[c-nsp] ME3600 iBGP to RR

[Mark Tinka]

On 6/Mar/15 20:02, Nick Hilliard wrote:
> This will cause traffic to go north-south on your network in situations
> where it might be more efficiently handled as east-west.  Depending on the
> network structure, this might not be a problem, e.g. if the me3600 is a
> strict PE / distribution device.  If there are any east-west connections,
> deny-all on bgp won't work well.  Obviously this assumes that ibgp is being
> used as igp, with isis/ospf as strict topology engine only.  If you're
> using a link state protocol for connected / static prefix distribution
> (urgh), east-west traffic will stay that way.  But then we wouldn't be
> having this conversation.

So like I said, that is a very simple route-map that ensures nothing is
installed in the FIB for the global unicast table (as BGP-SD is not
supported on VRF unicast tables on the ME3600X today, all VRF routes are
installed in FIB by default).

With a simple route-map like that, you can still install routes into the
FIB through other means, e.g., static routing, IGP, e.t.c. Of course,
this thread is about BGP.

My deployment for the ME3600X where BGP-SD shines is in rings, i.e.,
east-west topologies. BGP-SD works great here, because iBGP routes
(including 0/0 and ::/0) installed in the FIB have only one way to go
anyway. So my BGP-SD route-maps are not that simple, but they are also
very, very short.

The ME3600X as an edge router in a north-south topology is difficult as
there is no clear (default) gateway in such a scenario, particularly if
you run a BGP-free core. I rely on other devices for the edge that can
hold a full table in FIB for such topologies. But as budgets differ
between networks, YMMV and you may be forced to deploy the ME3600X in a
north-south topology. In such scenarios, you can't avoid forwarding
inefficiencies and their associated risks when limiting what enters the
FIB, be it via BGP-SD, max-prefix or no BGP altogether.
>
> Otherwise, Adam is correct to say that using selective download shifts the
> problem space from one route-map to another.  Ultimately you still need to
> be careful.  Dropping a spanner into the cogs nearly always causes damage,
> no matter what the situation.

The route-maps for BGP-SD differ from the route-maps for BGP routing. In
case you perform iBGP route filtering on inbound, that gets processed
before a BGP-SD route-map.

A BGP-SD route-map can only install into the FIB what a BGP routing
route-map has deemed fit for route selection.

Obviously, if you don't filter iBGP routing on inbound, then you're just
dealing with the BGP-SD route-map on the back of an unadulterated BGP
route selection algorithm.

Mark.