This is a good approach, another is to filter the length of prefixes you
install and set up some floating static defaults.
You could filter against a prefix list for something like
ip prefix-list not-to-specific seq 5 permit 0.0.0.0/0 le X where X depends
on how finely you wish to filter. In most full feeds you'd take a /24 or
shorter but in your case you can't do this do to memory concerns. You could
try /20 or shorter, /19 etc until you meet your memory requirements. Simply
by filtering shorter than /24 you'll gain a lot of milage. Of course your
ability to control outbound traffic deteriorates the more heavily you filter
but them's the breaks when memory is a concern.
On the inbound side with a single /24 you won't have a lot of flexability.
You'll hit issues for example if upstream carriers filter shorter than /24
and only pick up your provider's parent block. If your upstreams have good
community options you can control announcments of your block a bit more.
For example, in the case of XO you can trigger prepends to specific major
peers allowing you to pad say AS 701 more heavily but leave other networks
untouched. Depends on what knobs your carrier gives you to twittle.
There's also local pref but that's non transative.
----- Original Message -----
From: "Vincent C Jones" <v.jo...@networkingunlimited.com>
To: "Jason Shearer" <jshea...@amedisys.com>
Cc: <cisco-nsp@puck.nether.net>
Sent: Wednesday, January 06, 2010 11:57 AM
Subject: Re: [c-nsp] Cisco 2801 full bgp multihome
One trick I've used where resources are tight is to "take" full routes,
but filter them so that I only accept "local" (short AS path) and a few
key indicator prefixes (typically out of country root DNS server
subnets). The indicator prefixes are used to drive a conditional default
route (use this ISP as default only if it appears to be well connected)
while the number of ASN's allowed in "local" prefixes can be adjusted to
control the number accepted.
Note that this only impacts traffic going out from you. Inbound traffic
is a separate issue. With only a single /24, your inbound load balancing
options are limited. Depending on the connectivity of your upstreams and
who your users are talking to, you may also see lots of asymmetric
routing.
Good luck and have fun!
--
Vincent C. Jones
Networking Unlimited, Inc.
Phone: +1 201 568-7810
v.jo...@networkingunlimited.com
On Wed, 2010-01-06 at 10:50 -0600, Jason Shearer wrote:
Ben,
Not going to be able to load balance inbound as you only have a single
/24 to advertise (this is the minimum prefix that will make it to the
NAP). Outbound you should be good....just note that you will experience
asymmetric routing (in one out the other).
I have used 28xx routers for full tables before and it will be good when
the going is good but very bad when the going gets bad. If you are going
to use an ISR I would recommend a 3825 at a minimum (two would be
better). Convergence will be much faster.
A better alternative if you are strapped for cash may be to just accept
defaults. Make your backup connection smaller but have it contracted to
grow or burst if you experience problems with the primary.
Jason
>>>Tranlation<<<
No va a ser capaz de equilibrar la carga de entrada, ya que sólo tienen
un único / 24 para anunciar (este es el prefijo mínimo que hará en el
PNA). De salida debe ser bueno .... Solo ten en cuenta que la experiencia
de enrutamiento asimétrico (en uno el otro).
He utilizado 28xx routers para mesas completas antes y que será bueno
cuando las cosas es bueno, pero muy mal cuando las cosas se ponen malas.
Si usted va a utilizar un ISR yo recomendaría un 3825 a un mínimo (dos
sería mejor). Convergencia será mucho más rápido.
Una mejor alternativa si está atado por dinero en efectivo puede ser
simplemente aceptar valores por defecto. Hacer la conexión de copia de
seguridad más pequeña, pero que han contratado para crecer o explotar si
tiene problemas con la primaria.
From: Benjamín Gálvez [mailto:bgal...@gmail.com]
Sent: Wednesday, January 06, 2010 10:35 AM
To: Jason Shearer
Subject: Re: [c-nsp] Cisco 2801 full bgp multihome
Jason,
In Spanish
La idea es conectar la Empresa (Bank) a dos ISP (Service provider) vía
bgp en modo full para tener Balanceo de carga de salida y entrada.
Ambos enlaces son de 10Mb. y la empresa tiene un solo prefijo /24 a
publicar y su propio ASN.
La idea es lograr redundancia de salida a Internet y tambien de entrada
para acceso de clientes.
La opcion "ruta default" me obliga a utilizar un enlace y el otro dejarlo
pasivo (standbye)
Ambos ISP pondran router Cisco 2801 pero con 256Mb.
La pregunta es ¿Me sirve el router 2801 pero con 512Mb? o necesito
cambiarlo por otro router con mejores prestaciones?
Ambos ISP me hablan de un router serie 7000 como "minimo".
In English
Pending traslate....
Sorry
Benjamín
2010/1/6 Jason Shearer
<jshea...@amedisys.com<mailto:jshea...@amedisys.com>>
No way Jose. You will start fragging. I would recommend no less than
512 to receive full tables.
Outside of memory the 2801 is not going to be a very good platform to
accept full tables on. Any major routing updates is going to choke the
platform. How big are the circuits you are landing from each provider?
What are you trying to accomplish? Outbound load sharing? Inbound? How
many /24 prefixes to you have to advertise?
Jason
-----Original Message-----
From:
cisco-nsp-boun...@puck.nether.net<mailto:cisco-nsp-boun...@puck.nether.net>
[mailto:cisco-nsp-boun...@puck.nether.net<mailto:cisco-nsp-boun...@puck.nether.net>]
On Behalf Of Benjamín Gálvez
Sent: Wednesday, January 06, 2010 10:03 AM
To: cisco-nsp@puck.nether.net<mailto:cisco-nsp@puck.nether.net>
Subject: [c-nsp] Cisco 2801 full bgp multihome
*Hi,
Can Cisco 2801 with 256MB RAM can handle full BGP table (1-2 peers,
multihome) ?
Best regards
Benjamín
*
_______________________________________________
cisco-nsp mailing list
cisco-nsp@puck.nether.net<mailto:cisco-nsp@puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
*** NOTICE--The attached communication contains privileged and
confidential information. If you are not the intended recipient, DO NOT
read, copy, or disseminate this communication. Non-intended recipients
are hereby placed on notice that any unauthorized disclosure,
duplication, distribution, or taking of any action in reliance on the
contents of these materials is expressly prohibited. If you have received
this communication in error, please delete this information in its
entirety and contact the Amedisys Privacy Hotline at 1-866-518-6684.
Also, please immediately notify the sender via e-mail that you have
received this communication in error. ***
________________________________
*** NOTICE--The attached communication contains privileged and
confidential information. If you are not the intended recipient, DO NOT
read, copy, or disseminate this communication. Non-intended recipients
are hereby placed on notice that any unauthorized disclosure,
duplication, distribution, or taking of any action in reliance on the
contents of these materials is expressly prohibited. If you have received
this communication in error, please delete this information in its
entirety and contact the Amedisys Privacy Hotline at 1-866-518-6684.
Also, please immediately notify the sender via e-mail that you have
received this communication in error. ***
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/