Results 1 to 16 of 16
  1. #1
    Join Date
    Apr 2006
    Posts
    36

    Colo Network Planning - Routing

    I'm in the final pre-planning stages of setting up a full rack for several clients who need some basic georedundancy for their databases. Additionally, I'm going to put about 5-6 web & mail boxes there, consolidating them from their existing dedicated hosting (CiHost is selling me the boxes).

    My concern is my lack of strong experience with the necessary routing/firewall/and switching equipment for an environment of this type.

    I'm getting a 100mbps fiber drop, and need to get a router. I've got a PIX 506E that I intend to use to firewall both my boxes and the tenant machines. I've got a 2950-24 switch.

    Keeping in mind that I would like to keep the budget down, what would be the best router to select in this situation? Is there a fiber module that I can use directly with the router?

    I've got several options for an IP allocation:

    The default - /30
    No questions asked - a /29 statically routed to the /30 for my router
    A /24 & apply for an ASN to run BGP
    A /24, /25, /26, /27, or /28 based on justification

    As I see it, we're going to have around 16 physical servers, and a need for at least 24 IP's. I see a growing need for HTTPS on a number of these servers so that need may probably grow to provide those sites with their own IP.

    Any suggestions on the "right" block to choose? Should I just shoot for a /24 and set up BGP? All my machines, at this point, will be in that single colo rack, but I can see a possibility of locating machines elsewhere at a point in the future (2+ yr).

    What are some recommended crash courses/books on working with Cisco gear? I have a general understanding, and am confident that I can get things up and running as and when needed, but need at least a good reference to getting the most out of my networking hardware.

  2. #2
    Join Date
    Nov 2002
    Posts
    2,780
    You should try to ask your host to route a /26 for you. This would be easiest of all the options you listed. You also do not need to purchase a router. BGP is not a justification for IP space with ARIN. Ideally, you really should be using a /23 if you wish to speak BGP.
    http://Ethr.net jay@ethr.net
    West Coast AT&T / Level3 / Savvis Bandwidth, Colocation, Dedicated Server, Managed IP Service, Hardware Load Balancing Service, Transport Service, 365 Main St, SFO / 200 Paul Ave, SFO / PAIX, PAO / Market Post Tower, 55 S. Market, SJC / 11 Great Oaks, Equinix, SJC

  3. #3
    Join Date
    Apr 2006
    Posts
    36
    I'm going to be required to have my own router, per their contract. The only instance in which I wouldn't need a router is if I were getting retail bandwidth (no subleasing/webhosting allows) and needed no more than a /28.

    (I, too, don't quite understand the *requirement* that I have a router, but whatever..)

  4. #4
    Join Date
    Jun 2000
    Location
    Washington, USA
    Posts
    5,990
    100Mbps over fiber? Guess they are using 100BaseFX. How much bandwidth do you expect to push?

  5. #5
    Join Date
    Aug 2004
    Location
    Houston, TX
    Posts
    1,405
    Why do fiber? Cheaper todo cat5.
    Eleven2 Web Hosting - World-Wide Hosting, Done Right!
    Shared Hosting | Reseller Hosting | Dedicated | Virtual Premium Servers
    Server Locations in: Dallas | Los Angeles | Singapore | Amsterdam

  6. #6
    Join Date
    Feb 2004
    Location
    Atlanta, GA
    Posts
    5,662
    Also do you really need a "router" or a basic layer3 switch?

    Why would you speak BGP with only *1* provider?

  7. #7
    Join Date
    Feb 2006
    Location
    San Antonio, TX
    Posts
    49
    the bad thing is the fiber handoff...

    Simplest scenario you get a media converter to convert it to 100basetx to plug into a vlan on the switch.


    I would have them setup a /29 (assuming for HSRP IPS on the provider side or redundant firewalls in the future) and route the additional IP address to the IP address of your PIX,

    then on your PIX you setup the outside interface on the /29 and for the additional IPs that they route to your PIX interface you just setup Static NAT mappings (of course if your solution is going to play well with NAT). You could do something similar with no-nat but its really simple with NAT. What you basically end up with is your PIX doing simple routing but remember the PIX will not route traffic in and out the same interface so you may end up having to need static routes on some of the servers behind the firewall.

    www -- /29 --- PIX --- all external ips end up on your private block of ips ex 10.10.10.0/24

    This way you dont need any extra equipment.

  8. #8
    Join Date
    Jul 2005
    Posts
    139
    Hello,

    Jay wrote:

    Quote Originally Posted by Mfjp
    Ideally, you really should be using a /23 if you wish to speak BGP.
    Hrm? Why? What's the difference in utility between a /24 and a /23 in the context of reachability?

    Best regards,
    David

  9. #9
    Join Date
    Jan 2004
    Location
    Texas
    Posts
    1,556
    Quote Originally Posted by garp74
    Hello,

    Jay wrote:



    Hrm? Why? What's the difference in utility between a /24 and a /23 in the context of reachability?

