I've been thinking of implementing this. North and South locations are separated by few hundred miles so it'd be nice if the traffic didn't go from user in south to FW in north and then again to ISP in south.
Idea is to NAT all the users to local FW's NAT pool, one /24 in north and one /24 in south. Everything we allow internet users to access would come to the LBs (F5 BIG-IPs) and they would have their own /24's in each location. Then we could advertise the first /23 as a better route to north ISP and the second to south ISP.
Traffic flow would be something like:
North user in north site 1 --> north site 1 FW --> FW selects north default based on community --> get's natted to x.x.1.0/24 --> internets. Return traffic would come to x.x.1.0/24 that is being advertised with better values from north internet router.
For traffic from internet to servers:
South ISP advertises x.x.2.0/24 as a better route from their network --> hits our south LB --> LB does SNAT to south DC servers and gets return traffic back the right way.
I think it would work, and the main idea is to have some load balancing between the ISPs as our north and south locations are somewhat equal in size. And not to cause extra latency in our network. We're currently getting defaults from the ISP but might switch to full BGP table. Also instead of NAT, I might switch to using just BGP communities. (Every FW is in it's own AS and so are the user networks)
Any ideas or thoughts or anything? Thanks!
No comments:
Post a Comment