[c-nsp] Cisco 2801 full bgp multihome

Vincent C Jones v.jones at networkingunlimited.com
Wed Jan 6 15:31:58 EST 2010 

Scott,

Careful... filtering on prefix length will block the very "local"
prefixes you are probably most interested in--the prefixes of the
upstreams' other customers who may be advertising a /24 not in that
upstream's address space. 

Vince
-- 
Vincent C. Jones
Networking Unlimited, Inc.
Phone: +1 201 568-7810
V.Jones at NetworkingUnlimited.com

On Wed, 2010-01-06 at 12:20 -0800, Scott Granados wrote:
> This is a good approach, another is to filter the length of prefixes you 
> install and set up some floating static defaults.
> 
> You could filter against a prefix list for something like
> 
> ip prefix-list not-to-specific seq 5 permit 0.0.0.0/0 le X where X depends 
> on how finely you wish to filter.  In most full feeds you'd take a /24 or 
> shorter but in your case you can't do this do to memory concerns.  You could 
> try /20 or shorter, /19 etc until you meet your memory requirements.  Simply 
> by filtering shorter than /24 you'll gain a lot of milage.  Of course your 
> ability to control outbound traffic deteriorates the more heavily you filter 
> but them's the breaks when memory is a concern.
> 
> On the inbound side with a single /24 you won't have a lot of flexability. 
> You'll hit issues for example if upstream carriers filter shorter than /24 
> and only pick up your provider's parent block.  If your upstreams have good 
> community options you can control announcments of your block a bit more. 
> For example, in the case of XO you can trigger prepends to specific major 
> peers allowing you to pad say AS 701 more heavily but leave other networks 
> untouched.  Depends on what knobs your carrier gives you to twittle. 
> There's also local pref but that's non transative.
> 
> 
> 
> ----- Original Message ----- 
> From: "Vincent C Jones" <v.jones at networkingunlimited.com>
> To: "Jason Shearer" <jshearer at amedisys.com>
> Cc: <cisco-nsp at puck.nether.net>
> Sent: Wednesday, January 06, 2010 11:57 AM
> Subject: Re: [c-nsp] Cisco 2801 full bgp multihome
> 
> 
> > One trick I've used where resources are tight is to "take" full routes,
> > but filter them so that I only accept "local" (short AS path) and a few
> > key indicator prefixes (typically out of country root DNS server
> > subnets). The indicator prefixes are used to drive a conditional default
> > route (use this ISP as default only if it appears to be well connected)
> > while the number of ASN's allowed in "local" prefixes can be adjusted to
> > control the number accepted.
> >
> > Note that this only impacts traffic going out from you. Inbound traffic
> > is a separate issue. With only a single /24, your inbound load balancing
> > options are limited. Depending on the connectivity of your upstreams and
> > who your users are talking to, you may also see lots of asymmetric
> > routing.
> >
> > Good luck and have fun!
> > -- 
> > Vincent C. Jones
> > Networking Unlimited, Inc.
> > Phone: +1 201 568-7810
> > V.Jones at NetworkingUnlimited.com
> >
> > On Wed, 2010-01-06 at 10:50 -0600, Jason Shearer wrote:
> >> Ben,
> >>
> >> Not going to be able to load balance inbound as you only have a single 
> >> /24 to advertise (this is the minimum prefix that will make it to the 
> >> NAP).  Outbound you should be good....just note that you will experience 
> >> asymmetric routing (in one out the other).
> >>
> >> I have used 28xx routers for full tables before and it will be good when 
> >> the going is good but very bad when the going gets bad.  If you are going 
> >> to use an ISR I would recommend a 3825 at a minimum (two would be 
> >> better).  Convergence will be much faster.
> >>
> >> A better alternative if you are strapped for cash may be to just accept 
> >> defaults.  Make your backup connection smaller but have it contracted to 
> >> grow or burst if you experience problems with the primary.
> >>
> >> Jason
> >>
> >> >>>Tranlation<<<
> >>
> >> No va a ser capaz de equilibrar la carga de entrada, ya que sólo tienen 
> >> un único / 24 para anunciar (este es el prefijo mínimo que hará en el 
> >> PNA). De salida debe ser bueno .... Solo ten en cuenta que la experiencia 
> >> de enrutamiento asimétrico (en uno el otro).
> >>
> >> He utilizado 28xx routers para mesas completas antes y que será bueno 
> >> cuando las cosas es bueno, pero muy mal cuando las cosas se ponen malas. 
> >> Si usted va a utilizar un ISR yo recomendaría un 3825 a un mínimo (dos 
> >> sería mejor). Convergencia será mucho más rápido.
> >>
