[c-nsp] Internet in VRF
Adam Vitkovsky
Adam.Vitkovsky at gamma.co.uk
Tue May 5 06:24:56 EDT 2015
Hi Dan,
> Dan Peachey
> Sent: 05 May 2015 10:51
>
> On 5 May 2015 at 10:02, Adam Vitkovsky <Adam.Vitkovsky at gamma.co.uk>
> wrote:
>
> >
> >
> > > Mark Tinka
> > > Sent: 04 May 2015 21:21
> > > >
> > > > We don’t run Internet in a VRF, we have no real use cases where we
> > can’t
> > > control what we need through policy. Our core infrastructure isn’t
> > accessible
> > > from our customers or the Internet, but it does require using the right
> > > infrastructure ACLs. If I was doing a greenfield build may do it but
> > having the
> > > complexity of putting different transits, peers, etc. in their own VRFs
> > is kind
> > > of overkill IMHO.
> > >
> > > +1.
> > >
> > > Mark.
> >
> >
> > Hi folks,
> >
> > Assuming you have more than one AS-exit and you don't have full-mesh
> > between all BGP speakers, then how do you get the alternate/backup AS-
> Exit
> > paths for Internet prefixes to all the PEs please?
> > Although I admit that the convergence times of Internet services might not
> > be a cause for concern so a minute of downtime might be acceptable.
> >
> > adam
> >
> >
>
> BGP add-paths can achieve this:
>
> http://www.cisco.com/c/en/us/td/docs/ios-
> xml/ios/iproute_bgp/configuration/xe-3s/irg-xe-3s-book/irg-additional-
> paths.html
>
> This gives visibility of backup routes to your whole network (or more than
> a single backup route if you want). You can also apply policy if you want
> to be selective about which backup routes are advertised.
>
> As far as convergence is concerned, BGP next-hop tracking can be tuned to
> get you ~1 second convergence (or less if you like to live life on the
> edge) for next-hop changes and for transit/peering failures your edge
> routers can re-route traffic to the backup exit point whilst it's
> withdrawing BGP routes for the failed peering/transit so minute(s) of
> downtime can be avoided.
>
> Cheers,
>
> Dan
I'm aware of the add-path feature though the drawback is that you'd have to deploy yet another feature whereas with Internet in a VRF you can just use unique RDs.
Of course in both cases you'd still need to run best-external and BGP-PIC to achieve the ultra-fast local repair.
So the point is that instead of "BGP-ipv4 + add-path & BGP-ipv6 + add-path & BGP-vpnv4 & BGP-vpnv6"
-you can run just "BGP-vpnv4 & BGP-vpnv6" on the RRs
adam
---------------------------------------------------------------------------------------
This email has been scanned for email related threats and delivered safely by Mimecast.
For more information please visit http://www.mimecast.com
---------------------------------------------------------------------------------------
More information about the cisco-nsp
mailing list