Thursday, April 4, 2019

Need advice on build-out for ISP redundancy...

I've been asked to create redundancy in our ISP setup and need some help in designing this... execution will be a difficult task given that I have never done this before myself, but I figure I've got to get this part right first, eh..?

Basically I'm trying to nail down what is needed, what's not needed, what's simply overkill... I'll end up relying on vendors and contractors for execution but want to make sure they do not go nuts on the design and make this too complex for future support by a small staff w/o a lot of experience.

To that end I'm soliciting opinions on this drawing - https://imgur.com/xGrduev

Goals

  1. Add ISP redundancy - Primary connection, Failover connection
  2. Prevent other single-point of failure if possible
  3. Keep the setup as simple as possible

** goal #3 should be given strong consideration at each layer

** this solution is based in a colo... the support team live within 30 minutes, and can be on-site within an hour for a hardware replacement if needed.

In networks that I have previously supported, I have never had the challenge of multiple routers at the edge so dealing with BGP is new to me here. Have also never had a chance to deal with creating LAG's or Port-Channels between routers to switches, or from firewalls to switches... everything I have supported in the past was typically single-homed with a PRI/SEC firewall setup the only redundancy in the whole setup.

Big questions I have are:

  • Edge Routers
    • Is there a benefit to using multiple routers, or should we just aggregate both ISP's into one router..?
    • If two routers are used, am I correct in assuming you would need an HSRP connection between them to deal with BGP..?
    • Can you build a LAG or Port-Channel between the routers and the switching at the next layer..?
  • External Switch Stack
    • Same as above, is there benefit to putting a stack in and creating some kind of LAG or Port-Channel between the router/s to the switching at this layer, or just using one switch..?
  • Firewalls
    • Can you build a LAG or Port-Channel between the firewalls and the Core switching at the next layer..?


at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)