[c-nsp] RIP offset lists

David Barak thegameiam at yahoo.com
Thu Jan 20 11:46:59 EST 2005


--- Joe Maimon <jmaimon at ttec.com> wrote:

> 
> 
> David Barak wrote:
> 
> >--- Joe Maimon <jmaimon at ttec.com> wrote:
> >
> ><many very good questions regarding RIP
> capabiliities
> >snipped>
> >
> >My primary question before delving into solving the
> >mysteries is this: are you running RIP between your
> >provider network and the customer network, and if
> so,
> >why?
> >  
> >
> Often. Because thats what the customer's gear
> supports and it happens to 
> be trivial to manage for those cases.
> What would you run? OSPF? Cisco proprietary EIGRP?
> BGP?

No, no, and yes.  If I'm going to run a routing
protocol with a customer, it's going to be BGP.


> 
> What routing protocols can you run on a pppoe l2tp
> VA link that can be 
> managed from AAA attrs?

This goes to the heart of the matter: why do you want
to manage your ROUTING PROTOCOL with your AAA?  That's
mixing layer-7 (AAA) with Layer 3/4 (routing).  Once
you've had the initial handshake/authentication, just
let the routing protocol do its thing.  

> 
> >Assertions:
> >If a customer is multihomed, the $40 linksys is no
> >longer the appropriate CPE device (clearly
> multihoming
> >is for resiliency, and the linksys is not exactly
> what
> >we'd call "high-availability" ;)
> >  
> >
> Yes but the customer now believes that 2 $40 linksys
> routers are 
> perfectly appropriate. After all, they can reboot
> them themselves.

They're fully appropriate for a home user, or for a
not-so-business critical need (Internet access for a
library kiosk, perhaps).  

> 
> Sure I would like to sell them the 1721 but that
> often as not does not 
> happen. If you dont want those customers and I dont
> want those 
> customers, that makes no never mind to management.
> Its always "can it 
> work? Yes? So what if its not the right way? Do it
> anyways! Its a 
> recurring revenue stream!"

Try a 8xx router (the 831 is my personal preference). 
less than 1/3 the price of a 1721.

> 
> The first question a customer asks after hearing
> what a 1721 with a 
> WIC-1E and a WIC-T1 costs (with upgrades to run new
> IOS with features 
> such as firewalling) are "can you do it cheaper with
> x or y, and if not 
> explain it in writing?"
> 

8xx comes with some limited firewall/vpn features -
certainly more than the linksys does (and the 8xx has
working SNMP, which is iffy on the linksys).

You're basically comparing apples and oranges here - I
can make a working telephone out of two cans and a
string, but I'll be darned if I'm going to support a
mission-critical or complicated application on it.

> >If a customer is singly-homed, why not statically
> >route them?  Let the routing protocol they run be
> >exclusive to their network. 
> >
> Mostly this is what we do.  Sometimes we even do
> that with two links to 
> the same router, but then again thats a cisco thing
> that makes that work.
> 
> > If they're trying to do
> >some kind of load-balancing or failover mechanism,
> get
> >them to use something other than Layer-3 resiliency
> >(perhaps layer-7 resiliency?)
> >  
> >
> Back to the $$ again. Such as a 1721/2620XM with
> 12.3(8)T or higher. 
> Maybe they could just run a script on every computer
> that pings google 
> and on failure changes their default gateway to
> their other NAT box, but 
> I sure as heck dont want to support that.

That wasn't what I meant.  An example of Layer-7
resiliency is DNS, which uses multiple servers in
order - if one is unreachable, no problem, go to the
next one.

You're mixing a variety of technologies which aren't
designed to work together, and hoping that it will
work.  Once you start going down the
lowest-common-denominator (i.e. $40 for CPE) path,
don't be surprised that features like multihoming
don't work effectively anymore.  Pushing the features
from where they belong (the customer's network) into
your network will only make scaling harder and
increase your chances of having a catastrophic
meltdown.

[As an aside, the 8xx series supports HSRP, so
resililiency is more easily obtained with them than
multiple linksys devices.]

> 
> >So, while the problems Cisco has with RIPv2 are
> >non-trivial, why are they impacting a production
> >network?
> >  
> >
> Because of the gear thats in use, mostly the
> Customers gear which has a 
> different budget approval process than mine.

If you're selling a product, just define the features
you'll offer, and offer them.  If you're selling a
managed service, why not simply say "if you want this
feature, you have to have CPE which supports X."  The
two-cans-and-a-string approach works fine for one
customer, but letting this garbage onto your network
means that you'll be stuck supporting services which
"kind of work"(tm) indefintely.  


=====
David Barak
Need Geek Rock?  Try The Franchise: 
http://www.listentothefranchise.com


		
__________________________________ 
Do you Yahoo!? 
Yahoo! Mail - Easier than ever with enhanced search. Learn more.
http://info.mail.yahoo.com/mail_250


More information about the cisco-nsp mailing list