[c-nsp] Cisco 2801 full bgp multihome
Vincent C Jones
v.jones at networkingunlimited.com
Wed Jan 6 15:31:58 EST 2010
Scott,
Careful... filtering on prefix length will block the very "local"
prefixes you are probably most interested in--the prefixes of the
upstreams' other customers who may be advertising a /24 not in that
upstream's address space.
Vince
--
Vincent C. Jones
Networking Unlimited, Inc.
Phone: +1 201 568-7810
V.Jones at NetworkingUnlimited.com
On Wed, 2010-01-06 at 12:20 -0800, Scott Granados wrote:
> This is a good approach, another is to filter the length of prefixes you
> install and set up some floating static defaults.
>
> You could filter against a prefix list for something like
>
> ip prefix-list not-to-specific seq 5 permit 0.0.0.0/0 le X where X depends
> on how finely you wish to filter. In most full feeds you'd take a /24 or
> shorter but in your case you can't do this do to memory concerns. You could
> try /20 or shorter, /19 etc until you meet your memory requirements. Simply
> by filtering shorter than /24 you'll gain a lot of milage. Of course your
> ability to control outbound traffic deteriorates the more heavily you filter
> but them's the breaks when memory is a concern.
>
> On the inbound side with a single /24 you won't have a lot of flexability.
> You'll hit issues for example if upstream carriers filter shorter than /24
> and only pick up your provider's parent block. If your upstreams have good
> community options you can control announcments of your block a bit more.
> For example, in the case of XO you can trigger prepends to specific major
> peers allowing you to pad say AS 701 more heavily but leave other networks
> untouched. Depends on what knobs your carrier gives you to twittle.
> There's also local pref but that's non transative.
>
>
>
> ----- Original Message -----
> From: "Vincent C Jones" <v.jones at networkingunlimited.com>
> To: "Jason Shearer" <jshearer at amedisys.com>
> Cc: <cisco-nsp at puck.nether.net>
> Sent: Wednesday, January 06, 2010 11:57 AM
> Subject: Re: [c-nsp] Cisco 2801 full bgp multihome
>
>
> > One trick I've used where resources are tight is to "take" full routes,
> > but filter them so that I only accept "local" (short AS path) and a few
> > key indicator prefixes (typically out of country root DNS server
> > subnets). The indicator prefixes are used to drive a conditional default
> > route (use this ISP as default only if it appears to be well connected)
> > while the number of ASN's allowed in "local" prefixes can be adjusted to
> > control the number accepted.
> >
> > Note that this only impacts traffic going out from you. Inbound traffic
> > is a separate issue. With only a single /24, your inbound load balancing
> > options are limited. Depending on the connectivity of your upstreams and
> > who your users are talking to, you may also see lots of asymmetric
> > routing.
> >
> > Good luck and have fun!
> > --
> > Vincent C. Jones
> > Networking Unlimited, Inc.
> > Phone: +1 201 568-7810
> > V.Jones at NetworkingUnlimited.com
> >
> > On Wed, 2010-01-06 at 10:50 -0600, Jason Shearer wrote:
> >> Ben,
> >>
> >> Not going to be able to load balance inbound as you only have a single
> >> /24 to advertise (this is the minimum prefix that will make it to the
> >> NAP). Outbound you should be good....just note that you will experience
> >> asymmetric routing (in one out the other).
> >>
> >> I have used 28xx routers for full tables before and it will be good when
> >> the going is good but very bad when the going gets bad. If you are going
> >> to use an ISR I would recommend a 3825 at a minimum (two would be
> >> better). Convergence will be much faster.
> >>
> >> A better alternative if you are strapped for cash may be to just accept
> >> defaults. Make your backup connection smaller but have it contracted to
> >> grow or burst if you experience problems with the primary.
> >>
> >> Jason
> >>
> >> >>>Tranlation<<<
> >>
> >> No va a ser capaz de equilibrar la carga de entrada, ya que sólo tienen
> >> un único / 24 para anunciar (este es el prefijo mínimo que hará en el
> >> PNA). De salida debe ser bueno .... Solo ten en cuenta que la experiencia
> >> de enrutamiento asimétrico (en uno el otro).
> >>
> >> He utilizado 28xx routers para mesas completas antes y que será bueno
> >> cuando las cosas es bueno, pero muy mal cuando las cosas se ponen malas.
> >> Si usted va a utilizar un ISR yo recomendaría un 3825 a un mínimo (dos
> >> sería mejor). Convergencia será mucho más rápido.
> >>
> >> Una mejor alternativa si está atado por dinero en efectivo puede ser
> >> simplemente aceptar valores por defecto. Hacer la conexión de copia de
> >> seguridad más pequeña, pero que han contratado para crecer o explotar si
> >> tiene problemas con la primaria.
