On Friday, August 05, 2011 03:11:15 AM Ross Halliday wrote: > Does this all sound right to you folks? Am I completely > insane? Should I even bother hiding the private AS > number? I think this will accomplish my goal but I'd > like to hear what other people are doing. Most of this > stuff I've learned/thought about since getting to work > this morning so go easy on me, heheh.
It's possible that I could be misunderstanding what you're trying to do, but this sounds overly complex for what you're trying to achieve. Is there any particular reason why you want to run the Internet in a VRF, regardless of scope? Since you're looking to run iBGP on all your edge routers anyway, why aren't you looking at running the Internet in the global table, and just distribute it to the edge routers via iBGP (you've already identified numerous issues with trying to squeeze the Internet routing table in an l3vpn VRF). You would then use your public ASN everywhere and not have to worry about private ASN's and stripping them toward eBGP neighbors, e.t.c. You could make your life easier by having a route reflector in your network to distribute BGP routes among your internal routers. These can be dedicated units or come from your existing infrastructure today. I certainly wouldn't be keen on letting customers use my border router as an edge router. This would just kill your demarcation if you're worried about such things, and complicate your BGP routing policy and topology if you have other border routers talking to other upstreams, e.t.c. Also, criss-crossing EoMPLS tunnels across the network to connect customers to indirect boxes sounds more complex than is necessary. Again, it's possible I'm misunderstanding the problem you're trying to solve, but based on what I've read, your solution sounds too complicated. What we do is: o Perimetre routers run MPLS, an IGP, eBGP and iBGP. These perimetre routers can be: - border routers. - public peering routers. - private peering routers. - edge routers. - RTBH routers. - MPLS-capable Access switches. - e.t.c. In MPLS terms, these are PE routers. o Core routers, which tend to run MPLS, an IGP and BGP for IPv6 only. No BGP for IPv4. All IPv4 packet forwarding is done purely via MPLS. In MPLS terms, these are P routers. o Route reflectors, which tend to run an IGP and iBGP only. No MPLS. o Everything runs under our public ASN. o Customers connect to and peer with us at the edge. o Border/peering routers do only that, peer with upstreams, exchange point and private peers. It works! It's advanced, but simple. Mark.
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/