Border Router Selection

Networks designed so that there's no single point of failure will have more than one border router on their perimeter network. See Figure 7-20. Interior routers and hosts on the perimeter network face the task of choosing a border router to deliver their Internet traffic.

Figure 7-20. Central Question in Border Router Selection

Which border router should an interior router or host on the perimeter net choose for outbound Internet traffic? A default route route would have to point either to address 10.0.0.253 or 10.0.0.254. How should an interior router or host choose? Are there alternative to using default routes?

The sections that follow present alternatives that allow hosts and interior routers to retain Internet connectivity as long as there is at least one working border router with at least one good Internet connection. Reliability, complexity, and hardware requirements can be traded off to meet your needs. Alternatives for border router selection with BGP, static default routes, HSRP, and IGP will each be discussed in turn.

Border Router Selection vs. Exit Selection

Why read this section on border router selection if you've read the section on exit selection above? Because they're often two different problems.

Exit selection is the process BGP uses to decide which exit from your AS will be used. Border router selection is the process your interior routers and hosts use to pick a border router. Border router selection happens first as a host or interior router must choose a border router. Then the chosen border router decides if the packet should exit through one of its connections or if it should instead be forwarded to another border router for delivery.

Border Router Selection with IBGP

The border router selection problem can be neatly solved if all interior routers and hosts on the perimeter network run IBGP with the border routers. See Figure 7-21.

Figure 7-21. Selecting Border Router with IBGP

IBGP will copy the BGP routing tables from each border router into the interior router and host. Hence the interior router and host would always pick the best border router for each destination because of what they learned via IBGP.

However, the burden of running BGP adds a lot of complexity to most hosts. (You'd probably have to add software packages like GNU Zebra or GateD to allow a host to run BGP.) And the extra memory and CPU power required by BGP in interior routers may make them substantially more expensive than they'd be if they didn't run BGP. Hence most network designs will run BGP only on the border routers and therefore be faced with the border router selection problem. Following sections discuss network policies for selecting border routers without using BGP.

Border Router Selection with a Static Route

The simplest way for a host or interior router to choose a border router is to use a static default route. But simplicity has its price. Consider how a static default route might lead a host to choose the "wrong" [1] border router. For example, consider Figure 7-22.

Figure 7-22. Host Choosing "Wrong" Border Router

In this case the host had a default static route pointing at Border RouterB and wanted to deliver traffic to a customer of ISPA. ISPA was sending customer routes so that your AS was aware that the destination was a customer of ISPA. In this case, Border RouterB would have learned ISPA's customer routes via IBGP from Border RouterA. So Border RouterB would receive the traffic and immediately redirect or forward it to Border RouterA via the perimeter network. The traffic would've traversed the perimeter network twice, wasting bandwidth.

That's part of the price you pay for the simplicity of a static default route. But there's an even higher price to pay. Suppose that Border RouterB fails as shown in Figure 7-23.

Figure 7-23. Host Unreachable from Internet when Border Router Fails

The interior router would likely share an IGP with the border routers. As shown above in the section called Exit Selection and Static Default Routes, your IGP should be configured to select a functioning border router with at least one good Internet connection. Your IGP would detect the failure of Border RouterB so your interior router would use Border RouterA as its default route.

But what about the host shown in Figure 7-23? It has a static default route pointing at the now dead Border RouterB. Hence it has lost all Internet connectivity. This is another example of how static routes and reliable networks often don't mix. But the next sections shows how Cisco routers provide a way that hosts can retain the simplicity of a static default route and yet maintain reliable Internet connectivity.

Border Router Selection with HSRP

HSRP is designed so that two or more routers can dynamically share a single IP address. Hosts that have static default routes pointing at this address will see a reliable exit path from your AS without having to listen to BGP or your IGP.

HSRP isn't a routing protocol at all. It's simply a way for routers on the same multi-access network to present a "non-stop" IP address. See the section called HSRP (Hot Standby Router Protocol) in Chapter 8 for HSRP configuration.

HSRP has the benefit that it keeps host configuration simple—a commonly used static default is all that's required. It also reacts to failures in a matter of seconds.

Here are some examples of HSRP in action. Consider the site shown in Figure 7-24.

Figure 7-24. HSRP with Two Border Routers in Normal Operation

The site has a T3 for its primary Internet connection and a T1 on a different border router for a backup. The perimeter network interface of Border RouterA is configured to have address 10.0.0.253. The perimeter network interface of Border RouterB is configured to have address 10.0.0.254. Since Border RouterA has the primary Internet connection, HSRP on it is configured so that it normally also holds the shared virtual interface address (10.0.0.1) on its perimeter network interface. HSRP on Border RouterB is configured to monitor the health of Border RouterA. Internet traffic from the host follows the static default route toward 10.0.0.1 to Border RouterA and exits on the T3 when both border routers are operating.

