Skip to main content

10.5. Configuring a Multi-Homed Site

Consider a site A that has a business-critical relationship with another site B. To support their business needs, the two sites have contracted for service with a special high-performance ISP. This is in addition to the normal Internet connection that both sites have with different ISPs. The high-performance ISP is expensive, and the two sites wish to use it only for their business-critical traffic with each other.

Each site has two global prefixes, one from the high-performance ISP and one from their normal ISP. Site A has prefix 2001:db8:1aaa::/48 from the high-performance ISP and prefix 2001:db8:70aa::/48 from its normal ISP. Site B has prefix 2001:db8:1bbb::/48 from the high-performance ISP and prefix 2001:db8:70bb::/48 from its normal ISP. All hosts in both sites register two addresses in the DNS.

The routing within both sites directs most traffic to the egress to the normal ISP, but the routing directs traffic sent to the other site's 2001 prefix to the egress to the high-performance ISP. To prevent unintended use of their high-performance ISP connection, the two sites implement ingress filtering to discard traffic entering from the high-performance ISP that is not from the other site.

The default policy table and address selection rules produce the following behavior:

Example 1:

  • Candidate Source Addresses: 2001:db8:1aaa::a or 2001:db8:70aa::a or fe80::a
  • Destination Address List: 2001:db8:1bbb::b or 2001:db8:70bb::b
  • Result: 2001:db8:70bb::b (src 2001:db8:70aa::a) then 2001:db8:1bbb::b (src 2001:db8:1aaa::a) (longest matching prefix)

In other words, when a host in site A initiates a connection to a host in site B, the traffic does not take advantage of their connections to the high-performance ISP. This is not their desired behavior.

Example 2:

  • Candidate Source Addresses: 2001:db8:1aaa::a or 2001:db8:70aa::a or fe80::a
  • Destination Address List: 2001:db8:1ccc::c or 2001:db8:6ccc::c
  • Result: 2001:db8:1ccc::c (src 2001:db8:1aaa::a) then 2001:db8:6ccc::c (src 2001:db8:70aa::a) (longest matching prefix)

In other words, when a host in site A initiates a connection to a host in some other site C, the reverse traffic might come back through the high-performance ISP. Again, this is not their desired behavior.

This predicament demonstrates the limitations of the longest-matching-prefix heuristic in multi-homed situations.

However, the administrators of sites A and B can achieve their desired behavior via policy table configuration. For example, they can use the following policy table:

   Prefix        Precedence Label
   ::1/128               50     0
   2001:db8:1aaa::/48    43     6
   2001:db8:1bbb::/48    43     6
   ::/0                  40     1
   ::ffff:0:0/96         35     4
   2002::/16             30     2
   2001::/32              5     5
   fc00::/7               3    13
   ::/96                  1     3
   fec0::/10              1    11
   3ffe::/16              1    12

This policy table produces the following behavior:

Example 3:

  • Candidate Source Addresses: 2001:db8:1aaa::a or 2001:db8:70aa::a or fe80::a
  • Destination Address List: 2001:db8:1bbb::b or 2001:db8:70bb::b
  • New Result: 2001:db8:1bbb::b (src 2001:db8:1aaa::a) then 2001:db8:70bb::b (src 2001:db8:70aa::a) (prefer higher precedence)

In other words, when a host in site A initiates a connection to a host in site B, the traffic uses the high-performance ISP as desired.

Example 4:

  • Candidate Source Addresses: 2001:db8:1aaa::a or 2001:db8:70aa::a or fe80::a
  • Destination Address List: 2001:db8:1ccc::c or 2001:db8:6ccc::c
  • New Result: 2001:db8:6ccc::c (src 2001:db8:70aa::a) then 2001:db8:1ccc::c (src 2001:db8:70aa::a) (longest matching prefix)

In other words, when a host in site A initiates a connection to a host in some other site C, the traffic uses the normal ISP as desired.

Last updated on