CNDO: Dual Homed Campuses | NSRC Training Resources

View Transcript

In this video clip I want to examine the use of BGP in campus networks. The use of BGP at the campus level is impacted by the NREN model of service that we discussed in more detail in the BGP for NRENs video. To review we commonly see two basic models NRENs around the world. We see NRENs provide a limited set of peering routes as well as the more common case where the NREN provides full Internet connectivity when the NREN is a peering network. Note that all campuses must have two connections --one to the ISP and one to the NREN. Where the NREN acts as the ISP the NREN provides full internet access by purchasing internet from an ISP and serving that internet access to the campus. This allows the campus to have a single connection and point their default route to the NREN. Note, however, that a campus can have a second connection to an ISP if they choose. They may want to do this for a redundancy or for load balancing. It is important to note that if the NREN is a peering network that provides a limited set of IP routes, then the connected members are forced to dual homed. If the NREN acts as an ISP the connected members can just use the NREN on a single connection. Or if they have other requirements and have the resources to make it work they can choose to dual home if they want. If a campus is dual homed the only way to make this work properly is to run BGP, and as discussed in other video clips, to run BGP the campus must have a provider independent address block, an autonomous system number and have the technical expertise and equipment capable of running BGP. Note that to obtain provider independent IP addresses and autonomous system numbers the campus must join the appropriate internet registry and apply for and pay for these IP resources. You can see from this diagram the proper way to dual home. This university has their own provider independent IP address space and has allocated addresses out of that space for each of the interfaces connected to the NREN and the ISP and they have configured BGP peering with both the NREN and the ISP. We have seen some cases where people try to dual home a campus network without using BGP. They don't have any provider independent address space so they use an address block from their ISP and one from the NREN. Since they don't have provider independent address space or an ASN, they can't run BGP. The only thing they can do is run NAT and try to load balance or use one connection as a backup for the other. If the NREN is a peering network, the NREN can't carry traffic to the entire internet so this doesn't work at all. If the NREN acts as an ISP this can work although it's less than ideal because you would prefer to use the NREN for routes to the global research and education network community and there's no real way for you to make your NAT box do this. Finally this diagram shows the proper way to dual home in an NAT'ed environment. The university has their own provider independent address space and has allocated addresses out of that space for each of the interfaces connected to the NREN and the ISP. They have configured BGP peering up with both the NREN and the ISP. Note that we use the university's provider independent address space for the IP addresses on the outside of the NAT box and we can also have servers with public IPs out of this same provider independent address block.

Exercises

Acceptable Use

Attribution-NonCommercial 4.0 International (CC BY-NC 4.0)

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.
You are free to:

Share — copy and redistribute the material in any medium or format
Adapt — remix, transform, and build upon the material
The licensor cannot revoke these freedoms as long as you follow the license terms.
Under the following terms:

Attribution — You must give appropriate credit, provide a link to the license, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use.
NonCommercial — You may not use the material for commercial purposes.
No additional restrictions — You may not apply legal terms or technological measures that legally restrict others from doing anything the license permits.