Connect to ISP via HSRP?

NetworkGroover · February 25, 2016, 04:09:09 PM

Is this a regular thing? I usually see folks, and recommended designs using, BGP between themselves and their ISP, but someone I'm working with is basically being provided two access ports and the ISP is running HSRP. Would it be better to get them on BGP?

Here's my lack of operational experience, biting me in the arse....

EDIT - It's a highly active/passive environment... pretty much no multipathing.

Otanx · February 25, 2016, 04:14:59 PM

I remember it being an option when we went to a new facility, but I don't know how common it is.

-Otanx

dlots · February 25, 2016, 04:18:08 PM

IMO there isn't really anything wrong with it, BGP would basically just be providing them with a default address anyway unless they have a monster router to get a full routing table.

Personally I would do BGP if it were me.

routerdork · February 25, 2016, 04:38:49 PM

I've not seen HSRP used with an ISP. I've seen customers use it. My preference would be BGP even if I am just receiving a default. I've not seen any issues with HSRP though so can't say it's a bad idea.

NetworkGroover · February 25, 2016, 05:54:12 PM

Yeah that's how I kinda feel about it too..... I think while it's an active/passive environment and still being built out (HCI deployment), I'll do failover testing with them and see if I can't find a reason(s) to not do it.. otherwise... what the hell... /shrug

Though... it may be better to switch to BGP now rather than later....

NetworkGroover · February 25, 2016, 10:05:01 PM

If they only have one path out.. is there really a need to add this complication (BGP) even if we're only taking a default route? Seems unnecessary... meh I'm torn.

routerdork · February 25, 2016, 10:46:05 PM

Definitely can do without BGP. The place I'm at now is using all static routes off the edge devices and static routes to the edge from a core switch stack. Pretty standard.

One thing I did just think about though. This wasn't for Internet, it was for attachment into the MPLS of the company that bought us. But they did HSRP. Reason was that one router was connected directly into the MPLS backbone and the second router was setup as a VPN failover the MPLS backbone across another carrier. Not something you normally see on an Internet circuit but hey you never know.

icecream-guy · February 26, 2016, 08:09:47 AM

only reason for BGP is if you are multihoming (ASN) with two different ISP's, otherwise, save the CPU and do a static default route to the single ISP.

NetworkGroover · February 26, 2016, 09:06:09 AM

Quote from: ristau5741 on February 26, 2016, 08:09:47 AM
only reason for BGP is if you are multihoming (ASN) with two different ISP's, otherwise, save the CPU and do a static default route to the single ISP.

Yeah... thanks. I think that's the nudge I needed. I don't see a point to the complexity (albiet small) or extra processing needed when they only have a single path out.

Dieselboy · February 28, 2016, 08:40:00 AM

We done this with our ISP when we first started building up our hosted DCs. We had one customer but not initially. So we bought some rack space from a company within a couple of DCs and to get our internet block we connected from the two, stacked 3750's which was the "DMZ" switches, with LACP and VRRP. The purpose of this was to give us 200mb or 2gig connectivity from each DC (can't remember the speed as we were charged on usage). The VRRP went to the upstream resilient core from the ISP. Without VRRP there was additional risk at the ISP.
I'd say see what you're actually gaining from the HSRP, if it mitigates additional risk then I would be for it for some CPU cycles.