What do I need for a redundant route?

  • Hi all,

    I’m pretty new to the whole networking scene, I’m a programmer usually but I’m working on setting up a new environment for our software stack.

    our ISP (Verizon) have just given us a /26.  My worry is that if this link goes out then we’re offline to the world.

    My understanding is that if we wanted to go to a different ISP for complete redundancy, I’d need to have at least a /24 to advertise on BGP that I’d need to get from APNIC (being in Australia), and as we’re pretty small we won’t have much chance of getting a /24 these days.

    What’s generally the best way to set up a redundant link?  I’ve got two ScreenOS SSG5’s in our rack that I’d use NSRP such that if one of the routers die, or one of the links to our upstream providers die, the other router should take over.  The question is, what do I ask for?  I believe Verizon offer something called a Shadow link, but am not really versed with what it actually is.  Could I just ask for a 2nd link with a route to our subnet to be added on a different router from Verizon’s end?  What’s generally the best thing to do here?

    Scotty O

  • Thanks guys 🙂  Ended up going with a shadow link with our provider connected to a different switch upstream.  Use BGP MED to advertise inbound routes on our router 🙂

  • you need basically 2 isps…

    if you need active / standby routes, you default routes should look like these; pref 20  – active isp pref 30  – secondary isp

    if pref 20 is disconnected, traffic will go through pref 30…


  • Usually if get redundant links from one provider.
    a) we take two /30 subnets for p2p bgp peering with ISP
    b) use /26 via proxy arp/vip/mip or configure it towards LAN side interface.
    c) use private AS for peering with ISP
    d) negotiate with isp on method how the primary/backup link will be choosed (LP,ASprepend etc)

  • Global Moderator

    If you want to go to another ISP for complete redundancy, you DO need your own IP address space from APNIC.

    Otherwise you could have two different /26’s from two different ISPs and use NAT.  If one link goes down, you cut over to the other link.  You’d have to keep the TTL’s on your web servers, email servers etc very low though, because you’d need to update DNS too on failover.