Routing
Highlighted
Routing

VRRP on the Carrier Edge

[ Edited ]
a week ago

I'm currently running the MX204 platform in a 'semi' active-passive mode.  Here's my topology in some sites

 

[FILE1 - Yes, I understand the addresses are incorrect for a /30]

Topology - https://imgur.com/a/aTyaKV4 1st image

 

Is the above a good topology and how BGP w\ multi-homing is done in the real world?  It seems a bit complex compared to the simple active\passive firewall model I'm used to.

 

I was thinking though is the following actually done?  I was informed that most carriers don't like to 'waste' space in the carrier edge making the following impossible.  A "true" active\passive setup seems a lot simpler and I have an extra check with VRRP (in the event one of the routers for some reason blackholes traffic).  In my past life I set up a lot of firewalls with HSRP which is why the following redudancy model makes more "sense" to me.  I'm trying to reduce complexity.

 

[File2]

Topology - https://imgur.com/a/aTyaKV4 2nd image

 

I'm nots sure if I can even do this on the MX204 due to the fact that routes aren't "shared"

 

In the above example I'm advertising 99.99.99.0/24.  The 63.63.63.x and 93.93.93.x addresses are the carrier edge.

3 REPLIES 3
Highlighted
Routing
Solution
Accepted by topic author junosuser33
a week ago

Betreff: VRRP on the Carrier Edge

a week ago

Hello junosuser33,

 

the above topology is the standard BGP multihoming topology. From a carrier you get a cable with a standard /30 or even a /31 subnet configured onto which the BGP session is configured.

On the LAN side of your Routers (R1 and R2) you can configure VRRP or OSPF. I'd recommend you to connect the two Routers directly as well and configure iBGP on it, in case the uplink of Carrier 1 fails and the VRRP master is not switching to R2.

 

The below topology is quite uncommon, and it introduces an additional failure point. E.g. if you are facing packet loss to the Carrier, is there any issue on the carrier side or on your Aggr. SW? Additionally, BGP sessions to VRRP VIPs are not a good way, in this case it would be better to establish BGP session to the physical interface address. The prerequisite for this is of course, that the carrier provides you a /29 prefix at minimum, which is mostly not the case.

To have so many BGP sessions intoduces other issues, like BGP dampening issues. E.g. if R1 crashes, two BGP sessions would go down which could trigger BGP dampening in other ASNs.

 

So I'd suggest keep it simple, and connect to the Carriers with a dedicated cable. It makes your life much easier and a 1+1 redundancy should be enough for an Enterprise environment.

--------------------------------------------------

If this solves your problem, please mark this post as "Accepted Solution".
If you think that my answer was helpful, please spend some Kudos.
Highlighted
Routing

Re: VRRP on the Carrier Edge

a week ago

Hello,

 

BGP peering to router' VRRP address is NOT commonly used on ASBRs (be it Enterprise or SP) because when VRRP mastership switches, the BGP session drops. So why bother and spend /29 where You can use /31?

This fact may not be the case with firewall clusters with single control plane + session replication but 2 routers do not have common control plane unless they are in the Virtual Chassis setup.

And MX Virtual Chassis is not supported on MX204.

HTH

Thx

Alex

_____________________________________________________________________

Please ask Your Juniper account team about Juniper Professional Services offerings.
Juniper PS can design, test & build the network/part of the network as per Your requirements

+++++++++++++++++++++++++++++++++++++++++++++

Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !
Highlighted
Routing

Betreff: VRRP on the Carrier Edge

[ Edited ]
a week ago

@F1ght3r wrote:

Hello junosuser33,

 

the above topology is the standard BGP multihoming topology. From a carrier you get a cable with a standard /30 or even a /31 subnet configured onto which the BGP session is configured.

On the LAN side of your Routers (R1 and R2) you can configure VRRP or OSPF. I'd recommend you to connect the two Routers directly as well and configure iBGP on it, in case the uplink of Carrier 1 fails and the VRRP master is not switching to R2.

 

The below topology is quite uncommon, and it introduces an additional failure point. E.g. if you are facing packet loss to the Carrier, is there any issue on the carrier side or on your Aggr. SW? Additionally, BGP sessions to VRRP VIPs are not a good way, in this case it would be better to establish BGP session to the physical interface address. The prerequisite for this is of course, that the carrier provides you a /29 prefix at minimum, which is mostly not the case.

To have so many BGP sessions intoduces other issues, like BGP dampening issues. E.g. if R1 crashes, two BGP sessions would go down which could trigger BGP dampening in other ASNs.

 

So I'd suggest keep it simple, and connect to the Carriers with a dedicated cable. It makes your life much easier and a 1+1 redundancy should be enough for an Enterprise environment.


Apprciate the response!