[f-nsp] IPv6 DFZ and TCAM partitionning

Youssef Bengelloun-Zahr bengelly at gmail.com
Fri Jun 23 10:23:14 EDT 2017


Hello,

For those interested, I had our SE open an RFE in order to request a new
CAM profile : PRODRFE104462

If you are intersted, I would highly suggest you push this with your local
SE. We all know what the odds of this happening, but you never know.

Best regards.



2017-06-14 10:05 GMT+02:00 Youssef Bengelloun-Zahr <bengelly at gmail.com>:

> Hi Clement,
>
> That is so very true. Still, that doesn't always work.
>
> I also like the idea of threatening your favorite $$$$ vendor to throw
> away their gear on the curve, even if we all know that it won't help.
>
> But that's another story, let's remain civilized and polite publically ;-)
>
> Best regards.
>
>
>
> 2017-06-14 9:13 GMT+02:00 Clement Cavadore <clement at cavadore.net>:
>
>> Hi Youssef,
>>
>> Sales peoples are like young kids: You have to raise them and let them
>> understand what they can or cannot sell :). And if they'd still insist
>> to sell L3VPN, they'll have to ask the management to buy you some brand
>> new toys :-)
>>
>> Clément
>>
>> On Wed, 2017-06-14 at 09:01 +0200, Youssef Bengelloun-Zahr wrote:
>> > Hi Clement :-)
>> >
>> > Sur, I thought of that. But knowing sales guys in my company, someone at
>> > some point will have the brilliant idea of selling an L3VPN and then I
>> will
>> > be sc*$€wed.
>> >
>> > So, I'm trying to be creative here.... But I think my options are rather
>> > limited.
>> >
>> > BR.
>> >
>> >
>> >
>> >
>> > 2017-06-14 8:08 GMT+02:00 Clement Cavadore <clement at cavadore.net>:
>> >
>> > > I'd rather change my management method and switch to ipv4-ipv6-2  :-)
>> > >
>> > > On Wed, 2017-06-14 at 01:02 +0200, Youssef Bengelloun-Zahr wrote:
>> > > > Dear Daniel,
>> > > >
>> > > > Is this really the only option ?
>> > > >
>> > > > Either shrinking the DFZ or upgrade to newer LPs ?
>> > > >
>> > > > Thank you.
>> > > >
>> > > >
>> > > >
>> > > > > Le 14 juin 2017 à 00:37, Daniel Schmidt <daniel.schmidt at wyo.gov>
>> a
>> > > écrit :
>> > > > >
>> > > > > No one really.  My 2 cents:
>> > > > >
>> > > > > Use option #1, have each provider send you an additional default,
>> and
>> > > do an ASN filter list with a little help from this:
>> > > > > https://github.com/ipcjk/asnbuilder
>> > > > >
>> > > > >> On Tue, Jun 13, 2017 at 3:07 PM, Youssef Bengelloun-Zahr <
>> > > bengelly at gmail.com> wrote:
>> > > > >> No one ? Really ?!?
>> > > > >>
>> > > > >> Y.
>> > > > >>
>> > > > >>
>> > > > >>
>> > > > >>> Le 13 juin 2017 à 10:05, Youssef Bengelloun-Zahr <
>> bengelly at gmail.com>
>> > > a écrit :
>> > > > >>>
>> > > > >>> Dear Foundry community,
>> > > > >>>
>> > > > >>> I'm about to revive an old trolly thread, but boy are they fun.
>> > > > >>>
>> > > > >>> With the growth of IPv6 DFZ over 32K entries, we have been
>> receiving
>> > > the following syslog error message on our MLXe gear :
>> > > > >>>
>> > > > >>> Jun 13 07:51:02:A:CAM IPv6 partition warning: total 32768
>> (reserved
>> > > 0), free 6, slot 2, ppcr 1
>> > > > >>> Jun 13 07:51:02:A:CAM IPv6 partition warning: total 32768
>> (reserved
>> > > 0), free 6, slot 2, ppcr 0
>> > > > >>>
