https://imgur.com/X8KMA62 <- Crude diagram of setup
Hi,
I'm hoping to use the power of the hive mind to tell me whether I'm crazy or not.
Sorry for the crude diagram, but I hope it illustrates what I'm on about, will try to be as concise as I can.
Requirements:
Establish BGP sessions over redundant VPN tunnels to Google cloud to provide automatic failover/failback in the event of a fiber cut
Tunnel 0 needs to establish over interface Gig0, Tunnel 1 needs to establish over interface Gig1.
On site office router is an ASR1001-x.
Gig0 is a public interface, static IP, default route pointing to the gateway of our fiber provider.
Gig1 is a public interface, DHCP IP, connected to a docsis modem.
Gig4 just represents the office network and any that reside behind it.
Office uses a very simple BGP setup to route internal networks over VPNs between several sites.
Said sites also use this main office to reach internal dev networks that reside in Google cloud.
Originally I set up a VTI0 tunnel to Google, set up BGP, office router learns routes for Google cloud networks and advertises routes for networks at the other ofices to google, works well.
I've now been told we require a redundant path, hence the new docsis connection.
My thought process was basically this:
1. OK so I need to fire up another VTI, second BGP adjacency to Google, path prepend the docsis connection so it prefers the fiber and that should work.
2. But wait, The office router has a default route going out Gig0 so how will VTI1 come up over Gig1?
3. Ah yes! VRFs! Throw Gig1 in to its own VRF, configure BGP and then... oh... Now that's up but it's two separate routing tables, so no failover obviously
4. Route redistribution between VRFs? OK so make Gig0 VRF "fiber", make Gig1 VRF "cable", make Gig4 VRF "mixed"... redistribute routes from fiber and cable VRFs in to mixed VRF... and add all internal interfaces to mixed VRF?
At that point I began to doubt myself. I have a decent amount of networking experience, but it's not my main job role. I've done some research but feel like I'm going in circles a bit.
I understand a bit about how BGP works and the basics of how to make sure certain paths are preferred over others, but this is well outside of what I've done in the past.
I know the best answer is probably "hire a consultant that knows what they're doing" but regrettably that's not an option here right now.
I have more networking experience than others on my dev team, erego I'm "the network guy", so it's on me to make something work, whether that takes me 4 hours or 4 days.
I've mucked about in GNS3 to get a proof of concept going, and I more or less have it working. But I feel like my multi VRF with redistribution setup might not be the best way to go about solving this problem, and I'm likely missing something much simpler.
Not looking for anyone to do my job for me, am just looking for general guidance here IE; "Yea, that's about the best way to do it" or "No you idiot, go read up on X and use that"
TIA for any suggestions
No comments:
Post a Comment