In this video clip I want to examine the
use of BGP in campus networks.
The use of BGP at the campus level is impacted
by the NREN model of service that we
discussed in more detail in the BGP for
NRENs video. To review we commonly see
two basic models NRENs around the
world. We see NRENs provide a limited
set of peering routes as well as the
more common case where the NREN
provides full Internet connectivity when
the NREN is a peering network.
Note that all campuses must have two connections
--one to the ISP and one to the NREN.
Where the NREN acts as the ISP the
NREN provides full internet access by
purchasing internet from an ISP and
serving that internet access to the campus.
This allows the campus to have a
single connection and point their
default route to the NREN. Note, however,
that a campus can have a second
connection to an ISP if they choose. They
may want to do this for a redundancy or
for load balancing. It is important to
note that if the NREN is a peering
network that provides a limited set of
IP routes, then the connected members are
forced to dual homed. If the NREN acts
as an ISP the connected members can just
use the NREN on a single connection. Or
if they have other requirements and have
the resources to make it work they can
choose to dual home if they want.
If a campus is dual homed the only way
to make this work properly is to run BGP,
and as discussed in other video clips, to
run BGP the campus must have a provider
independent address block, an
autonomous system number and have the
technical expertise and equipment
capable of running BGP. Note that to
obtain provider independent IP addresses
and autonomous system numbers the campus
must join the appropriate internet registry
and apply for and pay for these IP resources.
You can see from this diagram
the proper way to dual home.
This university has
their own provider independent IP
address space and has allocated addresses
out of that space for each of the
interfaces connected to the NREN and
the ISP and they have configured BGP
peering with both the NREN and the ISP.
We have seen some cases where people try
to dual home a campus network without
using BGP. They don't have any provider
independent address space so they use an
address block from their ISP and one
from the NREN. Since they don't have
provider independent address space or an
ASN, they can't run BGP. The only thing
they can do is run NAT and try to load
balance or use one connection as a
backup for the other. If the NREN is
a peering network, the NREN can't carry
traffic to the entire internet so this
doesn't work at all. If the NREN acts as
an ISP this can work although it's less
than ideal because you would prefer to
use the NREN for routes to the global
research and education network community
and there's no real way for you to make
your net box do this.
Finally this diagram shows the proper
way to dual home in an NAT'ed environment.
The university has their own provider
independent address space and has
allocated addresses out of that space
for each of the interfaces connected
to the NREN and the ISP. They have
configured BGP peering up with both the
NREN and the ISP. Note that we use the
university's provider independent
address space for the IP addresses on
the outside of the NAT box and we can
also have servers with public IPs
out of this same
provider independent address block.
© Produced by Philip Smith and the Network Startup Resource Center, through the University of Oregon.
Attribution-NonCommercial 4.0 International (CC BY-NC 4.0)
This is a human-readable summary of (and not a substitute for) the license. Disclaimer. You are free to: Share — copy and redistribute the material in any medium or format Adapt — remix, transform, and build upon the material The licensor cannot revoke these freedoms as long as you follow the license terms. Under the following terms: Attribution — You must give appropriate credit, provide a link to the license, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use. NonCommercial — You may not use the material for commercial purposes. No additional restrictions — You may not apply legal terms or technological measures that legally restrict others from doing anything the license permits.