> >> Una mejor alternativa si está atado por dinero en efectivo puede ser 
> >> simplemente aceptar valores por defecto. Hacer la conexión de copia de 
> >> seguridad más pequeña, pero que han contratado para crecer o explotar si 
> >> tiene problemas con la primaria.
> >>
> >>
> >> From: Benjamín Gálvez [mailto:bgalvez at gmail.com]
> >> Sent: Wednesday, January 06, 2010 10:35 AM
> >> To: Jason Shearer
> >> Subject: Re: [c-nsp] Cisco 2801 full bgp multihome
> >>
> >> Jason,
> >>
> >> In Spanish
> >>
> >> La idea es conectar la Empresa (Bank) a dos ISP (Service provider) vía 
> >> bgp en modo full para tener Balanceo de carga de salida y entrada.
> >> Ambos enlaces son de 10Mb. y la empresa tiene un solo prefijo /24 a 
> >> publicar y su propio ASN.
> >> La idea es lograr redundancia de salida a Internet y tambien de entrada 
> >> para acceso de clientes.
> >>
> >> La opcion "ruta default" me obliga a utilizar un enlace y el otro dejarlo 
> >> pasivo (standbye)
> >>
> >> Ambos ISP pondran router Cisco 2801  pero con 256Mb.
> >>
> >> La pregunta es ¿Me sirve el router 2801 pero con 512Mb? o necesito 
> >> cambiarlo por otro router con mejores prestaciones?
> >> Ambos ISP me hablan de un router serie  7000 como "minimo".
> >>
> >> In English
> >>
> >> Pending traslate....
> >> Sorry
> >>
> >> Benjamín
> >> 2010/1/6 Jason Shearer 
> >> <jshearer at amedisys.com<mailto:jshearer at amedisys.com>>
> >> No way Jose.  You will start fragging.  I would recommend no less than 
> >> 512 to receive full tables.
> >>
> >> Outside of memory the 2801 is not going to be a very good platform to 
> >> accept full tables on.  Any major routing updates is going to choke the 
> >> platform.  How big are the circuits you are landing from each provider?
> >>
> >> What are you trying to accomplish?  Outbound load sharing?  Inbound?  How 
> >> many /24 prefixes to you have to advertise?
> >>
> >> Jason
> >>
> >> -----Original Message-----
> >> From: 
> >> cisco-nsp-bounces at puck.nether.net<mailto:cisco-nsp-bounces at puck.nether.net> 
> >> [mailto:cisco-nsp-bounces at puck.nether.net<mailto:cisco-nsp-bounces at puck.nether.net>] 
> >> On Behalf Of Benjamín Gálvez
> >> Sent: Wednesday, January 06, 2010 10:03 AM
> >> To: cisco-nsp at puck.nether.net<mailto:cisco-nsp at puck.nether.net>
> >> Subject: [c-nsp] Cisco 2801 full bgp multihome
> >> *Hi,
> >>
> >> Can Cisco 2801 with 256MB RAM can handle full BGP table (1-2 peers,
> >> multihome) ?
> >>
> >> Best regards
> >> Benjamín
> >> *
> >> _______________________________________________
> >> cisco-nsp mailing list 
> >> cisco-nsp at puck.nether.net<mailto:cisco-nsp at puck.nether.net>
> >> https://puck.nether.net/mailman/listinfo/cisco-nsp
> >> archive at http://puck.nether.net/pipermail/cisco-nsp/
> >> *** NOTICE--The attached communication contains privileged and 
> >> confidential information. If you are not the intended recipient, DO NOT 
> >> read, copy, or disseminate this communication. Non-intended recipients 
> >> are hereby placed on notice that any unauthorized disclosure, 
> >> duplication, distribution, or taking of any action in reliance on the 
> >> contents of these materials is expressly prohibited. If you have received 
> >> this communication in error, please delete this information in its 
> >> entirety and contact the Amedisys Privacy Hotline at 1-866-518-6684. 
> >> Also, please immediately notify the sender via e-mail that you have 
> >> received this communication in error. ***
> >>
> >>
> >> ________________________________
> >> *** NOTICE--The attached communication contains privileged and 
> >> confidential information. If you are not the intended recipient, DO NOT 
> >> read, copy, or disseminate this communication. Non-intended recipients 
> >> are hereby placed on notice that any unauthorized disclosure, 
> >> duplication, distribution, or taking of any action in reliance on the 
> >> contents of these materials is expressly prohibited. If you have received 
> >> this communication in error, please delete this information in its 
> >> entirety and contact the Amedisys Privacy Hotline at 1-866-518-6684. 
> >> Also, please immediately notify the sender via e-mail that you have 
> >> received this communication in error. ***
> >> _______________________________________________
> >> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> >> https://puck.nether.net/mailman/listinfo/cisco-nsp
> >> archive at http://puck.nether.net/pipermail/cisco-nsp/
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/ 
>

More information about the cisco-nsp mailing list