Hello all,
First of all, small introduction: I'm a system and network admin working for a small company (150).
I am in charge of our internal network and some clients infrastructures hosted in datacenters.
My questions concern, one of these infrastructures that I was tasked to replace the firewalls by newer Cisco ASA running 9.9 ASA firmware. Up to this point, no problems that couldn't be handled.
Here a link to a representation of it
As you can see, pretty simple setup and easy to maintain:
Site 1 is production site
Site 2 is the backup site
Both sites are connected to two ISPs, one Internet and the other 'private network' is a VPN/MPLS for clients, (to be honest I don't know what is behind it)
Site-to-Site VPN is UP between the two sites through Internet.
We don't have any control over the routers, they're not under our control.
On daily basis, apps and flows goes to the site 1 and if site 1 is down, only traffic from 'private network' should be automatically redirected to site 2.
As of today, no automatic failover is in place, client-side apps have to manually change IPs to connect to site 2.
I am not going to detail system wise, but a replication is in place between the two sites across a dedicated link connected directly to the datacenters.
Allright, problem now is to be able to make incoming flows from the private network to site 1 redirected to site 2 if site 1 is down (all of it, even network equipements).
So multiple ways of doing that right? DNS, loadbalancers.
But, clients want BGP..
And that is where I ask for some help understanding all of this. I am not new to networking, and can handle myself pretty well but BGP is way out..
This private network is an AS but not under our control, that gives us a few IPs, that we want to advertise for example: if x.x.x.x is not available, redirect to y.y.y.y. Clients saw BGP as simple as that, but I know it isn't
As I understand BGP, it is a routing protocol that advertises IP routes, that can be used either internally to an AS or to advertises to other AS IP routes. As far as I also understand, BGP protocol is used by ISPs or big networks owners, and for small networks, advertise default routes for outgoing traffic.
I tried to study BGP, study examples on forums, but I am hitting a wall
I know that BGP can be used, I have to doubt, but as far as I understand, BGP should be implement by the private network ISP to redirect himself the IPs.
Theses IPs are not even configured on the firewalls..but on the routers..
What I want to know, is: is it possible to implement BGP myself between the two firewalls (BGP capable) or do I need something from the ISP?
I don't know if I have been clear enough
Many Thanks
No comments:
Post a Comment