Re: Need provider suggestions - BGP transit over GRE tunnel

[William Herrin <bill () herrin us>]

On Fri, Jan 28, 2011 at 11:10 AM, Robert Johnson
<fasterfourier () gmail com> wrote:
> My organization is planning to become multihomed in the near future.
> Currently we have redundant (router and physical path) links to a
> single AS where we get our transit, and speak BGP to them using a
> private ASN. This configuration has not been meeting our reliability
> requirements, so we will be getting our own ASN from ARIN, and moving
> from PA to PI IP space.
>
> Our new provider will be used for backup purposes only. We would like
> to minimize the monthly cost of this connection; to do this, we are
> planning to use a VZ business FIOS connection with symmetrical
> bandwidth to establish a GRE tunnel to a datacenter somewhere, and
> bring up a BGP session over that tunnel. I'd like to know if there are
> providers that offer such a service on a regular basis, and if so, if
> anyone is doing this and has words of wisdom.

Hi Robert,

I use a similar technique myself and it works reasonably well.
Servint.net was willing to do it for me and he.net gave me a quote as
well. Three pitfalls to watch out for:

1. A small portion of your traffic is going to wander in via the data
center link and down the GRE tunnel during normal operations. You can
tweak the announcement so that it isn't much, but it won't be zero
either.

2. Make sure you originate the network announcement from your physical
location, not from the data center. In other words, no "network
10.2.3.0 mask 255.255.255.0" in the "router bgp" section at the data
center. If the data center becomes disconnected from you, it should
drop the announcement.

3. You'll need a small block (/29) of PA addresses at the data center
to anchor the tunnel.

Regards,
Bill Herrin



-- 
William D. Herrin ................ herrin () dirtside com  bill () herrin us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004