AS numbers and multiple site best practices
Are there any best practices or guidelines surrounding whether or not one should use the same or unique AS numbers when advertising via BGP from 2 or more physically separate locations? Each location would be advertising at least their own unique /24. My specific scenario is that we are moving our QA Lab to a datacenter that we will multi-home with two providers via BGP. We also plan to multi-home our corporate office with two providers (not likely to be the same providers) also via BGP. We currently have an AS that is in use for our multi-homed production data center. In the interest of keeping production totally segregated from QA/corp I would prefer to not use our production datacenter AS for our QA Lab or corporate network, but I've had trouble finding any technical reason not to use it. ARIN is asking for a detailed technical explanation to justify my request. Thanks in advance, -andy
I've had trouble finding any technical reason not to use it.
What is important to you about having QA and Corporate use separate AS numbers? Does using the same AS number result in a reduction of separation?
For my part it's mostly a desire to make sure that changes to QA or Corp BGP configs could never impact BGP for our Production datacenter. So far it looks like it may just be a fear of the unknown on my part as I can't think of a good example of how one might actually affect one BGP installation by making changes to another BGP installation purely based on sharing an AS number (clearly you could have impact if you are advertising the same space from both locations).
From a certain "purist" perspective, if the corp office networks aren't run by the same people who run the datacenter, then the prefixes should be announced from different ASNs with different points of contact. In this case, in theory, if the corp office prefixes are being announced from both
It seems to me that the issues (in terms of causing failures) are all related to how the prefixes are announced, and not what ASN they are announced from. However if there ARE issues caused by how the prefixes are announced, it may (or may not) be easier to troubleshoot the problem if the announcements are from different ASNs. I go back to the definition of an Autonomous System - a network or group of networks under a common administrative control. Are the networks at the datacenter and the networks at the corporate office under a common administrative control or not? that location AND the datacenter, then you should BGP peer the corp office with the datacenter, so that the data center announces them with the same origin ASN that you are using at the corp office location, and the data center ASN is next in the list as a provider. Of course that may have the affect of tending to steer all or most of the corp office traffic away from the datacenter (or not depending on peering), which may or may not be what you intend. Of course in spite of all of that, I have to ask if another ASN is really NEEDED - i.e. do the people who run the data center network and the people who run the corp office network talk to each other? Are the data center network folks smart enough to figure out if a problem might be related to announcements from the corp office, and friendly enough to be able to work together with the other group to resolve the issue (and the other way around)? If you all get along, I have to ask if you need to add another ASN to the routers of everyone in the world... Mickster On Wed, Feb 2, 2011 at 9:24 AM, Andy Litzinger < Andy.Litzinger@theplatform.com> wrote:
I've had trouble finding any technical reason not to use it.
What is important to you about having QA and Corporate use separate AS numbers? Does using the same AS number result in a reduction of separation?
For my part it's mostly a desire to make sure that changes to QA or Corp BGP configs could never impact BGP for our Production datacenter. So far it looks like it may just be a fear of the unknown on my part as I can't think of a good example of how one might actually affect one BGP installation by making changes to another BGP installation purely based on sharing an AS number (clearly you could have impact if you are advertising the same space from both locations).
I would say that the specifics you provide in your email are sufficient for ARIN to issue you a second ASN. There is really no other feasible way to deal with 2 separate multi-home sites that I can think of. -Randy -- | Randy Carpenter | Vice President - IT Services | Red Hat Certified Engineer | First Network Group, Inc. | (800)578-6381, Opt. 1 ---- ----- Original Message -----
Are there any best practices or guidelines surrounding whether or not one should use the same or unique AS numbers when advertising via BGP from 2 or more physically separate locations? Each location would be advertising at least their own unique /24.
My specific scenario is that we are moving our QA Lab to a datacenter that we will multi-home with two providers via BGP. We also plan to multi-home our corporate office with two providers (not likely to be the same providers) also via BGP. We currently have an AS that is in use for our multi-homed production data center. In the interest of keeping production totally segregated from QA/corp I would prefer to not use our production datacenter AS for our QA Lab or corporate network, but I've had trouble finding any technical reason not to use it. ARIN is asking for a detailed technical explanation to justify my request.
Thanks in advance, -andy
participants (4)
-
Andy Litzinger
-
Nathan Eisenberg
-
Randy Carpenter
-
The Mickster