    Best regards,
    David
    Because some of the larger providers will filter /24's and larger.
    James Lumby

  10. #10
    Join Date
    Jul 2005
    Posts
    139
    May I have an example of a North American carrier (of size) who filters out /24 route announcements sent to them by a peer, please? My impression was such filtering practices (esp. by large providers) were a thing of the past.

  11. #11
    Join Date
    Jun 2001
    Location
    Denver, CO
    Posts
    3,302
    Quote Originally Posted by WireSix
    Also do you really need a "router" or a basic layer3 switch?

    Why would you speak BGP with only *1* provider?
    There are definitely many reasons why doing this could be advantageous. For example, if you had your BGP session setup, you could make use of community strings for null routing, MEDs for the best path into your network, etc.
    Jay Sudowski // Handy Networks LLC // Co-Founder & CTO
    AS30475 - Level(3), HE, Telia, XO and Cogent. Noction optimized network.
    Offering Dedicated Server and Colocation Hosting from our SSAE 16 SOC 2, Type 2 Certified Data Center.
    Current specials here. Check them out.

  12. #12
    Join Date
    Apr 2006
    Posts
    36
    Here's the pertinent part of the agreement. If you guys have suggestions or advice, let me know. This is my first colo; I've done a lot of dedicated, but not dealt with this stuff before.

    II. TYPE OF SERVICE

    3. Customer Hardware:

    NOTE:
    Customers classed as "Wholesale" are those that Resell IP Services of any type on the circuit. Typical examples of this would be a collocation, streaming, or webhosting company. All Resellers are required to use a Router (or other Layer-3 Device) to connect to [COMPANY].

    Customers classed as "Retail" are End-Users. A typical example would be a law firm with offices in a [COMPANY] building. Circuits sold as "Retail" are only to be used for internet access for company employees and for company business. Web hosting your own corporate sites is OK, web hosting those of someone else is not. Retail customers may use a Switch or Firewall (or other Layer-2 Device) to connect to [COMPANY] if they require a /25 (128 IPs) or less. If more than a /25 is required, a Router (or other Layer-3 Device) is required.

    [ ] Layer-3 Device (Router/Firewall) [ ] Layer-2 Device (Switch)

    A: Manufacturer: __________________
    Model: __________________________

    B: Redundancy: I have two routers/firewalls and need a /29 on the connected interface instead of a /30 [ ] Yes [ ] No

    4. Do you need to run BGP? [ ] Yes [ ] No
    Will my PIX suffice as an "other layer 3 device"?

  13. #13
    Join Date
    Feb 2006
    Location
    San Antonio, TX
    Posts
    49
    please review my post..

    BGP is completely unnecessary since you have one upstream, you will basically piggy back off of your providers redundancy. if you need to null route, look at the SHUN command in the pix.

  14. #14
    Join Date
    Jan 2004
    Location
    Texas
    Posts
    1,556
    Quote Originally Posted by garp74
    May I have an example of a North American carrier (of size) who filters out /24 route announcements sent to them by a peer, please? My impression was such filtering practices (esp. by large providers) were a thing of the past.
    I could be wrong and my info could be out of date, but I have heard that sprint for one does. That being said, take it with a grain of salt as I have absolutely no proof and it is heresay. That being said, as far as I'm concerned, better safe than sorry.
    James Lumby

  15. #15
    Join Date
    Nov 2002
    Posts
    2,780
    Quote Originally Posted by garp74
    May I have an example of a North American carrier (of size) who filters out /24 route announcements sent to them by a peer, please? My impression was such filtering practices (esp. by large providers) were a thing of the past.
    Dave is probably correct. Though I do remember in the past when we started doing BGP, our providers back then were telling us we need a /23 to be able to reach the whole world.

    (I just looked, and we're annoucing some /24 on it's own and nobody complaint about them, so it must work)
    http://Ethr.net jay@ethr.net
    West Coast AT&T / Level3 / Savvis Bandwidth, Colocation, Dedicated Server, Managed IP Service, Hardware Load Balancing Service, Transport Service, 365 Main St, SFO / 200 Paul Ave, SFO / PAIX, PAO / Market Post Tower, 55 S. Market, SJC / 11 Great Oaks, Equinix, SJC

  16. #16
    Join Date
    Jul 2005
    Posts
    139
    Hello,

    Thanks for the replies, James and Jay.

    I receive Sprint's full table as a BGP customer of theirs. A check of today's data finds them passing me 105,076 /24s (and 16,667 /23s, for what it's worth). 105k = clearly unfiltered

    From my seat, operators have made it clear to me that prefix length filtering at the /24 and shorter level is a thing of the past (in North America). Originating a /24 prefix from your AS to your providers should result in good reachability.

    Best regards,
    David

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •