Routing

 View Only
last person joined: 2 days ago 

Ask questions and share experiences about ACX Series, CTP Series, MX Series, PTX Series, SSR Series, JRR Series, and all things routing, including portfolios and protocols.

  • 1.  VRRP on the Carrier Edge

    Posted 05-22-2020 05:48

    I'm currently running the MX204 platform in a 'semi' active-passive mode.  Here's my topology in some sites

     

    [FILE1 - Yes, I understand the addresses are incorrect for a /30]

    Topology - https://imgur.com/a/aTyaKV4 1st image

     

    Is the above a good topology and how BGP w\ multi-homing is done in the real world?  It seems a bit complex compared to the simple active\passive firewall model I'm used to.

     

    I was thinking though is the following actually done?  I was informed that most carriers don't like to 'waste' space in the carrier edge making the following impossible.  A "true" active\passive setup seems a lot simpler and I have an extra check with VRRP (in the event one of the routers for some reason blackholes traffic).  In my past life I set up a lot of firewalls with HSRP which is why the following redudancy model makes more "sense" to me.  I'm trying to reduce complexity.

     

    [File2]

    Topology - https://imgur.com/a/aTyaKV4 2nd image

     

    I'm nots sure if I can even do this on the MX204 due to the fact that routes aren't "shared"

     

    In the above example I'm advertising 99.99.99.0/24.  The 63.63.63.x and 93.93.93.x addresses are the carrier edge.



  • 2.  RE: VRRP on the Carrier Edge
    Best Answer

     
    Posted 05-22-2020 06:15

    Hello junosuser33,

     

    the above topology is the standard BGP multihoming topology. From a carrier you get a cable with a standard /30 or even a /31 subnet configured onto which the BGP session is configured.

    On the LAN side of your Routers (R1 and R2) you can configure VRRP or OSPF. I'd recommend you to connect the two Routers directly as well and configure iBGP on it, in case the uplink of Carrier 1 fails and the VRRP master is not switching to R2.

     

    The below topology is quite uncommon, and it introduces an additional failure point. E.g. if you are facing packet loss to the Carrier, is there any issue on the carrier side or on your Aggr. SW? Additionally, BGP sessions to VRRP VIPs are not a good way, in this case it would be better to establish BGP session to the physical interface address. The prerequisite for this is of course, that the carrier provides you a /29 prefix at minimum, which is mostly not the case.

    To have so many BGP sessions intoduces other issues, like BGP dampening issues. E.g. if R1 crashes, two BGP sessions would go down which could trigger BGP dampening in other ASNs.

     

    So I'd suggest keep it simple, and connect to the Carriers with a dedicated cable. It makes your life much easier and a 1+1 redundancy should be enough for an Enterprise environment.



  • 3.  RE: VRRP on the Carrier Edge

    Posted 05-22-2020 06:41
    @F1ght3r wrote:

    Hello junosuser33,

     

    the above topology is the standard BGP multihoming topology. From a carrier you get a cable with a standard /30 or even a /31 subnet configured onto which the BGP session is configured.

    On the LAN side of your Routers (R1 and R2) you can configure VRRP or OSPF. I'd recommend you to connect the two Routers directly as well and configure iBGP on it, in case the uplink of Carrier 1 fails and the VRRP master is not switching to R2.

     

    The below topology is quite uncommon, and it introduces an additional failure point. E.g. if you are facing packet loss to the Carrier, is there any issue on the carrier side or on your Aggr. SW? Additionally, BGP sessions to VRRP VIPs are not a good way, in this case it would be better to establish BGP session to the physical interface address. The prerequisite for this is of course, that the carrier provides you a /29 prefix at minimum, which is mostly not the case.

    To have so many BGP sessions intoduces other issues, like BGP dampening issues. E.g. if R1 crashes, two BGP sessions would go down which could trigger BGP dampening in other ASNs.

     

    So I'd suggest keep it simple, and connect to the Carriers with a dedicated cable. It makes your life much easier and a 1+1 redundancy should be enough for an Enterprise environment.

    Apprciate the response!



  • 4.  RE: VRRP on the Carrier Edge

    Posted 05-22-2020 06:23

    Hello,

     

    BGP peering to router' VRRP address is NOT commonly used on ASBRs (be it Enterprise or SP) because when VRRP mastership switches, the BGP session drops. So why bother and spend /29 where You can use /31?

    This fact may not be the case with firewall clusters with single control plane + session replication but 2 routers do not have common control plane unless they are in the Virtual Chassis setup.

    And MX Virtual Chassis is not supported on MX204.

    HTH

    Thx

    Alex