Table of Contents Link to heading

• Enterprise Connectivity Requirements
• Redundancy for Enterprise Network to ISP Connectivity
• Single-router Single-homed
• Single-router Dual-homed or Dual-router Single-homed
• Dual-router Dual-homed
  • Incorporating Link Redundancy
• Dual-homed Advantages
• Public IP Address
  • Internet Assigned Numbers Authority (IANA)
  • Regional Internet Registries (RIRs)
  • Provider-Aggregatable (PA) Address Space
  • Provider-Independent (PI) Address Space
• Reserved Autonomous System Numbers (ASNs)
• Establishing Single-Homed IPv4 Internet Connectivity
  • Obtaining a Provider-Assigned IPv4 Address with DHCP
• Configuring Best Path for Dual-Homed Internet Connectivity
• Dual-homed Setup Requirements
• Centralised Internet versus Direct Internet Connectivities
• Logical Internet High Availability Design Considerations

Enterprise Connectivity Requirements Link to heading

• Outbound
  • One-way connectivity from clients to the Internet.
  • Private IPv4 addresses with Network Address Translation (NAT) are used for IPv4 connections, allowing clients on a private network to communicate with servers on the public Internet.
  • This is a typical home or company LAN end-user model.
• Inbound
  • Two-way connectivity where external clients can access the enterprise’s internal resources.
  • Both public and private IPv4 address space is needed, and so are routing and security considerations.
  • This is a typical public server model.

Redundancy for Enterprise Network to ISP Connectivity Link to heading

1. Edge device redundancy
   • Deploying redundant routers protects the network against device failure.
   • If one router fails, the redundant router will take its place and Internet connectivity can still be established.
2. Link redundancy
   • Deploying redundant links protects the network against link failure between the router and the ISP router.
3. ISP redundancy
   • If hosting important servers or accessing mission-critical services on the Internet, it is best to have two redundant ISPs.

Single-router Single-homed Link to heading

provides a minimal degree of the ISP connectivity’s resiliency due to no levels of redundancy for hardware, links, or ISPs.

• Can be used in cases when a loss in Internet connectivity is not problematic to a customer.

Single-router Dual-homed or Dual-router Single-homed Link to heading

provides a moderate degree of the ISP connectivity’s resiliency owing to having either multiple ISPs or multiple links connected to an ISP.

• Routing must be properly configured to allow multiple links to operate effectively.

Dual-router Dual-homed Link to heading

provides a high degree of the ISP connectivity’s resiliency owing to having multiple routers connecting to multiple ISPs.

• Both routers are used as Internet gateways.
• Connections from different ISPs can terminate at the same router, or at different routers to further enhance resiliency.
• Routing must be capable of reacting to dynamic changes.

Incorporating Link Redundancy Link to heading

provides an exceptional degree of the ISP connectivity’s resiliency by having two routers, each with a link two different ISPs.

• All single points of failure issues are resolved, providing a highly reliable connection to the ISP.

Dual-homed Advantages Link to heading

1. Two links can act as primary/backup links.
   • In case of a primary link failure, the backup link is used for traffic forwarding.
2. Traffic can be load balanced over both links.

The options for what ISPs can send to your network in a dual-homed design:

1. Only a default route
2. A partial routing table (of a subset of routes originated near the ISP) and a default route
3. A full routing table - yet resource consumption.

Public IP Address Link to heading

Internet Assigned Numbers Authority (IANA) Link to heading

• Coordinates the global pool of IPv4/IPv6 addresses and autonomous system numbers (ASNs).
  • Allocates them to the Regional Internet Registries (RIRs).
  • RIRs allocate address blocks to local Internet registries (LIRs), most of which are ISPs.
  • In some regions, RIRs allocate addresses to national Internet registries (NIRs) - who then allocate addresses to ISPs.
• Manages the Domain Name Service (DNS) root zone.
• Manages the IP numbering systems, in conjunction with standards bodies.

Regional Internet Registries (RIRs) Link to heading

1. African Network Information Centre (AfriNIC) - Africa region
2. Asia Pacific Network Information Centre (APNIC) - Asia Pacific region
3. American Registry for Internet Numbers (ARIN) - Canada, U.S., and some islands in the Caribbean Sea and North Atlantic Ocean.
4. Latin American and Caribbean IP Address Regional Registry (LACNIC) - Latin America and some Caribbean Islands region.
5. Reséaux IP Européens Network Coordination Centre (RIPE NCC) - Europe, Middle East, and Central Asia region.

