Bgp – Basic network setup for colocation / several cabinets and related questions

bgp

I'm in charge of setting up a basic network for some colocation needs. Here is our objective with a fairly limited budget / network hardware available (although if there is something else required to achieve this that's an option).

Currently we have the following hardware:

  • 2x Vyatta routers (6x SFP/ea)
  • 2x Juniper EX2200 (4x SFP/ea)
  • 2x Juniper EX3300 (4x SFP/ea)
  • 2x Brocade 648FCX (4x SFP/ea)
  • 2-3x Cabinets

Now we're looking for an "optimal" setup given the situation. We're mixing the edge/core on the Vyatta routers right now however we believe this is really going to limit us and we'll need get a proper core sooner than later.

Right now we have two transit providers who we'll be peering with (we have our ASN / IP's from ARIN already). This isn't a problem however trying to figure out the best way to layout the network is given our limited assets. So here are some pressing questions I'm uncertain about:

  1. Would it be best to have both of the BGP sessions off of one of the Vyatta routers or would it be better to have 1 BGP session per Vyatta router and have those routers talk to each other via some IGP?

  2. This pains me to ask but when announcing a network via eBGP to your neighbours (say 1.2.3.0/24) would you announce it to both peers or only one? I'd imagine it's up to you ultimately but announcing to both would allow inbound traffic to come in over either link (depending on the path and what not)?

  3. In the situation of having two routers one with a BGP session to each ISP is where things starting to get really fuzzy for me. Each switch on the cabinet can have an uplink to each router – what's the best situation here? Would you want to do something like ECMP to both routers? Would you want an IGP between the switches / routers?

  4. If announcing a single /24 on both routers would it be possible to use that IP space across cabinets? I imagine this would require core switches which would be trunked accordingly? Could someone clarify this for me?

Thank you for your time / humouring these mundane questions that undoubtely sprout up more times than not. My Google-fu hasn't led me to conclusive answers.

Best Answer

  1. “Best” is in the eye of the beholder, but if you use one router for both providers, that becomes a single point of failure. With a router for each provider, you are protected if one router fails.
  2. Yes, I’d announce your network to both peers. Otherwise, what’s the point of having two peers?
  3. Lots of options here. To keep things simple, you can have your two routers run VRRP on their inside interfaces on a single VLAN. All your servers will also be on that VLAN with the VRRP address as their default gateway. The routers also peer with each other. So if a router fails, or a link fails, you still have connectivity. There are other ways to go depending on how complex your servers are. You haven’t mentioned any security concerns. Do you plan to have firewalls, ACLs etc?
  4. Yes. Your switches will connect your VLAN(s) via a trunk. Logically, all your switches will have all VLANs. The Juniper switches will also allow you to manage all the switches as a single logical entity.

I’m basing this “design” only on the information you’ve provided. If I were doing a real design (and charging for it), I would have a lot more questions for you about your applications, data flows, security, availability requirements, potential expansion, etc. But this ought to get you going on the right path.

Related Topic