Hey all,
I have a Cisco IOS router with two upstream BGP peers (P1 & P2). P1 is our ISP, and P2 is a routed DDoS service.
I want to advertise some prefixes to P2 and then fail-over those prefix advertisements to P1 in the event that BGP peering with P2 is lost. The idea is that our incoming traffic will be able to bypass the DDoS service in the event of an outage.
This is easy to do with a conditional advertisement (specifically using a non-exist-map), however we do not currently receive any routes from P2. In my test lab I have been using a dummy route received from P2 (E.g. 169.254.0.1/32) as the basis for an advertise-map.
I'm yet to ask our DDoS provider if they can accommodate this arrangement, but wanted to ask your opinions to see if there is a better way I should be doing this? Perhaps with some sort of object tracking or BGP peer status tracking?
No comments:
Post a Comment