Provider-Aggregatable (PA) Address Space Link to heading

a block of IP addresses, allocated by an ISP to its end-user organisation, which can be aggregated into a single route advertisement for enhanced Internet routing efficiency.

• A PA address space is used in simple topologies, where no redundancy is needed.
• If the customer changes its ISP, the new ISP will give the customer a new PA address space.
  • All devices with public IP addresses will have to be renumbered.
  • The old address space cannot be transferred to the new.
• This mode of determining an IP address is typical for home users.

Provider-Independent (PI) Address Space Link to heading

a block of IP addresses allocated directly by an RIR to its end-user organisations.

• A PI address space is required for dual-homed connections because the enterprise network needs to be independent of the ISP’s address space.
• The PI address space can be routed through other ISPs, resulting in more flexibility when planning connections to an ISP and when migrating between ISPs.
• After processing an address space request, the RIR assigns the PI address space and a public ASN that uniquely defines the enterprise’s network and its address spaces.
  • This ASN is not related to any ISP.
• The enterprise then configures their Internet gateways to advertise the newly assigned IP address space to neighbouring ISPs.
  • The Border Gateway Protocol (BGP) is typically used for this task as this is inter-AS routing.
  • BGP routers exchange information about paths to destination networks outside of their AS.

Reserved Autonomous System Numbers (ASNs) Link to heading

• Original normal range:
  • 16-bit number
  • 0 – 65,535
  • Private ASNs: 64,512 - 65,534
• Expanded to a 32-bit number: two formats
  • 32-bit
  • 16-bit . 16-bit (dotted join)
  • Gives approximately 4,294,967,295 ASNs
  • Private ASNs: 4,200,000,000 through 4,294,967,294

Establishing Single-Homed IPv4 Internet Connectivity Link to heading

The Internet router can be configured to enable connectivity with the ISP by either a provider-assigned static IPv4 address or a provider-assigned DHCP address.

• If an ISP does not offer static IP address assignment to its customers, or if it is more expensive to obtain a static IP address, customers might be able to use Dynamic DNS (DDNS).
• Dynamic DNS dynamically updates DNS records to reflect the latest IP address assignments.

Obtaining a Provider-Assigned IPv4 Address with DHCP Link to heading

• DHCP client functionality needs to be enabled on the router interface.
• DHCPv4 operation includes the DHCPDISCOVER, DHCPOFFER, DHCPREQUEST and DHCPACK messages.
• Issue this command on the DHCP client’s interface to acquire an IP address from the DHCP server through that interface:
  • Device(config-if)# ip address dhcp
• Other configuration information can also be obtained through DHCP, such as the default gateway address.
• The default route is installed with an AD of 254, making it a floating static route.
  • Such a high AD prevents the injected route from being used if other manually configured or dynamically learnt default routes exist.
  • Issue this command on the router’s DHCP interface to disable this functionality:
    • Router(config-if)# no ip dhcp client request router

Configuring Best Path for Dual-Homed Internet Connectivity Link to heading

• Either static routing towards the ISP or BGP with the ISP are commonly used to route outbound traffic.
• Internet routing information must also be available to the organisation’s internal routing protocol.
• In simple networks, static routes with different AD (e.g. floating static routes) can be used.
• FHRPs can also be used to properly route packets to the appropriate Internet gateway.

Dual-homed Setup Requirements Link to heading

1. Own a PI address space and a unique ASN.
2. Establish connectivity with two independent ISPs.

Centralised Internet versus Direct Internet Connectivities Link to heading

1. Centralised Internet for each branch - higher bandwidth available and centralised security policies, but suboptimal traffic flows.
   • This might require additional redundancy at the Internet edge, which may or may not be present.
2. Direct Internet for branches - optimal traffic flows, but more difficult to manage distributed security policies.
   • This also has a higher risk of Internet attacks due to more attachment points.

Logical Internet High Availability Design Considerations Link to heading

• Use a public BGP AS number for BGP connections to the ISPs.
• Use PI address space to allow for advertisement to both ISPs.
• Receive full or partial routing tables to optimise forwarding outbound.
• Use HSRP/GLBP or an IGP such as EIGRP or OSPF internally.