BGP Anywhere - Global Redundancy
All, We're an ASP and are considering adding a secondary Backup Datacenter (BDC) in the US to protect our web presence. My goal is to ensure automatic failover of my Primary DC's (IP) traffic to the BDC in the event of a catastrophic failure of the PDC. I'm considering geographic load balancing and BGP Anywhere as the two options. I'm clear on how the Geo LB works, but have some doubts about BGPAW as I've never implemented it before and documentation online is pretty weak to non-existent. Below is how I believe it should be done.
From PDC: -Advertise CIDR block to all peers w/good metric (0 hop count) From BDC: -Advertise same CIDR block to all peers w/poor metric (+20 hop count)
During normal operation, all ASes will route production traffic to PDC. In the event of catastrophic failure at PDC; PDC advertisements will cease, BDC route will become the only one on the net and traffic will route to the BDC. Questions: 1) Will this work? 2) Other suggestions or alternatives? 3) Any chance that traffic could flow to BDC for any reason? 4) Any internet etiquette I could be ignoring? 5) What would you estimate the failover time would be? 6) Assuming the routers at PDC and BDC pull down full routing table, how will the receipt of the PDC CIDR advertisement be treated? BGP rules say it will be dropped as a routing loop. What alternatives would I have if I want to be able to route that CIDR block traffic from the BDC to the PDC. Confed? Cisco conditional advertisements? Thanks all. This is the only place I can think of that would have the expertise to comment. -=Vandy=-
On Wed, 6 Apr 2005, Vandy Hamidi wrote:
All, We're an ASP and are considering adding a secondary Backup Datacenter (BDC) in the US to protect our web presence.
My goal is to ensure automatic failover of my Primary DC's (IP) traffic to the BDC in the event of a catastrophic failure of the PDC.
I'm considering geographic load balancing and BGP Anywhere as the two options. I'm clear on how the Geo LB works, but have some doubts about BGPAW as I've never implemented it before and documentation online is pretty weak to non-existent.
Below is how I believe it should be done.
From PDC: -Advertise CIDR block to all peers w/good metric (0 hop count) From BDC: -Advertise same CIDR block to all peers w/poor metric (+20 hop count)
To clarify, you want no traffic coming into the backup site when the primary site is up, right? Assuming a random set of peers and upstreams, this won't actually do what I think you're trying to do. Since local-preference overrides MEDs and AS path lengths, and since you don't have control over what goes on in other networks, you'll likely get some traffic coming into your backup site even when you don't intend it to. You could *maybe* get around this by having the same transit provider (probably just one in this case, which is scary for other reasons) in both locations. If you're paying somebody money, you have a much better chance of getting them to follow your desired routing policy. Still, it's really not good to be making a routing announcement somewhere where you don't want to receive traffic. You'd probably be better off looking into Cisco's "conditional routing" feature (I assume other vendors do something similar). This allows you to set a router to make an announcement only if it stops receiving some route, so you could have your backup site look for the primary site to go away and then start sourcing the route. Failover time would probably be at most a minute or two, maybe better. You could also look into various DNS-based ways of doing this. -Steve
There are New IOS features for such situations, take a look at datacenter backup, SLB and these issues. On Apr 7, 2005 2:35 AM, Vandy Hamidi <vandy.hamidi@markettools.com> wrote:
All, We're an ASP and are considering adding a secondary Backup Datacenter (BDC) in the US to protect our web presence.
My goal is to ensure automatic failover of my Primary DC's (IP) traffic to the BDC in the event of a catastrophic failure of the PDC.
I'm considering geographic load balancing and BGP Anywhere as the two options. I'm clear on how the Geo LB works, but have some doubts about BGPAW as I've never implemented it before and documentation online is pretty weak to non-existent.
Below is how I believe it should be done. From PDC: -Advertise CIDR block to all peers w/good metric (0 hop count) From BDC: -Advertise same CIDR block to all peers w/poor metric (+20 hop count)
During normal operation, all ASes will route production traffic to PDC. In the event of catastrophic failure at PDC; PDC advertisements will cease, BDC route will become the only one on the net and traffic will route to the BDC.
Questions: 1) Will this work? 2) Other suggestions or alternatives? 3) Any chance that traffic could flow to BDC for any reason? 4) Any internet etiquette I could be ignoring? 5) What would you estimate the failover time would be? 6) Assuming the routers at PDC and BDC pull down full routing table, how will the receipt of the PDC CIDR advertisement be treated? BGP rules say it will be dropped as a routing loop. What alternatives would I have if I want to be able to route that CIDR block traffic from the BDC to the PDC. Confed? Cisco conditional advertisements?
Thanks all. This is the only place I can think of that would have the expertise to comment.
-=Vandy=-
participants (3)
-
Kim Onnel
-
Steve Gibbard
-
Vandy Hamidi