Community discussions

MikroTik App
 
AlexM2020
newbie
Topic Author
Posts: 29
Joined: Sat Jan 04, 2020 12:19 pm

BGP Router with backup ISP

Tue Dec 14, 2021 10:10 pm

Good evening everyone,
I'm new to the world of AS (Autonomous Systems).
Currently I have created a network with a head router that establishes a BGP session with my provider, thus announcing a Public / 24 that has been assigned to me.
Now I wanted to activate a backup connection in case of failure of the first one.
I need to certify them to the same BGP router or I can have two BGP routers on the network announcing the same subnet, one primary and one backup.
I'm not very familiar with the BGP system.
Any information will be well-liked and of great help.
Thank you.
 
eduplant
Member Candidate
Member Candidate
Posts: 139
Joined: Tue Dec 19, 2017 9:45 am

Re: BGP Router with backup ISP

Wed Dec 15, 2021 11:13 am

You might want to do a bit of reading about the protocol itself followed by something like this BGP best current practices talk from the NSRC [1].

A couple of questions for the sake of understanding:

1. Do you have your own ASN or are you being provided with a private ASN from your upstream provider?
2. Is the /24 from provider-independent space?
3. Is the backup link going to be to the same provider or to a different provider?

Beyond that ... is there any way you could post a diagram of the rest of your network or at least the overall design of it? That might be the most expedient way to help.

[1] https://nsrc.org/workshops/2021/apricot ... GP-BCP.pdf
 
AlexM2020
newbie
Topic Author
Posts: 29
Joined: Sat Jan 04, 2020 12:19 pm

Re: BGP Router with backup ISP

Thu Dec 16, 2021 9:01 am

First of all thanks for the answer, in sequence I will answer your questions:
1) I have an ASN as I am an Autonomus System registered to the RIPE;
2) Yes, / 24 is also independent from the provider.
3) The backup connection I would like to have from a different provider in order to actually be a good backup connection, at first impression it would be of little use in case of trouble to provision everything from the same provider.
I am attaching a general diagram of the network, very simplified.
Image
You do not have the required permissions to view the files attached to this post.
 
eduplant
Member Candidate
Member Candidate
Posts: 139
Joined: Tue Dec 19, 2017 9:45 am

Re: BGP Router with backup ISP

Fri Dec 17, 2021 6:18 am

Thanks for the info. I usually like to check that it’s necessary because the easiest way to run BGP in your network is to not have to run BGP :)

With a single internet edge router and two ISPs, you won’t have to bother with iBGP. My short list of recommendations would be to:

  1. Only accept a default route from your upstream ISPs.
  2. Pick an upstream to use as a primary link and one to use as a backup. Load sharing will make things more complicated, especially if you only have a /24 prefix.
  3. Originate your prefix manually from /routing bgp network (ROSv6) or /routing bgp connection output.network=<network_list> (ROSv7). Traditionally this will require a static tie-down route before it will actually announce it but on ROSv6 you can indicate the network prefix as synchronize=no.
  4. Check with your upstream providers for their policies for AS prepends and communities if they have any. Otherwise, plan to announce your prefixes towards one peer with your AS prepended multiple times. This will sandbag path selection from the rest of the internet and draw your inbound traffic towards the other link without the prepends.
  5. Use BGP local preference to determine which uplink you want to use for outbound traffic. Make sure that you localpref up the prefix you learn from the BGP peer that you are *not* prepending to. The goal here is to make sure that you send and receive traffic from the same upstream AS and therefore don’t have asymmetric routing.
  6. Even if you don’t think it’s necessary, write conservative inbound and outbound filters. In this case, that probably means only announcing prefixes that originate with your AS and then specifying which prefix you want to announce. Additionally, don’t accept announcements from your ISPs that contain your AS in the path and further specify just receiving default. This might seem like overkill but it can help prevent fatal mistakes later if the scope of your BGP usage changes.
  7. Don’t redistribute anything from BGP into OSPF. Given that all paths to the internet go to the one edge router, having it originate default into OSPF unconditionally is probably fine.