But suppose Border RouterA fails as shown in Figure 7-25.

Figure 7-25. HSRP with Failed Primary Border Router

Within seconds of Border RouterA's failure, Border RouterB's perimeter network interface takes over the shared virtual interface address (10.0.0.1). The static default route in the host now points to Border RouterB with no work on the host's part. Its Internet traffic now exits on the T1 via Border RouterB.

Now suppose that the T3 fails but Border RouterA continues to operate. See Figure 7-26. We want Border RouterB to take over the shared virtual address even though Border RouterA is still functioning. This case is handled by configuring Border RouterA to "give up" the address whenever it looses carrier detect on the T3.

Figure 7-26. HSRP with Failed Primary Internet Connection

This behavior is implemented with a priority system. Border RouterA is configured to lower its priority whenever carrier detect is lost on the T3. Border RouterB seizes control of the shared virtual interface address whenever it notices that its priority is now the highest in the group of routers sharing the address. (Yes, more than two routers can share a single virtual interface address.)

Find limit if any.



At this point, HSRP may sound pretty good (and it is), but there are a couple of things you should keep in mind.



Border Router Selection with Hosts Listening to IGP

HSRP is usually the best way for hosts to select a border router because it recovers quickly from failures and keeps host configuration simple. If you can't use HSRP, the next best choice for selecting a border router is to have hosts that listen to an IGP. It's most common for hosts to be able to listen to RIP, but the slow (several minute) convergence time of RIP makes it a poor IGP for those interested in reliability.

OSPF makes a much better IGP, but is substantially more complicated than RIP. To run OSPF on your hosts (or if your hosts don't already support RIP), you'll need to install a package like GNU Zebra or GateD. Remember that such packages may significantly complicates a host's configuration. They may also give it additional work to do that may distract it from it's primary function or impose additional hardware (e.g. memory) requirements.

Border Router Selection and Load Sharing

HSRP does a lot for reliability, but it can work against outbound load sharing in some cases. (Unfortunately, these cases often occur at sites with 2 T1s and more than 1 T1s worth of output bandwidth.) Consider the network of Figure 7-27.

Figure 7-27. Load Sharing with BGP but Without HSRP

Since both ISPs are sending only default routes, each border router will use its Internet connection for all exit traffic it receives. If each host generates about the same amount of outbound traffic, reasonably good outbound load sharing is achieved. (This might be especially desirable if both hosts together generated more traffic than would fit on either Internet connection individually.)

Although the outbound load sharing might be good with this configuration, your outbound traffic might be reaching its destination through some pretty circuitous paths. See the section called Exit Selection Scenario with Multiple ISPs for a complete explanation. As a quick reminder, think about what happens to traffic from HostB that destined for a customer of ISPA. It would have to be carried by at least ISPB (and perhaps several other ASes) before reaching ISPA.

If either Internet connection fails, BGP will lose the default route it had heard through that connection. Exit traffic sent to either router will eventually exit on the remaining (working) Internet connection. (This achieves the same effect that HSRP did above in Figure 7-26, although probably not quite as quickly.)

But what if one of the border routers fails? Any hosts using the failed border router as the destination for a static default route would loose Internet connectivity. HSRP dealt handily with this problem above in Figure 7-25. What would happen if we configured HSRP on both border routers and configured both hosts to use the HSRP virtual interface address for their static default route?

We would have better reliability since either Internet connection or either border router could fail without loss of Internet connectivity. But even in the absence of failure, all exit traffic from the AS would go out one Internet connection while the outbound side of the other sat largely idle. This could lead to congestion if the total exit traffic from HostA and HostB exceeded the capacity of either Internet connection. See Figure 7-28. In short, adding just HSRP to the network of Figure 7-27 achieved reliability at the expense of load sharing.

Figure 7-28. Load Sharing with BGP and HSRP

There are two changes that could be made to achieve both reliability and good outbound load sharing:



Notes

[1]

It's often best to think of the host's decision as "convenient" or "suboptimal" rather than "wrong." A host would need the full BGP routing table to make "perfect" border router selections. But if the host used memory for a full BGP routing table and CPU time to process it, there might not be enough of either left over for the host to do its primary job.

Copyright © 1999-2000 by Robert A. Van Valzah