[c-nsp] IOS XR BGP

Gert Doering gert at greenie.muc.de
Tue Nov 29 05:56:31 EST 2011 

Hi,

On Tue, Nov 29, 2011 at 10:35:18AM +0800, Mark Tinka wrote:
> 	o For our Cisco route reflectors, we write a static
> 	  route of the aggregate poing to 'Null0', dig it
> 	  into BGP using a 'network' statement, and apply
> 	  the right BGP attributes via a route-map and send
> 	  the route on its way. Note that like the Juniper,
> 	  one could also use a route-map to call the static
> 	  route into BGP via a tag (I think Gert has
> 	  mentioned, once or twice, that that's what he
> 	  does), negating the need for a 'network'
> 	  statement.

Yep.  We do "redistribute static route-map static[46]-to-bgp" and in
the route-map, we evaluate the tags to decide whether to distribute
the prefix to iBGP only, to eBGP, to iBGP with a higher MED (HSRP
slave interface), etc.

Slightly simplified:

!
! do not export prefixes with "tag 25" at all (special-case routes)
!
route-map static6-to-bgp deny 10
 match tag 25
!
! "tag 5539" goes to global BGP (community 5539:500)
! 
route-map static6-to-bgp permit 20
 match tag 5539
 set metric 1
 set origin igp
 set community 5539:411 5539:500
!
! "tag 100" is "iBGP only, but worse MED than default"
!
route-map static6-to-bgp permit 30
 match tag 100
 set metric +100
 set community no-export
!
! default is "iBGP only, MED 1"
!
route-map static6-to-bgp permit 99
 set metric 1
 set community no-export


The beauty if this is: once the system is in place, installing a new
route *plus prefix* is a single(!) route statement, not "add route, and
then go to BGP and add network".

Now, what annoys me somewhat is that I can't do the same thing for
connected routes, as I can't specify tags there - so the connected-to-bgp
route-map has prefix-lists to control "to global" and "iBGP/backup".

> In either case, above, all other routers in the network 
> (edge, blackholing, peering, borders, e.t.c.) simply refer 
> to communities to get routes out to the Internet, customers 
> or peers. No additional "routing" is required on these 
> routers, just reference to communities.

+1 - 5539:500 is "out to peers and upstreams".

[..]
> Personally, I prefer 'network' statements because they're 
> deliberate. You always know you're doing "something" as it's 
> a two-step process. I'm more wary of redistribution in the 
> global table, although, like in Gert's case, it can also be 
> controlled if you have the right guys at the helm.
> 
> Every solution has its risks, costs and benefits.

Agreed :-) - in our case, the default of "no tag" is reasonably safe
(default med, to iBGP only).   If one of my colleagues types "tag 5539"
at the end of an "ip[v6] route..." statement, I expect he knows why he
puts it there - and if not, we do a quick round of "don't put commands
into routers you don't understand" training :-)

gert
-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             gert at greenie.muc.de
fax: +49-89-35655025                        gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 305 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20111129/baf434ac/attachment.sig>

More information about the cisco-nsp mailing list