[AusNOG] High availability options for terminating point-to-point Ethernet (on Cisco CE)

Chris Kawchuk juniperdude at gmail.com
Mon May 29 09:55:39 EST 2017 

Sorry this may have already been suggested -- and is in JunOS speak, but you get the idea. (literally cannot speak iOS anymore) -- requires VRRP + BGP to do some tricks.

- Use a /29 as the interconnect
- Use 2 x CE devices
- Use 2 x PE devices
- 2 x BGP sessions form each device (4 BGP sessions in total - i.e. full eBGP mesh across the /29 between all physical interface PE1 PE2 to CE1 CE2)
- Switches in the middle (far end, local end)
- Setup a VRRP on both ends (both CE devices as group 2 at customer end, both PE devices with group 1 on service provider end)
- Overwrite net-hop with the respective vrrp address on bgp export both ends.


__________

Customer/CE facing /29 --- This is from PE1s perspective:

206.100.204.73 is vrrp
206.100.204.74 is physical
206.100.204.75 is physical on 2nd PE router (not shown)


interfaces {
    ge-0/0/2 {
        unit 0 {
            family inet {
                address 206.100.204.74/29 {
                    vrrp-group 1 {
                        virtual-address 206.100.204.73;
                        priority 200;
                        preempt;
                        accept-data;
                    }
                }
            }
        }
    }
    lo0 {
        unit 0 {
            family inet {
                filter {
                    input Routing_Engine_Protection;
                }
                address 1.1.1.1/32;
            }
        }
    }
}


eBGP sessions:

CE device vrrp is 206.100.204.76
CE device #1 physical is 206.100.204.77
CE device #2 physical is 206.100.204.78

This is from PE1s perspective: (PE2 not shown) (may be in VRF, may not be if inet.0 traffic)


protocols {
    bgp {
        group EBGP {
            type external;
            local-address 206.100.204.74; /* my physical */
            hold-time 20;
            export EBGP-EXPORT;
            peer-as 65002;
            local-as 65001;
            neighbor 206.100.204.77; /* CE1 Physical */
            neighbor 206.100.204.78; /* CE2 Physical */
        }
    }
}


policy-options {
    policy-statement EBGP-EXPORT {
        term 1 {
            from {
                route-filter the-routes-you-want-to-send/24 exact;
            }
            then {
                next-hop 206.100.204.73;  /* Overwrite BGP next-hop with our vrrp address -- far end CEs do the same with their vrrp address */
                accept;
            }
        }
        term 2 {
            then reject;
        }
    }
}


Hope that helps.

- CK.



On 25 May 2017, at 8:35 pm, Matt Selbst <matt.j.selbst at gmail.com> wrote:

> Hi,
> 
> Hoping for some advice. What is everyone doing for terminating point-to-point Ethernet services like AAPT's e-Line in a high availability environment? Cisco environment.
> 
> With PPPoE, high availability was much easier as you could just have multiple LNS's and failover easily when the client would re-auth. With terminating a VLAN handoff on a /30 or /31 it makes HA much harder. If the customer edge router dies, failover seems pretty hard. VRRP doesn't seem to be an option especially with hundreds of customer sub-interfaces.
> 
> Any ideas?
> 
> -Matt
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20170529/684b2349/attachment.html>

More information about the AusNOG mailing list