Ultimately, the choice of which of your entrances to use is entirely up to your ISP(s). However, several mechanisms exist so that you can exert some influence over which of your entrances is chosen for each packet. Following sections discuss these mechanisms.
Single ISP, Multiple Connections, Single Site
If you have a single ISP connected to your AS more than once at a single site, your primary entrance (and exit) selection concerns are probably equitable sharing of the traffic across the incoming lines with fail-over. Close coordination is required between you and your ISP. Some ISPs use BGP (e.g. "loopback peering") in this configuration and some don't. The type of load sharing used may differ if the connections all go between the same routers at your end and the ISP's end. These cases are all different and you'll have to work them out with your ISP.
Let's assume that you have a single ISP connected to your AS at two or more sites since that's where selecting your entrance policy gets "interesting." (For the single-site case, see the sidebar Single ISP, Multiple Connections, Single Site.) Your biggest concern is probably making sure that the ISP chooses the entrance to your AS closest to the eventual destination network within your AS. Even if you have a private network connection between sites and could easily carry the traffic across it to the eventual destination, you're usually better off asking the ISP to do this for you since their network is probably faster than yours. See Figure 7-18.
If traffic arrives at your ISP's Border RouterC destined for your LANB, the router would have to decide if the traffic should immediately enter your AS via Border RouterA (the "hot potato" policy) or if it should stay in the ISP's AS till it is closer to the destination network (the "cold potato" policy). Your ISP's routers will probably employ the hot potato policy unless your route advertisements request a cold potato policy. Your ISP won't want to waste bandwidth on their backbone. If they don't "know" that LANB is closer to their Border RouterD, they won't use their precious backbone bandwidth carrying LANB traffic closer to their Border RouterD.
You could ask your ISP to statically implement a cold potato policy, but you'd lose some of the reliability offered by BGP. If the T1 connecting Border RouterB and Border RouterD is down, it doesn't matter how much faster your ISP's T3 is that your private network T1. In this case, you would probably want the traffic for LANB delivered via Border RouterA even though you'd have to carry it across your (slower) private network.
The Multi-Exit Discriminator (or "MED") of BGP allows you to "ask" your ISP to deliver the traffic where you want it dynamically. A lower MED is preferred over a higher one. If your BGP advertisements are built from injected IGP routes, then the metrics from your IGP will carry over into BGP MEDs. Whatever networks your IGP thinks are easily reached through an entrance will be advertised with a lower BGP MED than those that're difficult to reach from that entrance. This will bias your ISP's routing decisions toward keeping the traffic on the ISP's backbone till it reaches your entrance closest to the destination network.
Consider how a large, multi-site company like GM might use MEDs when advertising their routes. See Figure 7-19. Notice that Internet connections are present at the HQ and proving grounds sites but not at the warehouse site. LANs at HQ might be advertised with a MED of 50, LANs from the proving grounds might be advertised with a MED of 200, and LANs from other sites with a MED of 100. In contrast, at the entrance at the proving grounds might advertise LANs at HQ with a med of 200, LANs from the proving grounds with a MED of 50, and LANs from other sites with a MED of 100.
Here's a tabular representation of the prose above.
This table needs to be reworked once I have Walsh's book and a better understanding of DocBook table layout options.
|for LANs at Site||MEDs from HQ||MEDs from Proving Grounds|
These advertisements would bias traffic for a site strongly toward the entrance for the site. Traffic destined for sites without direct Internet connections would be split between the entrances. Note that if either entrance failed, all traffic would revert to the remaining entrance.
Copyright © 1999-2000 by Robert A. Van Valzah