BGP/old setup
m (→HSRP: typo) |
(BGP setup) |
||
| Line 1: | Line 1: | ||
The '''pmtpa''' cluster has [[L3 failover]] using two separate core routers, and 2 BGP links to upstream. | The '''pmtpa''' cluster has [[L3 failover]] using two separate core routers, and 2 BGP links to upstream. | ||
| + | |||
| + | In order to overcome the disaster of a uplink failure, loss of a router (ours or upstream) and to increase our available bandwidth from 1 to 2 Gbit/s, we implemented failover and connection load sharing using the [http://en.wikipedia.org/wiki/BGP BGP] protocol. Both our routers [[csw1-pmtpa]] and [[csw4-pmtpa]] have separate fiber connections to two PowerMedium routers. | ||
| + | |||
| + | This setup makes the network redundant and unaffected by the loss of either of the two PowerMedium routers. To make sure that the internal network is also unaffected, all downstream switches and hosts should be redundantly connected to both multilayer switches. [[#HSRP|HSRP]] is used to make internal routing redundant, by offering a virtual gateway failover IP to all hosts, that in reality is served by either of the two multilayer switches. | ||
== Diagram == | == Diagram == | ||
[[Image:Wikimedia-core.png]] | [[Image:Wikimedia-core.png]] | ||
| + | |||
| + | == BGP == | ||
| + | As we don't have our own AS number, we use one out of the range of reserved AS numbers for private use, '''AS 64600'''. | ||
| + | |||
| + | ''Synchronisation'' with IGPs (Interior Gateway Protocol) is turned off, as we don't have one. The router-id (used for identification within the BGP protocol) is set to <tt>207.142.131.240</tt> for [[csw1-pmtpa]], and <tt>207.142.131.244</tt> for [[csw4-pmtpa]]. Logging of events concerning BGP peers/neighbors is turned on. Because we want failover to happen quickly in cases of link failures, the ''keepalive time'' is reduced to 5 seconds, and the ''BGP hold time'' to 15. | ||
| + | |||
| + | csw1-pmtpa: | ||
| + | router bgp 64600 | ||
| + | no synchronization | ||
| + | |||
| + | bgp router-id 207.142.131.240 | ||
| + | bgp log-neighbor-changes | ||
| + | timers bgp 5 15 | ||
| + | |||
| + | csw4-pmtpa: | ||
| + | router bgp 64600 | ||
| + | no synchronization | ||
| + | |||
| + | bgp router-id 207.142.131.244 | ||
| + | bgp log-neighbor-changes | ||
| + | timers bgp 5 15 | ||
| + | |||
| + | |||
| + | === iBGP === | ||
| + | |||
| + | === eBGP === | ||
| + | |||
| + | === Load sharing: multihop eBGP === | ||
== HSRP == | == HSRP == | ||
Revision as of 18:28, 8 May 2006
The pmtpa cluster has L3 failover using two separate core routers, and 2 BGP links to upstream.
In order to overcome the disaster of a uplink failure, loss of a router (ours or upstream) and to increase our available bandwidth from 1 to 2 Gbit/s, we implemented failover and connection load sharing using the BGP protocol. Both our routers csw1-pmtpa and csw4-pmtpa have separate fiber connections to two PowerMedium routers.
This setup makes the network redundant and unaffected by the loss of either of the two PowerMedium routers. To make sure that the internal network is also unaffected, all downstream switches and hosts should be redundantly connected to both multilayer switches. HSRP is used to make internal routing redundant, by offering a virtual gateway failover IP to all hosts, that in reality is served by either of the two multilayer switches.
Contents |
Diagram
BGP
As we don't have our own AS number, we use one out of the range of reserved AS numbers for private use, AS 64600.
Synchronisation with IGPs (Interior Gateway Protocol) is turned off, as we don't have one. The router-id (used for identification within the BGP protocol) is set to 207.142.131.240 for csw1-pmtpa, and 207.142.131.244 for csw4-pmtpa. Logging of events concerning BGP peers/neighbors is turned on. Because we want failover to happen quickly in cases of link failures, the keepalive time is reduced to 5 seconds, and the BGP hold time to 15.
csw1-pmtpa:
router bgp 64600 no synchronization bgp router-id 207.142.131.240 bgp log-neighbor-changes timers bgp 5 15
csw4-pmtpa:
router bgp 64600 no synchronization bgp router-id 207.142.131.244 bgp log-neighbor-changes timers bgp 5 15
iBGP
eBGP
Load sharing: multihop eBGP
HSRP
In order to have first hop failover, i.e. failover of the default gateway of all hosts in the network, HSRP has been implemented on VLAN 1 and 2 on both routers, csw1-pmtpa and csw4-pmtpa. Both routers share a "virtual IP", the gateway IP that has been configured on all hosts. One of both routers is active for the IP, the other is in standby, taking over within seconds when the active router fails. Besides the virtual IP, each router has its own unique IP in the respective subnet.
VLAN 1 makes use of HSRP group 1, VLAN 2 uses HSRP group 2. In both cases csw1-pmtpa has the highest priority and is therefore the default router, but preemption is disabled, so the default router won't force itself to be the active router once it comes back up.
Configuration csw1-pmtpa
The relevant configuration bits are:
interface Vlan1 description Public VLAN / interface ip address 207.142.131.240 255.255.255.192 standby 1 ip 207.142.131.193 standby 1 priority 150 end
interface Vlan2 description Private VLAN: Apache ip address 10.0.0.201 255.255.0.0 standby 2 ip 10.0.0.200 standby 2 priority 150 end
Configuration csw4-pmtpa
The relevant configuration bits are:
interface Vlan1 description Public VLAN ip address 207.142.131.244 255.255.255.192 standby 1 ip 207.142.131.193 end
interface Vlan2 description Private VLAN ip address 10.0.0.202 255.255.0.0 standby 2 ip 10.0.0.200 end
