In this video clip I want to examine the use of BGP in campus networks. The use of BGP at the campus level is impacted by the NREN model of service that we discussed in more detail in the BGP for NRENs video clip. To review, we commonly see two basic models of NRENs around the world. We see the NRENs that provide a limited set of peering routes, as well as the more common case where the NREN provides full Internet connectivity. As you can see when the NREN is a peering network all campuses must have two connections, one to the ISP and one to the NREN. When the NREN acts as an ISP the NREN provides full internet access by purchasing Internet access from an ISP and serving that Internet to the campus. This allows the campus to have a single connection and point their default route to the NREN. However, a campus may choose to have a second connection to an ISP, they might want to do this for redundancy or for load balancing. It is very important to note that if the NREN is a peering network the connected members are forced to dual home, they do not have a choice. If the NREN acts as an ISP, the connected members can just use the NREN on a single connection, or if they have other requirements and resources to make it work, they can choose to dual home and get a second connection. If a campus is dual homed, the only way to make this work properly is to run BGP. As discussed in other video clips, to run BGP the campus must have a provider independent IP address block, an autonomous system number, and have the technical expertise and equipment capable of running BGP. As you can see from this diagram, this is the proper way to dual home. The university has their own provider independent IP address space, and has allocated addresses out of that space for each of the interfaces connected to the NREN and the ISP, and they have configured BGP peering up with both the NREN and the ISP. We have seen some cases where people try to dual home a campus network without using BGP, they don't have any provider independent address space so they have an address block from their ISP and a different one from the NREN. Since they don't have provider independent address space or an autonomous system number, they cannot run BGP. The only thing they can do is to run NAT and try to load balance, or use one connection as a backup for the other. If the NREN is a peering network, the NREN can't carry traffic to the entire internet so this doesn't work at all. If the NREN acts as an ISP this can work, although it's less than ideal because you would like to prefer the NREN routes to the global research and education network community, and there's no way to make your NAT box do this. And finally, this diagram shows the proper way to dual home in a NAT environment, the university has their own provider independent address space, has allocated addresses out of that block for each of the interfaces connected to the NREN and the ISP, and they have configured BGP peering up with both the NREN and the ISP. Note that we use the university's provider independent address space for the IP address on the outside of the NAT box, and we can also have servers on our campus network with public IPs out of that same provider independent address block.
© Produced by Philip Smith and the Network Startup Resource Center, through the University of Oregon.
Attribution-NonCommercial 4.0 International (CC BY-NC 4.0)
This is a human-readable summary of (and not a substitute for) the license. Disclaimer. You are free to: Share — copy and redistribute the material in any medium or format Adapt — remix, transform, and build upon the material The licensor cannot revoke these freedoms as long as you follow the license terms. Under the following terms: Attribution — You must give appropriate credit, provide a link to the license, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use. NonCommercial — You may not use the material for commercial purposes. No additional restrictions — You may not apply legal terms or technological measures that legally restrict others from doing anything the license permits.