[c-nsp] prefix lists updates and max prefix filters

Gert Doering gert at greenie.muc.de
Mon Dec 5 13:25:20 EST 2011 

Hi,

On Mon, Dec 05, 2011 at 12:08:06PM -0500, James Ashton wrote:
>  As I said, the problem seams obvious, but the solutions all seam
> less than elegant. I can only really see 2 ways through it, but I
> am probably missing several.  First would be to run a prefix list
> and an access list and update them one at a time.   So one it always
> in place.  The second would be to edit the prefix list one line at
> a time and never actually regenerate the entire list in one shot.
> This seams the most proper/elegant method and the one putting the
> least CPU strain on a hard working router. It would also cause me
> to write good bit more code that no-one else here could edit.

3.: flip between two prefix-lists, "outbound-filter-A" and "outbound-filter-B"
    -> put the new prefix-list in place, then change the BGP filter config
    in the neighbour statement

4.: forget about outbound prefix-lists, use community controlled filters
    ("never ever need to touch the outbound filters again").

> I am using rtconfig to generate the lists, so adding another isn't a huge project, but will add additional CPU time to a router that is begging for more CPU as it is.
> 
> Thoughts?

I'd go for "filter with prefix-lists inbound from your customers" (and
if they send you more than they should, tell them, so they can stop it),
and tag the accepted routes with a community value.  Then filter outbound
on that community value.

Filter changes only need to happen on the routers that actually have
changes in customer prefixes.

gert
-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             gert at greenie.muc.de
fax: +49-89-35655025                        gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 305 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20111205/68f33ea2/attachment.sig>

More information about the cisco-nsp mailing list