[f-nsp] Does VRF still take CAM resources from 'ipv4 vpn' in later MLXe code?

Jörg Kost jk at ip-clear.de
Thu Sep 15 06:54:12 EDT 2016 

Hi,

so to answer my own posting and statement b): I have pushed

https://github.com/ipcjk/asnbuilder

to git, which is basically building Brocade MLX-compatible regular 
expressions out of the official as numbers and therefore can be used to 
clean up your router from NIC-regions that you might want reach via a 
default route.

E.g.
./main -region "AFRINIC"  | head -n 10
ip as-path access-list region-summary permit 
_3276[8-9][0-9]|_327[7-9][0-9][0-9]|_328[0-6][0-9][0-9]|_32870[0-3]$
ip as-path access-list region-summary permit _122[8-9]|_123[0-2]$
ip as-path access-list region-summary permit _2018$
ip as-path access-list region-summary permit _2561$
ip as-path access-list region-summary permit _2905$
ip as-path access-list region-summary permit _306[7-8]$
ip as-path access-list region-summary permit _3208$

./main  -help
Usage of ./main:
   -acltitle string
     	Title for generated as-path list (default "region-summary")
   -permitOrDeny int
     	Deny = 0, Permit = 1 (default 1)
   -region string
     	Comma separated list with region for generated prefix
   -summary
     	Print summary of downloaded lists only

./main  -summary
2016/09/15 12:53:02 APNIC [119 table entries]
2016/09/15 12:53:02 RIPE NCC [248 table entries]
2016/09/15 12:53:02 LACNIC [683 table entries]
2016/09/15 12:53:02 AFRINIC [201 table entries]
2016/09/15 12:53:02 ARIN [1046 table entries]

Next I need a tool to clean up redundant more specific prefixes.

Jörg


On 13 Sep 2016, at 8:38, Jörg Kost wrote:

> Hi!
>
> Installing the default route is a valid option, if you do no need the 
> as path information in the BGP table, in SFLOW packets and attached 
> tools. In my eyes that is a big trade-off.
>
> So I think for me one of these options will come first:
>
> a) Hence of ROHS 2016 there is an end of sale for several X-boards in 
> Europe and the smallest version that you can buy is now a 10-port 
> licensed GX20-X2. Depending on the growth or the replacement attitude, 
> the X2 will come sooner or later and can replace one or two X-cards at 
> once. If you sell BGP full feeds to customers, you will need the X2 
> sooner or later.
>
> b) I will block certain ranges and as-numbers by regions and will also 
> install a default route and extend our tools to resolve the as-path 
> later. Not pretty but it can bridge the time and extend life of 
> current boards.
>
> Conclusion: If there is memory to fill, people will (ab)use it. The 
> whole disaggregation of IPv6,  this is just the beginning.
>
> Jörg

More information about the foundry-nsp mailing list