Need provider suggestions - BGP transit over GRE tunnel
My organization is planning to become multihomed in the near future. Currently we have redundant (router and physical path) links to a single AS where we get our transit, and speak BGP to them using a private ASN. This configuration has not been meeting our reliability requirements, so we will be getting our own ASN from ARIN, and moving from PA to PI IP space. Our new provider will be used for backup purposes only. We would like to minimize the monthly cost of this connection; to do this, we are planning to use a VZ business FIOS connection with symmetrical bandwidth to establish a GRE tunnel to a datacenter somewhere, and bring up a BGP session over that tunnel. I'd like to know if there are providers that offer such a service on a regular basis, and if so, if anyone is doing this and has words of wisdom. Thanks in advance.
The general way this works for a small shop is two transits - one cheap provider who you move most of your bits over, and one more expensive but reliable link. Prepend / localpref / whathaveyou to your hearts content until pleased with your bandwidth bill, and when your cheap link toasts you're all set. What you're suggesting with the GRE over commodity links would *work*, but: (a) By the time you convince a network that they should do this for you, you're likely going to be out as much money as just brining up directly connected transit and not pushing much traffic at them. (b) You're using the GRE setup as your backup... over a setup thats about 100x less reliable than your primary link. -Jack Carrozzo
On Fri, Jan 28, 2011 at 11:10 AM, Robert Johnson <fasterfourier@gmail.com> wrote:
My organization is planning to become multihomed in the near future. Currently we have redundant (router and physical path) links to a single AS where we get our transit, and speak BGP to them using a private ASN. This configuration has not been meeting our reliability requirements, so we will be getting our own ASN from ARIN, and moving from PA to PI IP space.
Our new provider will be used for backup purposes only. We would like to minimize the monthly cost of this connection; to do this, we are planning to use a VZ business FIOS connection with symmetrical bandwidth to establish a GRE tunnel to a datacenter somewhere, and bring up a BGP session over that tunnel. I'd like to know if there are providers that offer such a service on a regular basis, and if so, if anyone is doing this and has words of wisdom.
Hi Robert, I use a similar technique myself and it works reasonably well. Servint.net was willing to do it for me and he.net gave me a quote as well. Three pitfalls to watch out for: 1. A small portion of your traffic is going to wander in via the data center link and down the GRE tunnel during normal operations. You can tweak the announcement so that it isn't much, but it won't be zero either. 2. Make sure you originate the network announcement from your physical location, not from the data center. In other words, no "network 10.2.3.0 mask 255.255.255.0" in the "router bgp" section at the data center. If the data center becomes disconnected from you, it should drop the announcement. 3. You'll need a small block (/29) of PA addresses at the data center to anchor the tunnel. Regards, Bill Herrin -- William D. Herrin ................ herrin@dirtside.comĀ bill@herrin.us 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004
participants (3)
-
Jack Carrozzo
-
Robert Johnson
-
William Herrin