[c-nsp] Best practices for Cat6500
Phil Mayers
p.mayers at imperial.ac.uk
Mon Nov 1 13:30:14 EDT 2010
On 01/11/10 16:13, Nick Hilliard wrote:
> On 01/11/2010 15:41, Phil Mayers wrote:
>> This is a bug, CSCtf64231, and SXI5 is now out I see, claiming to fix it:
>>
>> "Inbound route-map change shouldn't be effective immediately"
>>
>> Pfft, yeah! That's one way to put it!
>
> This is a fundamental problem of the traditional IOS way of doing things.
> The only way to deal with it is an atomic commit operation.
Are there not two different (but related) issues?
1. Typing:
route-map TEST 1
! empty permit now exists & applies to new UPDATEs
match ..
! match & permit now exists & applies to new UPDATEs
set ...
...gives you a window during which newly received UPDATEs will be
matched against partial route maps. In this case, I agree - absence of
atomic "commit" is a problem (and there is precedent for this kind of
thing appearing in IOS - IP ACL sub-mode for example)
2. Typing the above applies instantly to existing RIB entries, without
a manual "clear ip bgp ... in". This is clearly a behaviour change in
IOS, and a dangerous one. A "commit" operation doesn't fix that; it just
delays it until you exit your sub-mode. There may well be circumstances
where you explicitly don't want to apply the route-map to existing RIB
entries.
I could be convinced IOS should work as-per the 2nd option, but it
historically has not, and that's the confusing part!
More information about the cisco-nsp
mailing list