Those I think are the biggest things that you’ll need to know to get going safely. Obviously, test test test, including making sure that your filters actually work as you expect. It might also be worthwhile to put together a short script to adjust your AS prepends and inbound localpref all in one shot so you can shift traffic from one ISP to the other during maintenance.

Glad to bounce more ideas/questions if you have them.
You do not have the required permissions to view the files attached to this post.
 
AlexM2020
newbie
Topic Author
Posts: 29
Joined: Sat Jan 04, 2020 12:19 pm

Re: BGP Router with backup ISP

Thu Dec 23, 2021 10:19 pm

I thank you for the competent and detailed answer.
Your suggestions were useful and functional. :)
Everything works perfectly.
A question arises, having only one public subnet / 24, and aware that smaller subnets cannot be announced in eBGP, he asks me if it was possible to deploy a new Internet access in my network with an appropriate eBGP router in order to use it as access in parallel for a section of the network.
I have no idea if my question was clear, but if it wasn't, I'll try to make you a diagram and rephrase the question.
Thanks in advance.
 
eduplant
Member Candidate
Member Candidate
Posts: 139
Joined: Tue Dec 19, 2017 9:45 am

Re: BGP Router with backup ISP

Thu Dec 23, 2021 11:58 pm

I thank you for the competent and detailed answer.
Your suggestions were useful and functional. :)
Everything works perfectly.

Great, glad to hear it.

A question arises, having only one public subnet / 24, and aware that smaller subnets cannot be announced in eBGP, he asks me if it was possible to deploy a new Internet access in my network with an appropriate eBGP router in order to use it as access in parallel for a section of the network.
I have no idea if my question was clear, but if it wasn't, I'll try to make you a diagram and rephrase the question.
Thanks in advance.

I’m not entirely sure I understand the question. Is this in regards to making use of both links for traffic or for adding another router speaking BGP for redundancy?
 
AlexM2020
newbie
Topic Author
Posts: 29
Joined: Sat Jan 04, 2020 12:19 pm

Re: BGP Router with backup ISP

Fri Dec 24, 2021 9:23 am

I try to formulate better.Now I have a situation as told before an eBGP router that belongs to my OSPF network with a primary and a backup link, with different ISPs.
This eBGP announces a public / 24. I have read in the documentation that it is not possible to publicly announce subnets less than / 24.
The question is the following: If I wanted to make another supply point dedicated to a segment of the network, physically in another geographical position, not necessarily interconnected to the first, I can also announce some IP of the mi / 24 that I do not use or I need a other subnet / 24 public totally different from the first?
Thanks, we hope to have been more understandable :)
 
eduplant
Member Candidate
Member Candidate
Posts: 139
Joined: Tue Dec 19, 2017 9:45 am

Re: BGP Router with backup ISP  [SOLVED]

Fri Dec 24, 2021 10:40 am

The question is the following: If I wanted to make another supply point dedicated to a segment of the network, physically in another geographical position, not necessarily interconnected to the first, I can also announce some IP of the mi / 24 that I do not use or I need a other subnet / 24 public totally different from the first?
I think I understand what you’re getting at and it’s not possible. One of the fundamental assumptions of the BGP path selection algorithm is that autonomous systems are not partitioned. If you announce a prefix to someone somewhere, you are attesting that you are able to get the packet to anywhere covered by that prefix when the traffic is given to you. Inside your AS, you can subdivide things as far as you want; turn the /24 into 256 /32 routes for router loopbacks if you want. Regardless, you do have to make sure that you have a path from any eBGP-speaking router to anywhere those addresses are used.

I actually think this comes down to your business case and technical requirements more than what BGP can or cannot do, though. If you require multiple sites but only a few addresses at each location, it might be appropriate to really evaluate the reasons behind needing to have provider-independent address space and/or multiple ISPs in the first place. One ISP with presence at each of your different sites could assign you provider-aggregatable address space and a private AS number to use and you could announce them whatever prefix length you agreed on. They would then announce the aggregate to the rest of the internet and you wouldn’t have to deal with it. This could give you geographic redundancy and link redundancy at the expense of becoming fully dependent on that ISP for your reachability. Depending on their infrastructure and track record, that might not be as bad as it sounds.

Who is online

Users browsing this forum: No registered users and 12 guests