[c-nsp] two ISPs, two routers, one firewall - bgp question

Rossella Mariotti-Jones rossella at chemeketa.edu
Mon Apr 6 12:22:08 EDT 2009 

Hello all, I have a question regarding this scenario:
http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example
09186a00800945bf.shtml#conf5

My R2 link to ISP is 100M
R1 link to ISP is a DS3

If my firewall has a default route of 192.168.21.2 and  I have a 10M
download going with AS300, my firewall is going to send out my traffic
through its default gateway which is 192.168.21.2, R2 knows through iBGP
that R1 is the best path to AS300, so it sends the traffic to R1,
traffic coming back goes through R1, R2, firewall to get to the client,
so basically in this case the link between my firewall and R2 is taken
up twice. Am I understanding this correctly? Thanks everyone in advance.

rossella

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Jon Lewis
Sent: Monday, April 06, 2009 8:12 AM
To: Rick Ernst
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Getting ready to pull the trigger: RSP720/SUP720

On Mon, 6 Apr 2009, Rick Ernst wrote:

> I'm planning on collapsing the border/core into a pair of
> 7600/Sup720-3BXLs, and it looks like they will be almost idle with
this
> amount of load.

That really depends on the features you enable.  Try doing full netflow
on 
a sup720 doing a few hundred mbit's of traffic, and they're suddenly not

so mighty.

> The problem I am running into is spec'ing the aggregation layer.
Almost
> all of our traffic is ethernet now, and all the interfaces need
> bi-drectional rate-limiting/traffic-shaping/policing.  We have a
variable
> bandwidth model and need to cap traffic at 1Mbs granularity. 1,5, and
> 10Mbs connections are common, and 20,50,100Mbs connections exist with
a
> 200Mbs pipe in process.

We've been using 3550's for years for this, as they have the ability to 
police in both directions, per port, at whatever granularity you like. 
The 3560, which was supposed to be an improvement/replacement for the
3550 
lost this ability, which really shocked me when I configured my first
one.
It can do per-port output shaping, but the granularity kind of blows. 
You're limited to 1/N * port rate, where N is an integer from 0 to
65535. 
This gives plenty (actually a huge waste of range) of granularity at the

low end of bandwidth, but at the high end, you're limited to full rate, 
50%, 33%, 25%, 20%, etc.  If I'm wrong here, I'd love to hear it and be 
told how to limit a 100mbit port to say 40mbit/s.

----------------------------------------------------------------------
  Jon Lewis                   |  I route
  Senior Network Engineer     |  therefore you are
  Atlantic Net                |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list