[f-nsp] Integrating Foundry and Internap FCP

Lee Pedder lee.pedder at gmail.com
Thu Sep 4 04:12:35 EDT 2008 

2008/9/3 Lee Pedder <lee.pedder at gmail.com>:
> Sorry to resurrect this thread almost a year later, but did you ever
> get this up and running Mike?
>
> I'm going to be attempting this pretty soon, so any pointers / recipes
> would be very helpful. This will be on a pair of NetIron MLXs.

Mike sent me some useful config, here it is for the sake of the archives:


The Foundry needs some policy routes so that it can send test probes
out each provider as needed. We created some VLAN interfaces for this
purpose, tagged by the FCP's routing interface ethe 4/2:

vlan 1 name DEFAULT-VLAN by port
!
vlan 10 name Main_FCP_VLAN by port
 tagged ethe 4/2
 router-interface ve 10
!
vlan 11 name Level3_Probes by port
 tagged ethe 4/2
 router-interface ve 11
!
vlan 12 name Qwest_Probes by port
 tagged ethe 4/2
 router-interface ve 12
!
vlan 14 name Internap_Probes by port
 tagged ethe 4/2
 router-interface ve 14
!
vlan 3004 name Internap_Transit by port
 tagged ethe 1/4
 router-interface ve 15
!

Then, our physical interface configuration looks like this (the port
mirroring on 2/2 is to the FCP's sniffer interface so that it can
measure the latency/loss as seen on real traffic):

interface ethernet 1/1
 port-name Level 3
 ip address a.b.c.d 255.255.255.252
 mon ethe 2/2 input
 mon ethe 2/2 output
 gig-default neg-full-auto
!
interface ethernet 1/3
 port-name Qwest
 ip address e.f.g.h 255.255.255.252
 mon ethe 2/2 input
 mon ethe 2/2 output
!
interface ethernet 1/4
 port-name Internap
 mon ethe 2/2 input
 mon ethe 2/2 output
!
interface ethernet 4/2
 port-name FCP
 dual-mode  10
!

Then there are some ve interfaces. I believe these are "Virtual
Ethernet" that correspond back to the VLANs defined above.

!
interface ve 10
 port-name MAIN_FCP
 ip address m.n.o.p 255.255.255.252
!
interface ve 11
 ip address 10.11.11.11 255.255.255.0
 ip policy route-map LEVEL3_Probe
!
interface ve 12
 ip address 10.12.12.12 255.255.255.0
 ip policy route-map QWEST_Probe
!
interface ve 14
 ip address 10.14.14.14 255.255.255.0
 ip policy route-map INTERNAP_Probe
!
interface ve 15
 ip address q.r.s.t 255.255.255.252
!

Then there's an iBGP session established to the FCP with our own ASN -
this allows it to inject routes with a different next-hop attribute
when it needs to change the direction of outbound traffic for a given
route (as I understand it, the FCP doesn't even try to change the
inbound paths, which makes sense given the method it is using for
outbound changes and the relative lack of control you have over the
choices other providers make).

router bgp
 local-as NNNNN
 neighbor m.n.o.q remote-as NNNNN
 neighbor m.n.o.q description FCP
!

Then the route-maps that provide for the policy routing of only the
FCP probe packets:

route-map  LEVEL3_Probe permit  10
 set ip next-hop a.b.c.f
!
route-map  QWEST_Probe permit  10
 set ip next-hop f.g.h.j
!
route-map  INTERNAP_Probe permit  10
 set ip next-hop q.r.s.u

More information about the foundry-nsp mailing list