Table of Contents Link to heading
- Enterprise Connectivity Requirements
- Redundancy for Enterprise Network to ISP Connectivity
- Single-router Single-homed
- Single-router Dual-homed or Dual-router Single-homed
- Dual-router Dual-homed
- Dual-homed Advantages
- Public IP Address
- Reserved Autonomous System Numbers (ASNs)
- Establishing Single-Homed IPv4 Internet Connectivity
- Configuring Best Path for Dual-Homed Internet Connectivity
- Dual-homed Setup Requirements
- Centralised Internet versus Direct Internet Connectivities
- Logical Internet High Availability Design Considerations
Enterprise Connectivity Requirements Link to heading
- Outbound
- One-way connectivity from clients to the Internet.
- Private IPv4 addresses with Network Address Translation (NAT) are used for IPv4 connections, allowing clients on a private network to communicate with servers on the public Internet.
- This is a typical home or company LAN end-user model.
- Inbound
- Two-way connectivity where external clients can access the enterprise’s internal resources.
- Both public and private IPv4 address space is needed, and so are routing and security considerations.
- This is a typical public server model.
Redundancy for Enterprise Network to ISP Connectivity Link to heading
- Edge device redundancy
- Deploying redundant routers protects the network against device failure.
- If one router fails, the redundant router will take its place and Internet connectivity can still be established.
- Link redundancy
- Deploying redundant links protects the network against link failure between the router and the ISP router.
- ISP redundancy
- If hosting important servers or accessing mission-critical services on the Internet, it is best to have two redundant ISPs.
Single-router Single-homed Link to heading
provides a minimal degree of the ISP connectivity’s resiliency due to no levels of redundancy for hardware, links, or ISPs.
- Can be used in cases when a loss in Internet connectivity is not problematic to a customer.
Single-router Dual-homed or Dual-router Single-homed Link to heading
provides a moderate degree of the ISP connectivity’s resiliency owing to having either multiple ISPs or multiple links connected to an ISP.
- Routing must be properly configured to allow multiple links to operate effectively.
Dual-router Dual-homed Link to heading
provides a high degree of the ISP connectivity’s resiliency owing to having multiple routers connecting to multiple ISPs.
- Both routers are used as Internet gateways.
- Connections from different ISPs can terminate at the same router, or at different routers to further enhance resiliency.
- Routing must be capable of reacting to dynamic changes.
Incorporating Link Redundancy Link to heading
provides an exceptional degree of the ISP connectivity’s resiliency by having two routers, each with a link two different ISPs.
- All single points of failure issues are resolved, providing a highly reliable connection to the ISP.
Dual-homed Advantages Link to heading
- Two links can act as primary/backup links.
- In case of a primary link failure, the backup link is used for traffic forwarding.
- Traffic can be load balanced over both links.
The options for what ISPs can send to your network in a dual-homed design:
- Only a default route
- A partial routing table (of a subset of routes originated near the ISP) and a default route
- A full routing table - yet resource consumption.
Public IP Address Link to heading
Internet Assigned Numbers Authority (IANA) Link to heading
- Coordinates the global pool of IPv4/IPv6 addresses and autonomous system
numbers (ASNs).
- Allocates them to the Regional Internet Registries (RIRs).
- RIRs allocate address blocks to local Internet registries (LIRs), most of which are ISPs.
- In some regions, RIRs allocate addresses to national Internet registries (NIRs) - who then allocate addresses to ISPs.
- Manages the Domain Name Service (DNS) root zone.
- Manages the IP numbering systems, in conjunction with standards bodies.
Regional Internet Registries (RIRs) Link to heading
- African Network Information Centre (AfriNIC) - Africa region
- Asia Pacific Network Information Centre (APNIC) - Asia Pacific region
- American Registry for Internet Numbers (ARIN) - Canada, U.S., and some islands in the Caribbean Sea and North Atlantic Ocean.
- Latin American and Caribbean IP Address Regional Registry (LACNIC) - Latin America and some Caribbean Islands region.
- Reséaux IP Européens Network Coordination Centre (RIPE NCC) - Europe, Middle East, and Central Asia region.
