[c-nsp] Filtering /24s

Thu Mar 16 01:48:21 EST 2006

The ISP that is noted in Europe for filtering is swisscom (sometimes called "IP-Plus").   In any case their filtering policy is at http://www.ip-plus.net/technical/route_filtering_policy.en.html and it has worked well for a couple of my customer in exactly the same position (one even with the exact hardware you describe).

Just make sure you keep a default and update the list now and then and it will work great.

John :)

 --------------------------------------------
John van Oppen
PocketiNet Communications
Technical Operations
"Guter Rat ist teuer."  --Unbekannt
Main: + 1 (509) 526 - 5026 
Direct: +1 (509) 593 - 4707 
--------------------------------------------

-----Ursprüngliche Nachricht-----
Von: Hakan Lindholm [mailto:hakan at staff.spray.se] 
Gesendet: Wednesday, March 15, 2006 5:24 PM
An: cisco-nsp at puck.nether.net
Betreff: Re: [c-nsp] Filtering /24s

On Thu, 16 Mar 2006, Scott Granados wrote:

> As long as you have default routes it should work.
>
> You'll not have as fine grain of control as well but for that type of
> config it shouldn't make a big difference.

For a leaf ASN, you only need some routes from each upstream, and you 
probably care more about local/regional prefixes than global ones (no 
pun intended).

But I wouldn't dare dropping all /24 just by looking at their size.  As 
240k or 256k FIB limitations are common and the global BGP table will be 
there in a few years (no need for further discussions on that topic here), 
I've also been looking into that topic.

Some west central (maybe Austria or Switzerland) european ISP made a 
presentation somewhere, IIRC, about their method.  Off the top of my head, 
I remember only a few details like:

* Keep all prefixes received from national peering.
* Keep most european prefixes.
* Point non-regional /8 agg's at your upstream(s).

For the /8 stuff, there might be several ways to do it. /8's, or maybe
longer, just not /24's, will be a lot better than default route(s) when
you get traffic to/from unallocated space. For Europe, non-regional 
would be APNIC, AfrNIC, ARIN, LACNIC (etc?). Special attention for ERX 
prefixes..

They ended up at 40k to 70k prefixes. Far better than the full table of 
100k to 150k, at that time.

If someone remebers some URL for this pres., please submit to the list.
The original presentation is far better than my memory.

Another popular approach is to have your upstream send only their customer 
prefixes, and use one of them as "default-network".  Or filter by 
community. But I just don't like the 0/0 default.

Further comments below.

> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Greg Boehnlein
> Sent: Wednesday, March 15, 2006 4:30 PM
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] Filtering /24s
>
> Hello,
> 	We are looking at some strategies to reduce the load on our
> core routers by filtering all routes that are /24 or smaller. The
> number of /24 routes that have propogated in the recent couple of
> years seems enormous to me, and we are starting to hit the limits
> of the RSP-2 cards in our 7500s. Short of chucking the Cisco gear
> and replacing w/ something that can handle a larger table, it
> seems reasonable to me that we could probably reduce the total
> number of routes significantly if we just dropped all the /24s
> on the floor and let our upstreams handle the routing for us.
>
> Am I nuts?

The nuts in here are the RSP-2's. Are they like 10 years old or something? 
How much memory do you got there?  And even with dCEF, in a RSP-2 based 
router, you probably don't have a lot of CPU on the VIP's.  But maybe you 
have low bandwidth and no DoS attacks.

best regards,
/H - all 7500's decommissioned
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/