• October 24, 2020, 09:54:52 PM
Welcome, Guest. Please login or register. Registration is free.
Did you miss your activation email?

Author Topic: Routing dilemma  (Read 2105 times)

0 Members and 1 Guest are viewing this topic.

Offline ming_z

  • Rookie
  • **
  • Posts: 5
Routing dilemma
« on: September 30, 2015, 11:29:23 AM »
We have the opportunity to connect to ORION network (an education and research network in Ontario Canada). They provide about 91k BGP routes. Basically for roughly 1/6 of the Internet we will go through Orion, and for the rest we still go through our current ISP. We donít own public IP and public AS. Routing is static everywhere. Orion will assign a /30 IP and weíre going to use private AS to peer with them. My internal network has to hide behind this IP (NAT) as well. The challenge is where to run BGP. It could be our Avaya core switches (8600/8800), the existing firewall, a new firewall or a new router somewhere.

My network looks like this currently:
internal network -----------> 8600/8800 ------------> Firewall  --------------> ISP
                                                        (default)                 (default)               

If possible I hope I can do this:
internal network -----------> 8600/8800 ------------> Firewall  --------------> ISP
                                                 |      (default)                (default)               
                                                 |
                                                 | (OSPF)
                                                 |
                                         New firewall ----------> Orion
                                                            (BGP)

The reason I want to add a new firewall: 1. it does NAT; 2. Security protection; 3. donít want to mess up the existing firewall.
The reason I cannot use 8600/8800: 1. Not capable of NAT; 2. Avaya doesnít recommend running BGP.
Any ideas will be much appreciated.


Offline Telair

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 965
Re: Routing dilemma
« Reply #1 on: September 30, 2015, 04:28:39 PM »
If your existing firewall can handle it, that's where I would look at plugging in to the ORION network.  That way your internal routing stays the same.  All traffic following the default route goes to your firewall which then decides if the traffic should go out to the Internet or to the ORION network.  The firewall would have a route table that says 0.0.0.0/0 route goes to the public Internet and this block(s) of IP's have a route out to Orion which it learns from BGP.  No internal routing changes required.

internal network -----------> 8600/8800 ------------> Firewall  --------------> ISP
                                                        (default)       |          (default)               
                                                                           |
                                                                           V
                                                                          Orion (BGP)

Offline ming_z

  • Rookie
  • **
  • Posts: 5
Re: Routing dilemma
« Reply #2 on: September 30, 2015, 04:41:43 PM »
Thanks Telair. I first thought about that. The existing firewall is quite complex with two outside interfaces already. Adding BGP to it makes it more complex. But I'll definitely take a second look. Have to make sure CPU/memory/routing table size are all OK. Thanks again.