Hi My company will get 2 upstream provider. We will plan 2 routers and each router to connect one provider to use bgp for redundant. Do you have any useful bgp example and website to set it up? Thank you for your help
Don't take this the wrong way, but I'd *highly* suggest hiring a network engineer that has done this before. The fact that you started here is very concerning, and if your ISP isn't filtering your sessions carefully, your mistakes can cause problems for other people. Here's a cisco example: http://tinyurl.com/33e36sf Good luck, Bill On Mon, May 17, 2010 at 16:15, Deric Kwok <deric.kwok2000@gmail.com> wrote:
On Mon, May 17, 2010 at 17:07, Bill Fehring <lists@billfehring.com> wrote:
Also I would suggest that you take a look at some of the NANOG presentation archives on this topic, particularly the "BGP 101" and "BGP 102" presentations from NANOG45, or the "Introduction to BGP" presentation from NANOG47. http://www.nanog.org/presentations/archive/index.php -Bill
On Mon, May 17, 2010 at 05:11:42PM -0700, Bill Fehring wrote:
I think Internet Routing Architectures (2nd Edition) by Bassam Halab is also a must have. Read that and hopefully the scope of the work ahead will be brought into focus that you'll hire someone to do it correctly and document and possibly train you and/or your staff. -r
On 05/17/10 17:15, Ravi Pina wrote:
I agree completely, and wish that more people applied that same line of reasoning to other things, like, oh, say, DNS perhaps? :) Doug -- ... and that's just a little bit of history repeating. -- Propellerheads Improve the effectiveness of your Internet presence with a domain name makeover! http://SupersetSolutions.com/
I'd recommend BGP4 Inter-Domain Routing in the Internet by Stewart. Was very helpful when I was learning. -J -------- Jason J. W. Williams, COO/CTO DigiTar williamsjj@digitar.com V: 208.343.8520 F: 208.322.8522 M: 208.863.0727 www.digitar.com On May 17, 2010, at 6:53 PM, Doug Barton wrote:
On Mon, 17 May 2010 19:15:01 EDT, Deric Kwok said:
If your BGP clue is that low, I believe the entire NANOG community would advise you hire (even short-term if you can't afford a permanent) somebody who has successfully done this before to walk you through it and teach all the details to your staff. With the current tanking of the economy, I'm sure there's plenty of qualified BGP experts out there who would *love* even a 3-month contract to get this all working for you.
On Mon, 2010-05-17 at 21:04 -0400, Valdis.Kletnieks@vt.edu wrote:
At the risk of tooting my own horn, I concur with the recommendation to hire some help, but if all you are lacking is BGP clue-full-ness your challenge in getting help is finding someone clueful who is willing to take a quick and dirty assignment which will barely cover the cost of setting up a new client. The configuration itself is a one day task at most, of which most will be spent grilling you to find out what your _REAL_ requirements are to allow picking the appropriate canned solution that can be adapted to meet your true needs. If you need hand holding applying configurations, negotiating with service provider, filling out paper work, testing without downtime infliction, etc., then add more hours/days. Ditto if you've unfamiliar with basic high availability concepts like single point of failure and physical diversity. Ditto if your systems are not already set up in paranoid mode from a security viewpoint (hint, if you can log directly into your Internet facing router from where ever you are when on the road, you are at an unacceptable level of risk). Good luck and have fun! -- Vincent C. Jones Networking Unlimited, Inc. Phone: +1 201 568-7810 V.Jones@NetworkingUnlimited.com DISCLAIMER: My business is built around helping my clients understand that there is a lot more to improving network availability than just getting a second service provider and turning on BGP. A few years ago I wrote a book about what it takes and barely scratched the surface--the example configurations are still on-line at www.networkingunlimited.com.
I have some examples here: http://puck.nether.net/bgp/ that may help you. Jared Mauch On May 17, 2010, at 7:15 PM, Deric Kwok <deric.kwok2000@gmail.com> wrote:
On 2010.05.17 21:24, Jared Mauch wrote:
I have some examples here:
http://puck.nether.net/bgp/ that may help you.
Along with Jared's excellent help site, here are others that I'd *highly* recommend reading/following *anything* that these two people offer as far as BGP is concerned. I've posted a link directly to each blog. You can do the rest ;) Ivan Pepelnjak http://www.ioshints.info/About_Ivan_Pepelnjak Iljitsch van Beijnum http://www.muada.com/Iljitsch_van_Beijnum/Iljitsch_blog/Iljitsch_blog.html Steve
On 2010.05.17 19:15, Deric Kwok wrote:
One ``website'' I have in mind, but first, *ensure* that you have your prefix-list and other outbound filters in place before you try anything. *never* _test_ a multihome scenario before you are very confident that you don't mess things up for your upstreams (or the Internet in general). Not all upstream providers filter inbound (which is a problem on its own). Always, always, always ensure that you block all out (and in), and then slowly leak what you need to. With that said: http://www.armware.dk/RFC/bcp/bcp38.html Steve
Like everyone else said, don't undertake this unless you know what you're doing. Hire a consultant to come in, or hit the books. Internet Routing Arch is great, as is the O'Reilly BGP book. -- Colby Glass Network Engineer http://blog.alwaysthenetwork.com On Mon, May 17, 2010 at 7:15 PM, Deric Kwok <deric.kwok2000@gmail.com>wrote:
On May 19, 2010, at 2:26 PM, Jeff Harper wrote:
Nice, but you don't show it as-path filtering your transits out. I frequently see people take something learned from transit A and sending it to transit B, and if it happens to be the backup path in-use for your customer, your transits will accept it and likely pick you as best-path and hairpin through your network. - Jared
Yeah, I left out the actual prefix-list contents, in hindsight I should have added it, so here it is. Also, a typo in the network statement, lol. network 1.1.1.0 mask 255.255.0.0 ip prefix-list NETZ description The networks we advertise via BGP ip prefix-list NETZ seq 10 permit 1.1.1.0/16 ip prefix-list NETZ seq 1000 deny 0.0.0.0/0 le 32
On 19/05/10 13:37 -0500, Jeff Harper wrote:
You should be using 192.168.2.0 for documented examples,or at least private space. Configs like this tend to get cut and pasted into routers and get changed only when they don't work. I just had to change a router config a couple of months ago that a consult had set up using 11.0.0.0/24 and 12.0.0.0/24, for point to point links. -- Dan White
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 5/19/2010 11:58, Dan White wrote:
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkv0R4UACgkQ2fXFxl4S7sScDACgulmdHhk6QJX/OlfvP1cCMq2e TZcAoIgrbd9HPFjpoSJvRFbML8VgckKj =zKse -----END PGP SIGNATURE-----
On Wed, 2010-05-19 at 13:37 -0500, Jeff Harper wrote:
FYI: It's got to be either 1.1.1.0/24 or 1.1.0.0/16. And there is plenty more that belongs in an appropriate setup for a realistic usage scenario. This is why we are all advising the OP to get some knowledgeable help. Vince -- Vincent C. Jones Networking Unlimited, Inc. Phone: +1 201 568-7810 V.Jones@NetworkingUnlimited.com
participants (15)
-
Bill Fehring
-
Colby Glass
-
Dan White
-
Deric Kwok
-
Doug Barton
-
Jared Mauch
-
Jason J. W. Williams
-
Jeff Harper
-
Jian Gu
-
Jim Burwell
-
Ravi Pina
-
Seth Mattinen
-
Steve Bertrand
-
Valdis.Kletnieks@vt.edu
-
Vincent C Jones