[c-nsp] Cisco 2801 full bgp multihome

Scott Granados gsgranados at comcast.net
Wed Jan 6 15:20:47 EST 2010


This is a good approach, another is to filter the length of prefixes you 
install and set up some floating static defaults.

You could filter against a prefix list for something like

ip prefix-list not-to-specific seq 5 permit 0.0.0.0/0 le X where X depends 
on how finely you wish to filter.  In most full feeds you'd take a /24 or 
shorter but in your case you can't do this do to memory concerns.  You could 
try /20 or shorter, /19 etc until you meet your memory requirements.  Simply 
by filtering shorter than /24 you'll gain a lot of milage.  Of course your 
ability to control outbound traffic deteriorates the more heavily you filter 
but them's the breaks when memory is a concern.

On the inbound side with a single /24 you won't have a lot of flexability. 
You'll hit issues for example if upstream carriers filter shorter than /24 
and only pick up your provider's parent block.  If your upstreams have good 
community options you can control announcments of your block a bit more. 
For example, in the case of XO you can trigger prepends to specific major 
peers allowing you to pad say AS 701 more heavily but leave other networks 
untouched.  Depends on what knobs your carrier gives you to twittle. 
There's also local pref but that's non transative.



----- Original Message ----- 
From: "Vincent C Jones" <v.jones at networkingunlimited.com>
To: "Jason Shearer" <jshearer at amedisys.com>
Cc: <cisco-nsp at puck.nether.net>
Sent: Wednesday, January 06, 2010 11:57 AM
Subject: Re: [c-nsp] Cisco 2801 full bgp multihome


