DD2491, p1 2008

Load balancing BGP

Johan Nicklasson KTHNOC/NADA

–

DD2491 p1 2008

DD2491, p1 2008

Dual home

• When do you need to be dual homed?

• How should you be dual homed?

– Same provider.

– Different providers.

• What do you need to have in place to do dual homing?

– AS number

– PI vs. PA

– BGP?

DD2491, p1 2008

Single provider

• You can do dual homing to

the same provider.

– What kind of redundancy do

we have in this setup?

– BGP does not load balance

across multiple links.

DD2491, p1 2008

Single provider

• What level of redundancy do we need?

– Do we need redundant routers?

– Do we need to connect to different POPs?

– What about the local loop?

• Can we load balance over redundant links?

– Maybe. In the previous example we could make use of an IGP to load

balance packets over the two links.

– It is not likely that the provider wants to do that. A provider wants his

edge to be as static as possible.

– What about different routers?

DD2491, p1 2008

Single provider

• Redundant routers.

– We can loose 1 router and still

be connected to the internet.

– If the ISP router dies our

connections goes with it.

– The local loop may or may not

be redundant.

DD2491, p1 2008

Single provider

• Redundant routers and

redundant POPs

– We can loose one of our

routers and still have

connectivity.

– We can loose one provider

router/POP and still have

connectivity.

– The local loop may or may not

be redundant.

DD2491, p1 2008

Single provider

• Dual homed to the same provider.

– We can have different levels of redundancy. Depending on our

needs.

• Do we need BGP to dual home to the same provider?

– Even in the setup with 2 routers and 2 POPs we can use a static

default route to get to the internet.

– We inject the default route into our IGP and the node will send it's

traffic to the nearest exit point.

– Can the ISP load balance traffic to us?

DD2491, p1 2008

Single provider

• If we use BGP on our connections to our ISP

– We must have an iBGP connection between our edge routers.

– We can still use a static default route to the internet.

– The provider can send us a default route via BGP.

– We can use MED, AS prepend or communities to try to get the ISP to

send us traffic to different prefixes over different links.

DD2491, p1 2008

Single provider

• If we get a full table from our ISP

– We need our hardware to handle ~230 000 prefixes.

– We can use policies to have the traffic leave on different links

depending on the destination.

– If we don't make our IGP aware of those routes we could end up with

suboptimal routing, depending on the network topology.

DD2491, p1 2008

Single provider

• Addressing and AS numbers

– The provider will assign IP address space to us.

– We don't have to have our own AS number. We can use a private AS,

that have to be assigned to us by our provider.

– Private AS numbers are 64512 to 65535.

– The provider have to remove private AS's from prefixes on their

eBGP peerings.

DD2491, p1 2008

Dual providers

• Our address space becomes an issue.

– We need PI (Provider independent) space

• We need a public AS number.

– How to get an AS number will be covered later.

• BGP is a must.

DD2491, p1 2008

Dual providers

DD2491, p1 2008

Dual providers

• If we should use IP space provided by ISP A, 10.1.1.0/24

• That /24 is just a portion of the space provided to the ISP by

the RIR. 10.1.0.0 /19

• We get ISP B to announce “our” /24 (most ISPs will never

announce part of another ISP aggregate).

DD2491, p1 2008

Dual providers

DD2491, p1 2008

Dual providers

• Which ISP will attract all our traffic?

– Longest prefix match

• One solution to this problem would be to have ISP A

announce 10.1.1.0/24 and 10.1.0.0/19.

DD2491, p1 2008

Dual providers

DD2491, p1 2008

Dual providers

• Another solution to this problem is to get Provider

Independent (PI) IP space from a RIR (Regional Internet

Registry).

– To use PI space will also make it much easier to switch ISP.

– With PA space the ISP “owns” the IP addresses you use. If you move

to another ISP the first one will make you return the borrowed space.

DD2491, p1 2008

Dual providers

• Load balancing the egress

– Using BGP attributes and IGP cost you can prefer one prefix set over

one ISP and another set over the other ISP.

– This will not balance the load equally over the two upstreams.

– If you monitor your traffic patterns you could try to balance the load

more.

DD2491, p1 2008

Dual providers

• Load balancing the ingress

– Is it possible to use MED when dual homing with two IPSs?

– Is it possible to use AS prepend?

– How about announcing more specific routes to attract traffic?

• You have to have a good dialog with your ISPs when you are

doing any kind of traffic engineering.

DD2491, p1 2008

Symmetry/asymmetry and the internet

• When you have more the one way to reach a destination

symmetry can not be guaranteed.

• Some hardware dealing with state and flow needs symmetry

to work properly.

DD2491, p1 2008

Symmetry/asymmetry

DD2491, p1 2008

Symmetry/asymmetry

• We have to have traffic leaving a firewall return over the

same one.

– We could use AS prepend.

– We could advertise more specific routes

– What if the firewalls exchanged their current flow and state tables?

DD2491, p1 2008

Questions?