[c-nsp] L3VPN VPNv4 NLRI - Route Reflector Scaling
Mark Tinka
mtinka at globaltransit.net
Sun Mar 23 21:48:21 EDT 2008
Hello all.
(posted to NANOG too; please excuse the length of the
message)
Considering the scaling techniques currently available for
VPNv4/L3VPN deployments as regards MP-BGP route reflectors,
what do folk think is currently the most elegant way to
deploy this that provides an even compromise on
manageability, cost and scale (see RFC 1925, section 2,
part 7, :-))?
While ORF and BGP RR groups are a logical way to go, they
require significant maintenance and might introduce scaling
issues as regards management on PE routers.
To mitigate this, however, outbound filters on the route
reflectors, to each PE router, may be used to propagate
VPNv4 NLRI to the PE routers that actually need them, but
introduces problems if this information has to traverse
regional or international PoP's where route reflectors talk
to other route reflectors (numerous RR clusters, perhaps)
before the end-PE router is reached. If filtering outbound
on the route reflectors were the network-wide policy,
having to co-ordinate filters on 10's of route reflectors
would be an administrative issue.
One other option we theorize would be to have dedicated
VPNv4 route reflectors (route reflectors that do not
reflect other address families, e.g., IPv4, IPv6, e.t.c.).
However, if PE routers are also used as general edge
routers (in the global routing table), the amount of
peering could become significant depending on the scale of
the network, and trying to co-ordinate the numerous route
reflectors serving the various address families could
become an issue when considered from a multi-PoP point of
view. Needless to say, adding route reflectors dedicated to
VPNv4 (or a single address family, for that matter) would
increase one's cost some.
On the otherhand, PE-to-PE MP-iBGP peering means outbound
filtering can easily be done toward a particular end-PE,
but the scaling issues of a full-mesh iBGP solution come
into play. We currently do not see a feasible way to
selectively filter outbound VPNv4 NLRI from the ingress PE
routers without causing reachability issues unless the
end-PE router is also the route reflector. This means route
reflectors would still have to carry network-wide VPNv4
NLRI, and would need to be the network elements that have
to figure out to which PE routers what VPNv4 NLRI should be
announced.
Using partitioned RR's is also a consideration; but the
administrative burden of co-ordinating which L3VPN has
their VPNv4 NLRI on which route reflector in what part of
the network could get problematic as more customers are
signed on.
One may also reduce the number of route reflectors to solve
this problem, but the risk of more remote PoP's depending
on centralized, far far away route reflectors is too
great - and then there's the CPU/memory resource thing...
My ideal scenario would be to somehow, scalably have the
ingress PE router inform the route reflector on which
end-PE routers actually need to receive the VPNv4 NLRI so
that the decision of the route reflector to do this is
somehow influenced by the ingress PE router, through some
kind of capability. ORF achieves this to some extent, but
requires the egress PE routers (and/or route reflectors) be
configured with the appropriate filters. Obviously, this is
probably not a thoroughly well-thought out
implementation :-).
How are folk handling these issues today?
Cheers,
Mark.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 832 bytes
Desc: This is a digitally signed message part.
Url : https://puck.nether.net/pipermail/cisco-nsp/attachments/20080324/5b7f49cc/attachment.bin
More information about the cisco-nsp
mailing list