/VRRP precedence based mostly on a posh tracked object, and on some community working methods it’s attainable (with sufficient effort) to have the BGP default route as that tracked object. Nonetheless, it may be less complicated to have that IBGP session in place.
I additionally obtained an fascinating touch upon LinkedIn saying:
You want a static default route pointing in the direction of the second CE with a metric inferior to the route put in by EBGP for failover goal.
That will additionally work. I nonetheless assume IBGP session is less complicated, and it helps be sure that all (BGP) routers in an autonomous system have the identical view of the community.
One other commenter on LinkedIn needed to display his BGP prowess and wrote a prolonged treatise on BGP subsequent hop processing (spoiler alert: right here’s a greater model) together with the advice to set the following hop on IBGP session to the loopback interface. Apparently, though that’s the really useful greatest follow, you don’t want the loopback interface or IGP when you have solely two directly-connected routers in an autonomous system – the highway to hell is usually paved with greatest practices.
To recap:
- I’d nonetheless use an IBGP session between the CE-routers
- I’d set up that IBGP session between IP addresses assigned to LAN interfaces – assuming the CE-routers have a single LAN interface (or a port channel) and the location doesn’t have any intermediate routers.
Default Route or Extra Specifics?
The unique remark continued alongside the traces of we don’t want greater than the default route:
And for those who needed to IBGP them anyway, I’d put a route-map on it to solely alternate the default route from the upstreams, in order that each CEs have a 0/0 route with totally different distance. The one factor I don’t perceive is through which failure state of affairs visitors would find yourself on a CE with out an lively BGP uplink.
Utilizing simply the default route is smart if:
- You’re utilizing the uplinks in pure lively/backup setup or
- You wish to do ECMP load balancing between two uplinks related to the identical ISP.
In any case, for those who determine to go along with the default route, it may be higher to filter BGP updates on the PE-CE EBGP session, not on the CE-CE IBGP session. Why would you settle for a default route and the complete DFZ desk, spend CPU cycles to course of all of the updates (all of them having the identical BGP subsequent hop) and go simply the default path to the IBGP peer?
Whereas two default routes would possibly work nicely for a content material shopper (as a result of it’s laborious to affect incoming visitors anyway), for those who occur to be content material supplier (there’s extra visitors going out than coming in), you would possibly wish to optimize WAN hyperlink utilization. For instance, you would possibly wish to use the direct uplink for prefixes belonging to ISPs and their clients, or you could possibly do a visitors move evaluation combining NetFlow with BGP information, and settle for prefixes that symbolize giant share of your visitors (much more particulars).
Extra Particulars
We mentioned whether or not to make use of simply the default route, a subset of prefixes, or a locally-generated default route in September 2022 session of ipSpace.web Design Clinic. You may additionally wish to watch the Surviving the Web Default Free Zone webinar.
