BGP for Redundancy?

Every once in a while a “cisco engineer” will recommend to a customers that they should consider moving to BGP for redundancy. If you have ever deployed BGP you would know this is lunacy for a small company with a single web site, or many users behind a single firewall. BGP implementation is costly, and requires a significant amount of talent to install, set up and configure. I will outline the process here, but if you head to the bottom i will tell the best way to increase redundancy.

The basics, BGP is the default routing protocol of the Internet, every single IP allocated can be located through BGP routing. In the US IP Addresses are allocated by ARIN, the American Registry for Internet Numbers. Step one in the BGP process is to register for an AS Number, currently the fee is $500, with a $100 maintenance fee. Once you receive an AS number, you will need to purchase BGP connectivity from two different ISP’s (generally $1,000/mo and up). You will need a high end router capable of handling the full BGP routing table, (my last check we had 324,000 prefixes loaded from 1 provider, now multiple by 2, and blend the table together). A Cisco 7200vxr, or larger. This is just for ipv4 numbers, if you want to add ipv6 support the router capabilities escalate.

Once you have your BGP infrastructure up and running, you can apply for an IP allocation. The allocations for ipv4 are in short supply and require a significant amount of documentation and proof that you need IP’s. The minimum allocation is a /20 (4096 ip’s), although in this day and age /20’s can get lost in the major routing tables, a /19 (8092 ip’s) is far more prevalent. This allocation is $2250 per year. Justifying 8,000 ip’s requires a large implementation of facilities, and valid requirements. NAT is always encouraged for organizations, so if you have 8,000 employees, a web site, and an email server… that doesn’t help. If you own a large network, cable system, isp with dsl, web hosting, and a large public wireless access network you are more likely to receive an allocation. So should a small business have an allocation? In short, absolutely not it is extremely wasteful in a global economy. If you are growing and expanding, and think this might be a fit, give us a call we can certainly help you implement it… but… lets talk a better way.

Sonicwall builds excellent perimeter firewall devices that implement NAT, intelligent packet inspection, virus protection, firewall, and VPN capabilities. In addition their higher end devices such as the NSA series provides the ability to connect to two diverse Internet Providers. You won’t be able to use the same IP’s with both providers, but for outbound access this is the perfect solution. Connect one port to your fiber uplink, and the other to a cable or DSL provider for backup. If a link fails the Sonicwall detects it, and automatically reroutes the traffic. Your staff will be able to access the Internet regardless of a link failure.

Inbound access can be challenging. Mail server access is easily achieved with a secondary MX address pointing to the diverse IP, or utilize a front end mail processor from a provider that is located in a highly redundant facility, and have them forward clean mail to your mail server on either IP. Web sites are the problem. DNS provides no convenient way to redirect a web site, you can create two A records but the clients will alternate back and forth between the IP’s, if one is down it looks like the site is down.

Increasing the redundancy of your website is highly dependent on the content of your site. Is it constantly changing like an internal order/inventory system? Or is it fairly static? Can you host it off-site in a redundant data center ( like CSSnw.com ) or set up a remote proxy server that supplies the front end and pulls information from your site? Akamai, Amazon EC3, remote cloud computing, and local clouds are an option. I will discuss local clouds in another article.

Ray Poorman
CTO/CEO CSS