[AusNOG] Best practice BGP and wan links

Nathanael Bettridge nathanael at prodigy.com.au
Sun Jul 12 21:16:36 EST 2015 

We've got a couple of CCR1036-8G-2S+EM devices terminating one of our legacy links (one of those "if we touch it the contract will get changed" deals where we like the current arrangement) using VRRP - in that particular case we trusted the line more than we trusted those routers (they were the first CCRs we deployed in a BGP role) so we wanted the protection that gave us. We're careful to filter out all the vrrp crosstalk on the switch in front of the routers though so we don't leak unwanted stuff back to the provider.
It works. It complicated the setup somewhat but it does work.

Do remember though that (at least with MTs) you *still* need to have at least 3 useable IPs on the line - one for each router and one for the VRRP ip. You can work around that but that causes complications and strange behaviours.
Generally if you're going to have multiple useable IPs on the line and you want equipment redundancy it's better to just use multiple sessions across the line.

Nathanael Bettridge
Prodigy Communications Pty Ltd

> -----Original Message-----
> From: AusNOG [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of
> Nathan Brookfield
> Sent: Sunday, 12 July 2015 20:29
> To: Alex Samad - Yieldbroker
> Cc: ausnog at lists.ausnog.net
> Subject: Re: [AusNOG] Best practice BGP and wan links
> 
> I would be staying with the virtual machines instead of going to the CCR's,
> I've had 3 die in the last 6 months :( All between 12-16 months old.
> 
> Nathan Brookfield
> Chief Executive Officer
> 
> Simtronic Technologies Pty Ltd
> http://www.simtronic.com.au
> 
> On 12 Jul 2015, at 19:10, Alex Samad - Yieldbroker
> <Alex.Samad at yieldbroker.com> wrote:
> 
> Hi
> 
> Yes more info.  Multiple connections to multiple ISP's.  Currently they are
> terminated into switches and then L3 terminated into RouterOS VM's.  I am
> planning on replacing the VM's with  some MT CCR's. My thought had been
> to leave the termination into the switches and then  L3 terminate onto the
> phy MT boxes.  As I can't HSRP / stack the routers my only option was VRRP.
> But BGP VRRP didn't seem like a good thing, better to get the extra IP and
> have  2 links.
> 
> Interestingly I have BFD running on some of those links and reduced timers
> on the BGP session for the other links as some ISP didn't/wouldn't run BFD..
> 
> 
> Thanks
> Alex
> 
> -----Original Message-----
> From: Mark Smith [mailto:markzzzsmith at gmail.com]
> Sent: Sunday, 12 July 2015 5:54 PM
> To: Alex Samad - Yieldbroker
> Cc: Benoit Page-Guitard; ausnog at lists.ausnog.net
> Subject: Re: [AusNOG] Best practice BGP and wan links
> 
> > On 12 July 2015 at 15:14, Alex Samad - Yieldbroker
> <Alex.Samad at yieldbroker.com> wrote:
> > Yeah that was sort of my thought, I guess I have to start the process of
> asking for the extra IP..
> 
> More details of your scenario would be better.
> 
> VRRP being an option means that you only have a single link to your
> upstream. Since in general links fail more often than devices, the redundancy
> value of having two routers at your end and two BGP sessions over a single
> link to a single upstream router is a bit questionable, because you haven't
> eliminated all single points of failure. You have partial but not complete
> redundancy, and you need to consider whether not having complete
> redundancy is acceptable to either or both you or your network's users.
> 
> 
> 
> > A
> >
> > -----Original Message-----
> > From: Benoit Page-Guitard [mailto:benoit at anchor.net.au]
> > Sent: Saturday, 11 July 2015 11:13 PM
> > To: Alex Samad - Yieldbroker
> > Cc: ausnog at lists.ausnog.net
> > Subject: Re: [AusNOG] Best practice BGP and wan links
> >
> > Hi Alex,
> >
> > I assume the use case here is having redundant routers at the branch end
> and using VRRP on the WAN link as a signalling mechanism for deciding which
> router should "own" the WAN IP + speak BGP with the upstream router?
> >
> > If so, I'd definitely opt for an extra WAN IP if you can swing it. It'll make the
> whole failover scenario a lot smoother, and would also have the indirect
> benefit of giving you free load balancing for your downstream-facing LAN
> interfaces.
> >
> > Regards,
> > Benoit
> >
> >> On Sat Jul 11, 2015 at 08:03:10 +0000, Alex Samad - Yieldbroker wrote:
> >>
> >> What I was looking at doing was setting up bgp over vrrp on some mikrotik
> boxes, seems like it's possible, but it also seem easier to get an extra WAN ip.
> >>
> >> Any one doing this ?
> > _______________________________________________
> > AusNOG mailing list
> > AusNOG at lists.ausnog.net
> > http://lists.ausnog.net/mailman/listinfo/ausnog
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog

More information about the AusNOG mailing list