[c-nsp] Cisco 2801 full bgp multihome
Scott Granados
gsgranados at comcast.net
Wed Jan 6 15:36:26 EST 2010
Right, which is why you'd need your floating default statics and why you
should tag internal prefixes differently. Tagging customer routes with one
community say and your learned transit routes as another is a good idea.
Your internal more specifics could be tagged and marked no-export so you're
able to engineer as needed inside your network.
----- Original Message -----
From: "Vincent C Jones" <v.jones at networkingunlimited.com>
To: "Scott Granados" <gsgranados at comcast.net>
Cc: "Jason Shearer" <jshearer at amedisys.com>; <cisco-nsp at puck.nether.net>
Sent: Wednesday, January 06, 2010 12:31 PM
Subject: Re: [c-nsp] Cisco 2801 full bgp multihome
Scott,
Careful... filtering on prefix length will block the very "local"
prefixes you are probably most interested in--the prefixes of the
upstreams' other customers who may be advertising a /24 not in that
upstream's address space.
Vince
--
Vincent C. Jones
Networking Unlimited, Inc.
Phone: +1 201 568-7810
V.Jones at NetworkingUnlimited.com
On Wed, 2010-01-06 at 12:20 -0800, Scott Granados wrote:
> This is a good approach, another is to filter the length of prefixes you
> install and set up some floating static defaults.
>
> You could filter against a prefix list for something like
>
> ip prefix-list not-to-specific seq 5 permit 0.0.0.0/0 le X where X depends
> on how finely you wish to filter. In most full feeds you'd take a /24 or
> shorter but in your case you can't do this do to memory concerns. You
> could
> try /20 or shorter, /19 etc until you meet your memory requirements.
> Simply
> by filtering shorter than /24 you'll gain a lot of milage. Of course your
> ability to control outbound traffic deteriorates the more heavily you
> filter
> but them's the breaks when memory is a concern.
>
> On the inbound side with a single /24 you won't have a lot of flexability.
> You'll hit issues for example if upstream carriers filter shorter than /24
> and only pick up your provider's parent block. If your upstreams have
> good
> community options you can control announcments of your block a bit more.
> For example, in the case of XO you can trigger prepends to specific major
> peers allowing you to pad say AS 701 more heavily but leave other networks
> untouched. Depends on what knobs your carrier gives you to twittle.
> There's also local pref but that's non transative.
>
>
>
> ----- Original Message -----
> From: "Vincent C Jones" <v.jones at networkingunlimited.com>
> To: "Jason Shearer" <jshearer at amedisys.com>
> Cc: <cisco-nsp at puck.nether.net>
> Sent: Wednesday, January 06, 2010 11:57 AM
> Subject: Re: [c-nsp] Cisco 2801 full bgp multihome
>
>
> > One trick I've used where resources are tight is to "take" full routes,
> > but filter them so that I only accept "local" (short AS path) and a few
> > key indicator prefixes (typically out of country root DNS server
> > subnets). The indicator prefixes are used to drive a conditional default
> > route (use this ISP as default only if it appears to be well connected)
> > while the number of ASN's allowed in "local" prefixes can be adjusted to
> > control the number accepted.
> >
> > Note that this only impacts traffic going out from you. Inbound traffic
> > is a separate issue. With only a single /24, your inbound load balancing
> > options are limited. Depending on the connectivity of your upstreams and
> > who your users are talking to, you may also see lots of asymmetric
> > routing.
> >
> > Good luck and have fun!
> > --
> > Vincent C. Jones
> > Networking Unlimited, Inc.
> > Phone: +1 201 568-7810
> > V.Jones at NetworkingUnlimited.com
> >
> > On Wed, 2010-01-06 at 10:50 -0600, Jason Shearer wrote:
> >> Ben,
> >>
> >> Not going to be able to load balance inbound as you only have a single
> >> /24 to advertise (this is the minimum prefix that will make it to the
> >> NAP). Outbound you should be good....just note that you will
> >> experience
> >> asymmetric routing (in one out the other).
> >>
> >> I have used 28xx routers for full tables before and it will be good
> >> when
> >> the going is good but very bad when the going gets bad. If you are
> >> going
> >> to use an ISR I would recommend a 3825 at a minimum (two would be
> >> better). Convergence will be much faster.
> >>
> >> A better alternative if you are strapped for cash may be to just accept
> >> defaults. Make your backup connection smaller but have it contracted
> >> to
> >> grow or burst if you experience problems with the primary.
> >>
> >> Jason
> >>
> >> >>>Tranlation<<<
> >>
> >> No va a ser capaz de equilibrar la carga de entrada, ya que sólo tienen
> >> un único / 24 para anunciar (este es el prefijo mínimo que hará en el
> >> PNA). De salida debe ser bueno .... Solo ten en cuenta que la
> >> experiencia
> >> de enrutamiento asimétrico (en uno el otro).
> >>
> >> He utilizado 28xx routers para mesas completas antes y que será bueno
> >> cuando las cosas es bueno, pero muy mal cuando las cosas se ponen
> >> malas.
