Get Clarity Out of Complexity SM
Recent News
15 January 2012

Internet Redundancy Using Cisco HSRP and BGP for Lightpath

A fixed-income and financial advisory investment firm needed to implement a fully redundant Internet solution. The company has direct VPN connections to their trading system networks for Bloomberg and Fedessa that could not go offline. They had one fiber connection to the Internet using LightPath Metro Ethernet.

Flexible assisted their IT department with analyzing various types of solutions. They needed to add a second Internet line that automatically failed over both their ingress and egress Internet traffic. We determined that a Link Balancer appliance would not suffice because they needed failover on the public IP level. Therefore we decided that Border Gateway Protocol (BGP) was the appropriate Internet redundancy solution. LightPath offered a solution called iBGP (Internal BGP) that used two LightPath Metro Ethernet circuits using different paths to their network.

To accomplish full Internet redundancy, the company needed network redundancy in addition to BGP. We implemented a redundant Cisco ASA 5510 configuration that provided Active/Standby failover at the company’s firewall. In the event of a firewall outage, Internet traffic would route over the standby Cisco ASA 5510.

Each fiber connection to the Internet was connected to the network through a Cisco router. We configured HSRP (Hot Standby Routing Protocol) between the inside ports of these two routers. With HSRP, we configured the primary and secondary routers to share a virtual IP and monitor each other’s status with a heartbeat connection. The firewall routes all outbound traffic to that virtual IP. If the primary router stops responding to the heartbeat, the secondary router takes over responding to the virtual IP. HSRP provides failover at the router level.

The last component was to configure BGP on the outside ports of the company’s routers to exchange dynamic routing information with LightPath’s gateway routers. Since we were using LightPath as a single ISP for redundant Internet paths, we configured the routers with LightPath’s internal ASN (autonomous system number) for BGP to exchange routing information with LightPath’s gateway routers as BGP peers. In the event of an Internet outage with one of the LightPath fiber circuits, the secondary fiber circuit would dynamically rebuild its routing table with the internal router and resume all Internet connections. These Internet connections include web browsing, email, and VPN connections to Bloomberg and Fedessa.

Flexible successfully implemented and tested all phases of this Internet redundancy project for this investment firm. The firm is now able to stay up and running during an Internet outage or networking device failure.