Tuesday, November 5, 2019

BGP configuration help after ISP upgrade

I don't know BGP well and I've inherited this network recently. I am learning via online courses as much as possible, but this change is being required of me before I am capable/fully "trained."

My goal is to start pushing more traffic to my newly upgraded 10Gb ISP-BRAVO connection, but I don't know the way to do this yet. I could really use some help! If additional information is required, please let me know and I'll update or provide answers as requested. I've posted "sanitized" BGP/Zebra configs from each router below (linked to pastebin - is that OK on this subreddit?).

Current design:
2 dell servers running Quagga as external routers with 3-ish ISP's connected between them. Router 1(RTR1) has a 2Gb ISP circuit connected directly from ISP-Alpha over a 10Gb fiber interface. Router 2(RTR2) has two ISP's connected to it: ISP-Bravo serving us a 10Gb connection over a fiber interface and ISP-Comcastic serving us a limited-use 2Gb connection over a fiber interface.

Additionally, the routers have a single 10Gb HA/cross-over connection directly connecting each other and each also has a single 10Gb connections to an "inward-facing" HPE/Aruba 2920 switch.

The HPE/Aruba 2920 switch has 2 additional 10Gb connections that each run to separate Sophos XG550 firewalls that are configured in an HA pair.

The firewalls have four additional connections that plug into our core router/switch (2 connections from each Sophos firewall; 1 for primary user network and 1 for guest user network) and an HA link (10Gb) between them.

  • ISP-Alpha has always been considered our primary network.
  • ISP-Bravo has always been available for failover and spillover traffic, but was recently upgraded to 10Gb.

  • ISP-Comcastic is designed to only be advertised for traffic destined for Comcast services, specifically IPTV.

  • RTR1 bgpd.conf and zebra.conf: https://pastebin.com/gWqjdXg9

  • RTR2 bgpd.conf and zebra.conf: https://pastebin.com/0rfZis73

TL;DR: Based on the linked configurations, how do I force more of my users' network traffic to my newly upgraded 10Gb circuit? What would this change or new configuration look like if BGP is the way to do this?

Sorry for such a long post - I hope this is allowable and I truly hope one or more of you can assist!



at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)