[c-nsp] ME3600 iBGP to RR

Mark Tinka mark.tinka at seacom.mu
Thu Mar 5 08:15:58 EST 2015



On 5/Mar/15 11:48, Adam Vitkovsky wrote:
> Hi,
>
> It is a good topic for a discussion.
> If you reset all the sessions the box becomes completely disconnected from the core (as most likely the same amount of routes will be advertised by both RRs (clusters)).

That is why, for my network, all management traffic is handled by the
IGP (IS-IS, in my case).

As BGP appears higher in the routing layer, a failure of BGP does not
affect access to the box. Typically, a failure of the IGP signals a much
bigger problem anyway, so it is a reliable method to manage the box.

IGP routes all end up in the FIB by default.
> If just warning is issued the box remains alive but there might be some unexpected states of memory rendering it unusable anyways (all kinds of weired issues can happen if the mem is exhausted be it just for a short interval).

Use BGP-SD.

The ME3600X can hold 2x full IPv4 and 2x full IPv6 tables in RAM. I
know, I do it. Then you pick and choose what gets installed into FIB
using BGP-SD.
> However if a config mistake happens and one of the RRs (or clusters for that matter) starts advertising excess routes then it would be desired to reset the affected session(s) in which case the box remains perfectly operational using the sessions to remaining RRs.

With BGP-SD, even if the RR suddenly started spewing more routes, you
don't hurt the FIB.

Yes, if the routes were too many that they overwhelmed the ME3600X's
control plane, then that is a different issue.
>
> In any case you should be closely monitoring the syslog messages related to crossing the 70% watermark so that you know you are approaching the memory limits of the box and there's a need to migrate some of the VRFs to other boxes or to add another ME to the POP.

Again, BGP-SD is your friend. A very elegant solution to an interesting
problem.

Mark.



More information about the cisco-nsp mailing list