CNDO: Dual Homed Campuses | NSRC Training Resources

View Transcript

In this video clip I want to examine the use of BGP in campus networks. The use of BGP at the campus level is impacted by the NREN model of service that we discussed in more detail in the BGP for NRENs video. To review we commonly see two basic models NRENs around the world. We see NRENs provide a limited set of peering routes as well as the more common case where the NREN provides full Internet connectivity when the NREN is a peering network. Note that all campuses must have two connections --one to the ISP and one to the NREN. Where the NREN acts as the ISP the NREN provides full internet access by purchasing internet from an ISP and serving that internet access to the campus. This allows the campus to have a single connection and point their default route to the NREN. Note, however, that a campus can have a second connection to an ISP if they choose. They may want to do this for a redundancy or for load balancing. It is important to note that if the NREN is a peering network that provides a limited set of IP routes, then the connected members are forced to dual homed. If the NREN acts as an ISP the connected members can just use the NREN on a single connection. Or if they have other requirements and have the resources to make it work they can choose to dual home if they want. If a campus is dual homed the only way to make this work properly is to run BGP, and as discussed in other video clips, to run BGP the campus must have a provider independent address block, an autonomous system number and have the technical expertise and equipment capable of running BGP. Note that to obtain provider independent IP addresses and autonomous system numbers the campus must join the appropriate internet registry and apply for and pay for these IP resources. You can see from this diagram the proper way to dual home. This university has their own provider independent IP address space and has allocated addresses out of that space for each of the interfaces connected to the NREN and the ISP and they have configured BGP peering with both the NREN and the ISP. We have seen some cases where people try to dual home a campus network without using BGP. They don't have any provider independent address space so they use an address block from their ISP and one from the NREN. Since they don't have provider independent address space or an ASN, they can't run BGP. The only thing they can do is run NAT and try to load balance or use one connection as a backup for the other. If the NREN is a peering network, the NREN can't carry traffic to the entire internet so this doesn't work at all. If the NREN acts as an ISP this can work although it's less than ideal because you would prefer to use the NREN for routes to the global research and education network community and there's no real way for you to make your net box do this. Finally this diagram shows the proper way to dual home in an NAT'ed environment. The university has their own provider independent address space and has allocated addresses out of that space for each of the interfaces connected to the NREN and the ISP. They have configured BGP peering up with both the NREN and the ISP. Note that we use the university's provider independent address space for the IP addresses on the outside of the NAT box and we can also have servers with public IPs out of this same provider independent address block.

Acceptable Use

Attribution-NonCommercial 4.0 International (CC BY-NC 4.0)

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.
You are free to:

Share — copy and redistribute the material in any medium or format
Adapt — remix, transform, and build upon the material
The licensor cannot revoke these freedoms as long as you follow the license terms.
Under the following terms:

Attribution — You must give appropriate credit, provide a link to the license, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use.
NonCommercial — You may not use the material for commercial purposes.
No additional restrictions — You may not apply legal terms or technological measures that legally restrict others from doing anything the license permits.

BGP for All

Introduction to Routing

Introduction to BGP

BGP Attributes

BGP Policy

BGP Scaling Techniques

BGP Best Practices

Multi-Homing

BGP Case Studies

Communities

Value of Peering

IXP Design and Implementation

BGP for NRENs

Routing Security

Route Origin Validation

MANRS

perfSONAR

Intro & Installation

Configuration

Regular Testing

Using Metrics

Network Measurements

Using MaDDash

ScienceDMZ

Background and Structure

Specific Designs

Techniques & Technology

FedIdM

Campus Identity

Federated Identity

Identity and Business Models

Campus Network Design & Ops

Campus Design

Cabling

View Transcript

Related Documents

Acceptable Use