Hi, Ok thanks for clearing that up. I'm getting some good feedback on applying for PI and ASN through Ripe LIRs over on the UKNOF so I think I have a handle on this. With regards to BGP and using separate BGP routers. I am announcing my PI space to my upstreams, but I don't need to carry a full Internet routing table, correct? So I can get away with some "lightweight" BGP routers not being an ISP if that makes sense?
Adel On Sun 9:26 PM , Ken Gilmour <ken.gilm...@gmail.com> wrote: > Hey, > > Yes you apply to RIPE for your allocation. You should ask them for a > /20 since it's the same price for that as a /24 if you can justify it > (at least with LACNIC where i now get my allocations)... > > You will also need to apply for an ASN > > Correct- the block belongs to you and as long as you contact the > transit provider from the address listed in WHOIS then you should be > able to set up a new agreement easily. > > Yes the block is PI space (provider independent) > > It can take up to 1 month to get your assignments. > > I would recommend getting some different routers for this. I use > OpenBSD in some of my locations which is extremely easy to work with. > I also have some old NS-208 devices running ScreenOS for internal BGP > in one other location. I would not recommend using any router with > less than 1GB of RAM for BGP. in HA Mode you can connect the two > tails, one to each SSG (if they are in active active mode) and > announce it that way (check out anycast), we also do this :). > > The way BGP works is that both connections are active at the same > time, there is no primary and backup, if one goes down you just have > one less to receive traffic over and more traffic on the other, but > unless you stop announcing from one connection traffic will go over > both. > > Regards, > > Ken > > 2009/11/8 : > > Don't think I sent the below to the list, so resending: > > > > Thanks Seth and James, > > > > Things are getting a lot clearer. The BGP multihoming solution > sounds like exactly what I want. I have more questions :-) > > > > Now I suppose I would get my allocation from RIPE as I am UK based? > > > > Do I also need to apply for an AS number? > > > > As the IP block is "mine", it is ISP independent. i.e. I can take > it with me when I decide to use two > > completely different ISPs? > > > > Is the obtaining of this IP block, what is referred to as PI space? > > > > Of course internally I split the /24 up however I want - /28 for > untrust range and maybe a routed DMZ block > > etc.? > > > > Assuming I apply for IP block and AS number, whats involved and how > long does it take to get these babies?> > > > > I know the SSG550's have BGP capabilites. As I have two of these in > HA mode, does it make sense to do the BGP > > on these, or should I get dedicated BGP routers? > > > > Fixing the internal routing policy so traffic is directed at the > active BGP connection. Whats involved here, > > preferring one BGP link over the other? > > > > Thanks again, I obviously need to do some reading of my own, but > all the suggestions so far have been very valuable > > and definitely seem to be pointing in some fruitful directions. > > > > Adel > > > > > > > > > > On Sun 6:31 PM , James Hess wrote: > > > >> On Sun, Nov 8, 2009 at 11:34 AM, wrote: > >> [..] > >> > connections from different providers I would still have issues. So > >> > I guess that if my primary Internet goes down I lose connectivity > >> > to all the publicly addressed devices on that connection. Like > >> > dmz hosts and so on. I would be interested to hear how this > >> > can be avoided if at all or do I have to use the same provider. > >> > >> You assign multi-homed IP address space to your publicly addressed > >> devices, > >> which are not specific to either ISP. You announce to both ISPs, and > >> you accept some routes from both ISPs. > >> > >> You get multi-homed IPs, either by having an existing ARIN allocation, > >> or getting a /22 from ARIN (special allocation available for > >> multi-homing), or ask for a /24 from ISP A or ISP B for > >> multihoming. > >> > >> If Link A fails, the BGP session eventually times out and dies: ISP > >> A's BGP routers withdraw the routes, the IP addresses are then > >> associated only with provider B. > >> > >> And you design your internal routing policy to direct traffic > >> within your network to the router with an active BGP session. > >> > >> Link A's failure is _not_ a total non-event, but a 3-5 minute partial > >> disruption, while the BGP session times out and updates occur in other > >> people's routers, is minimal compared to a 3 day outage, if serious > >> repairs to upstream fiber are required. > >> > >> -- > >> -J > >> > >> > >> > > > > > > >