> >>
> >>
> >> From: Benjamín Gálvez [mailto:bgalvez at gmail.com]
> >> Sent: Wednesday, January 06, 2010 10:35 AM
> >> To: Jason Shearer
> >> Subject: Re: [c-nsp] Cisco 2801 full bgp multihome
> >>
> >> Jason,
> >>
> >> In Spanish
> >>
> >> La idea es conectar la Empresa (Bank) a dos ISP (Service provider) vía
> >> bgp en modo full para tener Balanceo de carga de salida y entrada.
> >> Ambos enlaces son de 10Mb. y la empresa tiene un solo prefijo /24 a
> >> publicar y su propio ASN.
> >> La idea es lograr redundancia de salida a Internet y tambien de entrada
> >> para acceso de clientes.
> >>
> >> La opcion "ruta default" me obliga a utilizar un enlace y el otro dejarlo
> >> pasivo (standbye)
> >>
> >> Ambos ISP pondran router Cisco 2801 pero con 256Mb.
> >>
> >> La pregunta es ¿Me sirve el router 2801 pero con 512Mb? o necesito
> >> cambiarlo por otro router con mejores prestaciones?
> >> Ambos ISP me hablan de un router serie 7000 como "minimo".
> >>
> >> In English
> >>
> >> Pending traslate....
> >> Sorry
> >>
> >> Benjamín
> >> 2010/1/6 Jason Shearer
> >> <jshearer at amedisys.com<mailto:jshearer at amedisys.com>>
> >> No way Jose. You will start fragging. I would recommend no less than
> >> 512 to receive full tables.
> >>
> >> Outside of memory the 2801 is not going to be a very good platform to
> >> accept full tables on. Any major routing updates is going to choke the
> >> platform. How big are the circuits you are landing from each provider?
> >>
> >> What are you trying to accomplish? Outbound load sharing? Inbound? How
> >> many /24 prefixes to you have to advertise?
> >>
> >> Jason
> >>
> >> -----Original Message-----
> >> From:
> >> cisco-nsp-bounces at puck.nether.net<mailto:cisco-nsp-bounces at puck.nether.net>
> >> [mailto:cisco-nsp-bounces at puck.nether.net<mailto:cisco-nsp-bounces at puck.nether.net>]
> >> On Behalf Of Benjamín Gálvez
> >> Sent: Wednesday, January 06, 2010 10:03 AM
> >> To: cisco-nsp at puck.nether.net<mailto:cisco-nsp at puck.nether.net>
> >> Subject: [c-nsp] Cisco 2801 full bgp multihome
> >> *Hi,
> >>
> >> Can Cisco 2801 with 256MB RAM can handle full BGP table (1-2 peers,
> >> multihome) ?
> >>
> >> Best regards
> >> Benjamín
> >> *
> >> _______________________________________________
> >> cisco-nsp mailing list
> >> cisco-nsp at puck.nether.net<mailto:cisco-nsp at puck.nether.net>
> >> https://puck.nether.net/mailman/listinfo/cisco-nsp
> >> archive at http://puck.nether.net/pipermail/cisco-nsp/
> >> *** NOTICE--The attached communication contains privileged and
> >> confidential information. If you are not the intended recipient, DO NOT
> >> read, copy, or disseminate this communication. Non-intended recipients
> >> are hereby placed on notice that any unauthorized disclosure,
> >> duplication, distribution, or taking of any action in reliance on the
> >> contents of these materials is expressly prohibited. If you have received
> >> this communication in error, please delete this information in its
> >> entirety and contact the Amedisys Privacy Hotline at 1-866-518-6684.
> >> Also, please immediately notify the sender via e-mail that you have
> >> received this communication in error. ***
> >>
> >>
> >> ________________________________
> >> *** NOTICE--The attached communication contains privileged and
> >> confidential information. If you are not the intended recipient, DO NOT
> >> read, copy, or disseminate this communication. Non-intended recipients
> >> are hereby placed on notice that any unauthorized disclosure,
> >> duplication, distribution, or taking of any action in reliance on the
> >> contents of these materials is expressly prohibited. If you have received
> >> this communication in error, please delete this information in its
> >> entirety and contact the Amedisys Privacy Hotline at 1-866-518-6684.
> >> Also, please immediately notify the sender via e-mail that you have
> >> received this communication in error. ***
> >> _______________________________________________
> >> cisco-nsp mailing list cisco-nsp at puck.nether.net
> >> https://puck.nether.net/mailman/listinfo/cisco-nsp
> >> archive at http://puck.nether.net/pipermail/cisco-nsp/
> > _______________________________________________
> > cisco-nsp mailing list cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list