> One trick I've used where resources are tight is to "take" full routes,
> but filter them so that I only accept "local" (short AS path) and a few
> key indicator prefixes (typically out of country root DNS server
> subnets). The indicator prefixes are used to drive a conditional default
> route (use this ISP as default only if it appears to be well connected)
> while the number of ASN's allowed in "local" prefixes can be adjusted to
> control the number accepted.
>
> Note that this only impacts traffic going out from you. Inbound traffic
> is a separate issue. With only a single /24, your inbound load balancing
> options are limited. Depending on the connectivity of your upstreams and
> who your users are talking to, you may also see lots of asymmetric
> routing.
>
> Good luck and have fun!
> -- 
> Vincent C. Jones
> Networking Unlimited, Inc.
> Phone: +1 201 568-7810
> V.Jones at NetworkingUnlimited.com
>
> On Wed, 2010-01-06 at 10:50 -0600, Jason Shearer wrote:
>> Ben,
>>
>> Not going to be able to load balance inbound as you only have a single 
>> /24 to advertise (this is the minimum prefix that will make it to the 
>> NAP).  Outbound you should be good....just note that you will experience 
>> asymmetric routing (in one out the other).
>>
>> I have used 28xx routers for full tables before and it will be good when 
>> the going is good but very bad when the going gets bad.  If you are going 
>> to use an ISR I would recommend a 3825 at a minimum (two would be 
>> better).  Convergence will be much faster.
>>
>> A better alternative if you are strapped for cash may be to just accept 
>> defaults.  Make your backup connection smaller but have it contracted to 
>> grow or burst if you experience problems with the primary.
>>
>> Jason
>>
>> >>>Tranlation<<<
>>
>> No va a ser capaz de equilibrar la carga de entrada, ya que sólo tienen 
>> un único / 24 para anunciar (este es el prefijo mínimo que hará en el 
>> PNA). De salida debe ser bueno .... Solo ten en cuenta que la experiencia 
>> de enrutamiento asimétrico (en uno el otro).
>>
>> He utilizado 28xx routers para mesas completas antes y que será bueno 
>> cuando las cosas es bueno, pero muy mal cuando las cosas se ponen malas. 
>> Si usted va a utilizar un ISR yo recomendaría un 3825 a un mínimo (dos 
>> sería mejor). Convergencia será mucho más rápido.
>>
>> Una mejor alternativa si está atado por dinero en efectivo puede ser 
>> simplemente aceptar valores por defecto. Hacer la conexión de copia de 
>> seguridad más pequeña, pero que han contratado para crecer o explotar si 
>> tiene problemas con la primaria.
>>
>>
>> From: Benjamín Gálvez [mailto:bgalvez at gmail.com]
>> Sent: Wednesday, January 06, 2010 10:35 AM
>> To: Jason Shearer
>> Subject: Re: [c-nsp] Cisco 2801 full bgp multihome
>>
>> Jason,
>>
>> In Spanish
>>
>> La idea es conectar la Empresa (Bank) a dos ISP (Service provider) vía 
>> bgp en modo full para tener Balanceo de carga de salida y entrada.
>> Ambos enlaces son de 10Mb. y la empresa tiene un solo prefijo /24 a 
>> publicar y su propio ASN.
>> La idea es lograr redundancia de salida a Internet y tambien de entrada 
>> para acceso de clientes.
>>
>> La opcion "ruta default" me obliga a utilizar un enlace y el otro dejarlo 
>> pasivo (standbye)
>>
>> Ambos ISP pondran router Cisco 2801  pero con 256Mb.
>>
>> La pregunta es ¿Me sirve el router 2801 pero con 512Mb? o necesito 
>> cambiarlo por otro router con mejores prestaciones?
>> Ambos ISP me hablan de un router serie  7000 como "minimo".
>>
>> In English
>>
>> Pending traslate....
>> Sorry
>>
>> Benjamín
>> 2010/1/6 Jason Shearer 
>> <jshearer at amedisys.com<mailto:jshearer at amedisys.com>>
>> No way Jose.  You will start fragging.  I would recommend no less than 
>> 512 to receive full tables.
>>
>> Outside of memory the 2801 is not going to be a very good platform to 
>> accept full tables on.  Any major routing updates is going to choke the 
>> platform.  How big are the circuits you are landing from each provider?
>>
>> What are you trying to accomplish?  Outbound load sharing?  Inbound?  How 
>> many /24 prefixes to you have to advertise?
>>
>> Jason
>>
>> -----Original Message-----
>> From: 
>> cisco-nsp-bounces at puck.nether.net<mailto:cisco-nsp-bounces at puck.nether.net> 
>> [mailto:cisco-nsp-bounces at puck.nether.net<mailto:cisco-nsp-bounces at puck.nether.net>] 
>> On Behalf Of Benjamín Gálvez
>> Sent: Wednesday, January 06, 2010 10:03 AM
>> To: cisco-nsp at puck.nether.net<mailto:cisco-nsp at puck.nether.net>
>> Subject: [c-nsp] Cisco 2801 full bgp multihome
>> *Hi,
>>
>> Can Cisco 2801 with 256MB RAM can handle full BGP table (1-2 peers,
>> multihome) ?
>>
>> Best regards
>> Benjamín
>> *
>> _______________________________________________
>> cisco-nsp mailing list 
>> cisco-nsp at puck.nether.net<mailto:cisco-nsp at puck.nether.net>
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>> *** NOTICE--The attached communication contains privileged and 
>> confidential information. If you are not the intended recipient, DO NOT 
>> read, copy, or disseminate this communication. Non-intended recipients 
>> are hereby placed on notice that any unauthorized disclosure, 
>> duplication, distribution, or taking of any action in reliance on the 
>> contents of these materials is expressly prohibited. If you have received 
>> this communication in error, please delete this information in its 
>> entirety and contact the Amedisys Privacy Hotline at 1-866-518-6684. 
>> Also, please immediately notify the sender via e-mail that you have 
>> received this communication in error. ***
>>
>>
>> ________________________________
>> *** NOTICE--The attached communication contains privileged and 
>> confidential information. If you are not the intended recipient, DO NOT 
>> read, copy, or disseminate this communication. Non-intended recipients 
>> are hereby placed on notice that any unauthorized disclosure, 
>> duplication, distribution, or taking of any action in reliance on the 
>> contents of these materials is expressly prohibited. If you have received 
>> this communication in error, please delete this information in its 
>> entirety and contact the Amedisys Privacy Hotline at 1-866-518-6684. 
>> Also, please immediately notify the sender via e-mail that you have 
>> received this communication in error. ***
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/ 



More information about the cisco-nsp mailing list