Skip to main content
Fido
Fido
New Member
September 22, 2018
Question

BGP Multihoming to same ISP

  • September 22, 2018
  • 2 replies
  • 14450 views

Hello,

I have this scenario with 2 fortigate 80E A and B at sites 1 and 2.  They both connects to the same ISP with eBGP and of course a link exists between the two sites. I'm advertising network x.x.x.x in site 1 using FG-A and network y.y.y.y at site 2 using FG-B. Both networks exists in the routing table as blackholed routes and are only only usable when a system is Natted to the ips. I want to achieve the following.

1. Make Site-1 the preferred network path for inbound traffic to network x.x.x.x and Site-2 the preferred for path for incoming traffic to network y.y.y.y

2. Be able to Nat a device that exists in site 2 to an IP in network x.x.x.x and have the traffic utilize link in site 2 for outbound and inbound, even though that network originally belongs to site 1.

 

Ive attached a small sketch. Any help will be appreciated.

    2 replies

    emnoc
    emnoc
    New Member
    September 22, 2018

    item1 is  easy, setting metric as in MEDs

     

    Item2 is not so easy, you will have issue with asymmetrical routing issues.

     

    Toshi_Esumi
    SuperUser
    Toshi_Esumi
    SuperUser
    September 24, 2018

    Not from my first-hand experiences but I heard it's depending on ISP's BGP setting if you want to use MED to influence their routing toward you (See Cisco Learning Network discussion below). You should contact your ISP first.

    [link]https://learningnetwork.cisco.com/thread/95799[/link]

    AS-Path (prepending) is more commonly used to influence incoming routes. See an article below for FGT config example:

    https://travelingpacket.com/2014/04/23/fortigate-bgp-as-path-prepending/

     

    For the second part, I don't know where to put the NAT/VIP to work in a redundant way.

     

     

    emnoc
    emnoc
    New Member
    September 24, 2018

    AS-prepending would not work here. It's the same ISP  AS20, MEDs is what predefine what links to use within that "intra AS" and is not transitive.

     

    http://www.informit.com/articles/article.aspx?p=331613&seqNum=5

     

    The MUTLI_EXIT_DISC (MED) is an optional non-transitive attribute that provides a mechanism for the network administrator to convey to adjacent autonomous systems to optimal entry point in the local AS

    Fido
    FidoAuthor
    New Member
    October 10, 2018

    Thanks Toshiesumi and Emnoc. Will definitely investigate the MED option. My main concern however is part 2 of the questions.

    How do enterprises achieve continuity in a DR scenario.

    i.e a webserver is published in DC1 and natted to e.g 2.2.2.2/24, it gets failed over to DC2 where it is natted to 3.3.3.3/24. 

    How do you keep users connected during a DR failover without a DNS change. Can BGP with reference to my diagram, help with this?

    emnoc
    emnoc
    New Member
    October 10, 2018

    In real world since the address is two different   ipv4, we would use a   FQDN device like  a GTM and  wide-ip and set the priority for site Y and fallback to  site X. So  traffic wil always go to site Y and in the event site is 100% down or the server probes die off, you  change the  DNS TTL and repoint it to  site X.

     

    Ken 

    Fido
    FidoAuthor
    New Member
    October 11, 2018

    Thanks for the response Ken.

    If i understand clearly, there's no way to provide full auto failover to a public web-server across two DCs on separate subnet, when the translation is done on a FG (even when both sites are in the same AS), without manual modification of dns record.

    I was looking for solution to ensures traffic gets to the same webserver on same ip address irrespective of the resident DC. That way, i wont have to modify dns record whenever i switch DCs.

    Whats GTM and wide-ip?

     

    Terms & ConditionsAccessibility statement