> >> Si usted va a utilizar un ISR yo recomendaría un 3825 a un mínimo (dos
> >> sería mejor). Convergencia será mucho más rápido.
> >>
> >> Una mejor alternativa si está atado por dinero en efectivo puede ser
> >> simplemente aceptar valores por defecto. Hacer la conexión de copia de
> >> seguridad más pequeña, pero que han contratado para crecer o explotar
> >> si
> >> tiene problemas con la primaria.
> >>
> >>
> >> From: Benjamín Gálvez [mailto:bgalvez at gmail.com]
> >> Sent: Wednesday, January 06, 2010 10:35 AM
> >> To: Jason Shearer
> >> Subject: Re: [c-nsp] Cisco 2801 full bgp multihome
> >>
> >> Jason,
> >>
> >> In Spanish
> >>
> >> La idea es conectar la Empresa (Bank) a dos ISP (Service provider) vía
> >> bgp en modo full para tener Balanceo de carga de salida y entrada.
> >> Ambos enlaces son de 10Mb. y la empresa tiene un solo prefijo /24 a
> >> publicar y su propio ASN.
> >> La idea es lograr redundancia de salida a Internet y tambien de entrada
> >> para acceso de clientes.
> >>
> >> La opcion "ruta default" me obliga a utilizar un enlace y el otro
> >> dejarlo
> >> pasivo (standbye)
> >>
> >> Ambos ISP pondran router Cisco 2801 pero con 256Mb.
> >>
> >> La pregunta es ¿Me sirve el router 2801 pero con 512Mb? o necesito
> >> cambiarlo por otro router con mejores prestaciones?
> >> Ambos ISP me hablan de un router serie 7000 como "minimo".
> >>
> >> In English
> >>
> >> Pending traslate....
> >> Sorry
> >>
> >> Benjamín
> >> 2010/1/6 Jason Shearer
> >> <jshearer at amedisys.com<mailto:jshearer at amedisys.com>>
> >> No way Jose. You will start fragging. I would recommend no less than
> >> 512 to receive full tables.
> >>
> >> Outside of memory the 2801 is not going to be a very good platform to
> >> accept full tables on. Any major routing updates is going to choke the
> >> platform. How big are the circuits you are landing from each provider?
> >>
> >> What are you trying to accomplish? Outbound load sharing? Inbound?
> >> How
> >> many /24 prefixes to you have to advertise?
> >>
> >> Jason
> >>
> >> -----Original Message-----
> >> From:
> >> cisco-nsp-bounces at puck.nether.net<mailto:cisco-nsp-bounces at puck.nether.net>
> >> [mailto:cisco-nsp-bounces at puck.nether.net<mailto:cisco-nsp-bounces at puck.nether.net>]
> >> On Behalf Of Benjamín Gálvez
> >> Sent: Wednesday, January 06, 2010 10:03 AM
> >> To: cisco-nsp at puck.nether.net<mailto:cisco-nsp at puck.nether.net>
> >> Subject: [c-nsp] Cisco 2801 full bgp multihome
> >> *Hi,
> >>
> >> Can Cisco 2801 with 256MB RAM can handle full BGP table (1-2 peers,
> >> multihome) ?
> >>
> >> Best regards
> >> Benjamín
> >> *
> >> _______________________________________________
> >> cisco-nsp mailing list
> >> cisco-nsp at puck.nether.net<mailto:cisco-nsp at puck.nether.net>
> >> https://puck.nether.net/mailman/listinfo/cisco-nsp
> >> archive at http://puck.nether.net/pipermail/cisco-nsp/
> >> *** NOTICE--The attached communication contains privileged and
> >> confidential information. If you are not the intended recipient, DO NOT
> >> read, copy, or disseminate this communication. Non-intended recipients
> >> are hereby placed on notice that any unauthorized disclosure,
> >> duplication, distribution, or taking of any action in reliance on the
> >> contents of these materials is expressly prohibited. If you have
> >> received
> >> this communication in error, please delete this information in its
> >> entirety and contact the Amedisys Privacy Hotline at 1-866-518-6684.
> >> Also, please immediately notify the sender via e-mail that you have
> >> received this communication in error. ***
> >>
> >>
> >> ________________________________
> >> *** NOTICE--The attached communication contains privileged and
> >> confidential information. If you are not the intended recipient, DO NOT
> >> read, copy, or disseminate this communication. Non-intended recipients
> >> are hereby placed on notice that any unauthorized disclosure,
> >> duplication, distribution, or taking of any action in reliance on the
> >> contents of these materials is expressly prohibited. If you have
> >> received
> >> this communication in error, please delete this information in its
> >> entirety and contact the Amedisys Privacy Hotline at 1-866-518-6684.
> >> Also, please immediately notify the sender via e-mail that you have
> >> received this communication in error. ***
> >> _______________________________________________
> >> cisco-nsp mailing list cisco-nsp at puck.nether.net
> >> https://puck.nether.net/mailman/listinfo/cisco-nsp
> >> archive at http://puck.nether.net/pipermail/cisco-nsp/
> > _______________________________________________
> > cisco-nsp mailing list cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list