Provider-Aggregatable (PA) Address Space Link to heading
a block of IP addresses, allocated by an ISP to its end-user organisation, which can be aggregated into a single route advertisement for enhanced Internet routing efficiency.
- A PA address space is used in simple topologies, where no redundancy is needed.
- If the customer changes its ISP, the new ISP will give the customer a new PA
address space.
- All devices with public IP addresses will have to be renumbered.
- The old address space cannot be transferred to the new.
- This mode of determining an IP address is typical for home users.
Provider-Independent (PI) Address Space Link to heading
a block of IP addresses allocated directly by an RIR to its end-user organisations.
- A PI address space is required for dual-homed connections because the enterprise network needs to be independent of the ISP’s address space.
- The PI address space can be routed through other ISPs, resulting in more flexibility when planning connections to an ISP and when migrating between ISPs.
- After processing an address space request, the RIR assigns the PI address
space and a public ASN that uniquely defines the enterprise’s network and its
address spaces.
- This ASN is not related to any ISP.
- The enterprise then configures their Internet gateways to advertise the newly
assigned IP address space to neighbouring ISPs.
- The Border Gateway Protocol (BGP) is typically used for this task as this is inter-AS routing.
- BGP routers exchange information about paths to destination networks outside of their AS.
Reserved Autonomous System Numbers (ASNs) Link to heading
- Original normal range:
- 16-bit number
- 0 – 65,535
- Private ASNs: 64,512 - 65,534
- Expanded to a 32-bit number: two formats
- 32-bit
- 16-bit . 16-bit (dotted join)
- Gives approximately 4,294,967,295 ASNs
- Private ASNs: 4,200,000,000 through 4,294,967,294
Establishing Single-Homed IPv4 Internet Connectivity Link to heading
The Internet router can be configured to enable connectivity with the ISP by either a provider-assigned static IPv4 address or a provider-assigned DHCP address.
- If an ISP does not offer static IP address assignment to its customers, or if it is more expensive to obtain a static IP address, customers might be able to use Dynamic DNS (DDNS).
- Dynamic DNS dynamically updates DNS records to reflect the latest IP address assignments.
Obtaining a Provider-Assigned IPv4 Address with DHCP Link to heading
- DHCP client functionality needs to be enabled on the router interface.
- DHCPv4 operation includes the DHCPDISCOVER, DHCPOFFER, DHCPREQUEST and DHCPACK messages.
- Issue this command on the DHCP client’s interface to acquire an IP address
from the DHCP server through that interface:
- Device(config-if)# ip address dhcp
- Other configuration information can also be obtained through DHCP, such as the default gateway address.
- The default route is installed with an AD of 254, making it a floating static
route.
- Such a high AD prevents the injected route from being used if other manually configured or dynamically learnt default routes exist.
- Issue this command on the router’s DHCP interface to disable this
functionality:
- Router(config-if)# no ip dhcp client request router
Configuring Best Path for Dual-Homed Internet Connectivity Link to heading
- Either static routing towards the ISP or BGP with the ISP are commonly used to route outbound traffic.
- Internet routing information must also be available to the organisation’s internal routing protocol.
- In simple networks, static routes with different AD (e.g. floating static routes) can be used.
- FHRPs can also be used to properly route packets to the appropriate Internet gateway.
Dual-homed Setup Requirements Link to heading
- Own a PI address space and a unique ASN.
- Establish connectivity with two independent ISPs.
Centralised Internet versus Direct Internet Connectivities Link to heading
- Centralised Internet for each branch - higher bandwidth available and
centralised security policies, but suboptimal traffic flows.
- This might require additional redundancy at the Internet edge, which may or may not be present.
- Direct Internet for branches - optimal traffic flows, but more difficult
to manage distributed security policies.
- This also has a higher risk of Internet attacks due to more attachment points.
Logical Internet High Availability Design Considerations Link to heading
- Use a public BGP AS number for BGP connections to the ISPs.
- Use PI address space to allow for advertisement to both ISPs.
- Receive full or partial routing tables to optimise forwarding outbound.
- Use HSRP/GLBP or an IGP such as EIGRP or OSPF internally.