>> > > > >>> We receive full BGP feeds from multiple IP transit providers and
>> > > YES, we DO filter prefixes over a /48 size.
>> > > > >>>
>> > > > >>> Our MLXe act as MPLS PEs and run the following hardware on
>> NI58g :
>> > > > >>>
>> > > > >>> Module
>> > > Status                       Ports    Starting MAC
>> > > > >>> M1 (left ):BR-MLX-MR2-X Management Module
>> > >  Standby(Ready State)
>> > > > >>> M2 (right):BR-MLX-MR2-X Management Module
>> > >  Active
>> > > > >>> F1: NI-X-HSF Switch Fabric Module
>> > >  Active
>> > > > >>> F2: NI-X-HSF Switch Fabric Module
>> > >  Active
>> > > > >>> F3: NI-X-HSF Switch Fabric Module
>> > >  Active
>> > > > >>> S1: BR-MLX-10Gx4-X 4-port 10GbE Module
>> > > CARD_STATE_UP                4        0024.38a4.fb00
>> > > > >>> S2: BR-MLX-10Gx4-X 4-port 10GbE Module
>> > > CARD_STATE_UP                4        0024.38a4.fb30
>> > > > >>> S3: BR-MLX-1GFx24-X 24-port 1GbE SFP Module
>> > >  CARD_STATE_UP                24       0024.38a4.fb60
>> > > > >>> S4: BR-MLX-1GFx24-X 24-port 1GbE SFP Module
>> > >  CARD_STATE_UP                24       0024.38a4.fb90
>> > > > >>>
>> > > > >>> For years, we have been using multi-service-4 CAM profil in
>> order to
>> > > provide pure IP connectivity and MPLS connectivity (mostly VPLS) to
>> our
>> > > clients.
>> > > > >>>
>> > > > >>> After investigating with BTAC, they told us that our hardware
>> > > couldn't handle much more 32k with this profil :
>> > > > >>>
>> > > > >>> http://www.brocade.com/content/html/en/administration-guide/
>> netiron-
>> > > 05900-adminguide/GUID-F5A27733-F4A2-4367-8F83-E8A4C3DE6F0E.html
>> > > > >>>
>> > > > >>> We only use MPLS VRF for management prurposes. So, we are left
>> with
>> > > either :
>> > > > >>>
>> > > > >>> - Heavily filtering IPv6 bgp feeds + accepting a defaut route in
>> > > order to get 1 MPLS VRF for management purposes,
>> > > > >>>
>> > > > >>> - Accepting full IPv6 BGP feed by migrating to ipv4-ipv6-2
>> Profile,
>> > > and loose MPLS VRF.
>> > > > >>>
>> > > > >>> I seem to recall that someone on this list has been pushing
>> Brocade
>> > > to create a special profile to accomodate a very little number of MPLS
>> > > VRFs. Did that happen ?
>> > > > >>>
>> > > > >>> Other than that, how do you guys handle this ? Maybe a nifty
>> trick
>> > > I'm not aware of ?
>> > > > >>>
>> > > > >>> Thank you for your wisdom.
>> > > > >>>
>> > > > >>> Best regards.
>> > > > >>
>> > > > >> _______________________________________________
>> > > > >> foundry-nsp mailing list
>> > > > >> foundry-nsp at puck.nether.net
>> > > > >> http://puck.nether.net/mailman/listinfo/foundry-nsp
>> > > > >
>> > > > >
>> > > > >
>> > > > > E-Mail to and from me, in connection with the transaction
>> > > > > of public business, is subject to the Wyoming Public Records
>> > > > > Act and may be disclosed to third parties.
>> > > > _______________________________________________
>> > > > foundry-nsp mailing list
>> > > > foundry-nsp at puck.nether.net
>> > > > http://puck.nether.net/mailman/listinfo/foundry-nsp
>> > >
>> > >
>> > >
>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/foundry-nsp/attachments/20170623/eeeb7437/attachment.html>


More information about the foundry-nsp mailing list