Educause Security Discussion mailing list archives
Re: Changing ISP?
From: Joe St Sauver <joe () OREGON UOREGON EDU>
Date: Wed, 4 Oct 2006 08:06:36 -0700
Hi John, You asked a number of questions, including: #3. Also, is it sufficient to use a single ISP for redundancy if they #give us separate local loops, via separate ILECs, into opposite ends of the #campus, to separate COs? It depends on the risks that you're trying to control. If you're worried about backhoe fade on your local loop, having physical redundancy for those local loops will help to control the risk of an outage due to a local circuit outage. However, redundancy for the local loop does not buy you redundancy for the Internet transit component of the reliability equation. You would hope that it wouldn't be necessary to have multiple upstream commodity transit providers to obtain functional reliability, but general past history and your recent specific experience gives lie to that, and most people would prefer to have multiple upstream transit providers if they can manage it. #4. Can anyone speak to setting up redundancy with separate ISPs and #BGP? You'll need an ASN for your institution, routing hardware sufficient to handle more than just a default upstream route, network engineering staff to help you configure it, and PI address space that you can announce. You can see the checklist that Sprintlink supplies for their customers at http://www.sprintlink.net/policy/bgp.html #We have not talked about cost with any ISPs but I imagine it would be much #more affordable using a single ISP. It really depends on your business model and your connectivity requirements, I think. Consider four scenarios: -- You want maximum survivability, and good connectivity to all parts of the Internet, so you purchase capacity from two so-called "tier one" providers (such as Sprint and Level3). In each case, you purchase enough capacity so that even if you lose one provider, you have enough capacity on the other provider to allow you to carry all your traffic without congestion. This will be roughly 2X the cost of purchasing connectivity from a single provider, but survivability is good, and you've got some headroom for growth and unexpected load. If you can swing it, this is a nice play to be. -- Money's an issue. You want survivability in case something goes wrong with an individual provider, but if you're buying from a top of the line provider, you're willing to assume than an outage (if one occurs), will be brief, and you just don't want to be COMPLETELY off the air during that time if that happens. In that case, you do something like buy a comfortably sized connection from the so-called tier one, but back it up with a (perhaps smaller) connection from a discount provider. Your capabilities are less, but so are your costs. -- Money's *really* an issue. You decide to buy two connections from budget providers, each able to handle roughly half your aggregate traffic load. If you lose one, you have real problems with congestion (but maybe you plan to temporarily internally shed load by cranking down the rate limits on campus packet shapers or reducing the number of sessions on your streaming servers or whatever). Expect to spend a lot more time dinking around with this sort of a scenario, trying to make it work (and it may never really work well due to the inherent undersizing of the connections). -- You decide that you want one primary connection to a so-called tier one provider, with a backup connection to a secondary provider that is normally quiescent unless the primary connection goes down. You may be able to arrange for that sort of backup or insurance connection at a fraction of the cost of a connection that's always live, but you'll always have the local loop costs, whether you end up using that second backup connection or not. And obviously you could envision a lot of other possible scenarios as well, including things like purchasing connectivity from a regional networking consortia (such as NYSERnet in Utica's case). For smaller schools with limited bandwidth requirements, this is often the best option of all (and the NYSERnet guys are a great bunch of folks). As you start thinking about multihoming, you should be aware that a lot of issues can come up. To name just one, you should realize that traffic may not naturally split on an even basis between two carriers, particularly if one's a so-called tier one, and the other is a discount carrier. Similarly, with multihoming, asymetric routing becomes a possibility (traffic leaves via one path, but returns via the other), and that can sometimes be interesting. I guess the bottom line is that there's no free lunch. #We are planning owning our next set of IP addresses. I'm told there might #be a chance that we could keep our current set. We'll see. http://www.arin.net/policy/nrpm.html will be an excellent background resource for anyone interested in provider independent (portable) address space. It looks Utica currently has 65.220.79/25, so I'm assuming you'd be looking at getting a /22 pursuant to NRPM section 4.3.2.2. Good luck with your project, Regards, Joe
Current thread:
- Changing ISP? John Kaftan (Oct 04)
- <Possible follow-ups>
- Re: Changing ISP? Winders, Timothy A (Oct 04)
- Re: Changing ISP? Joe St Sauver (Oct 04)
- Re: Changing ISP? Graham Toal (Oct 04)
- Re: Changing ISP? Valdis Kletnieks (Oct 04)
- Re: Changing ISP? Samuel Young (Oct 04)
- Re: Changing ISP? John Kaftan (Oct 04)
- Re: Changing ISP? David Gillett (Oct 04)
- Re: Changing ISP? Graham Toal (Oct 04)
- Re: Changing ISP? Valdis Kletnieks (Oct 04)
- Re: Changing ISP? Samuel Young (Oct 04)
- Re: Changing ISP? Brian Friday (Oct 04)
- Re: Changing ISP? Rob Whalen (Oct 13)