[c-nsp] Internet in VRF
Dan Peachey
dan at illusionnetworks.com
Tue May 5 05:50:41 EDT 2015
On 5 May 2015 at 10:02, Adam Vitkovsky <Adam.Vitkovsky at gamma.co.uk> wrote:
>
>
> > Mark Tinka
> > Sent: 04 May 2015 21:21
> > >
> > > We don’t run Internet in a VRF, we have no real use cases where we
> can’t
> > control what we need through policy. Our core infrastructure isn’t
> accessible
> > from our customers or the Internet, but it does require using the right
> > infrastructure ACLs. If I was doing a greenfield build may do it but
> having the
> > complexity of putting different transits, peers, etc. in their own VRFs
> is kind
> > of overkill IMHO.
> >
> > +1.
> >
> > Mark.
>
>
> Hi folks,
>
> Assuming you have more than one AS-exit and you don't have full-mesh
> between all BGP speakers, then how do you get the alternate/backup AS-Exit
> paths for Internet prefixes to all the PEs please?
> Although I admit that the convergence times of Internet services might not
> be a cause for concern so a minute of downtime might be acceptable.
>
> adam
>
>
BGP add-paths can achieve this:
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_bgp/configuration/xe-3s/irg-xe-3s-book/irg-additional-paths.html
This gives visibility of backup routes to your whole network (or more than
a single backup route if you want). You can also apply policy if you want
to be selective about which backup routes are advertised.
As far as convergence is concerned, BGP next-hop tracking can be tuned to
get you ~1 second convergence (or less if you like to live life on the
edge) for next-hop changes and for transit/peering failures your edge
routers can re-route traffic to the backup exit point whilst it's
withdrawing BGP routes for the failed peering/transit so minute(s) of
downtime can be avoided.
Cheers,
Dan
More information about the cisco-nsp
mailing list