Hi Dan, > Dan Peachey > Sent: 05 May 2015 10:51 > > On 5 May 2015 at 10:02, Adam Vitkovsky <[email protected]> > wrote: > > > > > > > > Mark Tinka > > > Sent: 04 May 2015 21:21 > > > > > > > > We don’t run Internet in a VRF, we have no real use cases where we > > can’t > > > control what we need through policy. Our core infrastructure isn’t > > accessible > > > from our customers or the Internet, but it does require using the right > > > infrastructure ACLs. If I was doing a greenfield build may do it but > > having the > > > complexity of putting different transits, peers, etc. in their own VRFs > > is kind > > > of overkill IMHO. > > > > > > +1. > > > > > > Mark. > > > > > > Hi folks, > > > > Assuming you have more than one AS-exit and you don't have full-mesh > > between all BGP speakers, then how do you get the alternate/backup AS- > Exit > > paths for Internet prefixes to all the PEs please? > > Although I admit that the convergence times of Internet services might not > > be a cause for concern so a minute of downtime might be acceptable. > > > > adam > > > > > > BGP add-paths can achieve this: > > http://www.cisco.com/c/en/us/td/docs/ios- > xml/ios/iproute_bgp/configuration/xe-3s/irg-xe-3s-book/irg-additional- > paths.html > > This gives visibility of backup routes to your whole network (or more than > a single backup route if you want). You can also apply policy if you want > to be selective about which backup routes are advertised. > > As far as convergence is concerned, BGP next-hop tracking can be tuned to > get you ~1 second convergence (or less if you like to live life on the > edge) for next-hop changes and for transit/peering failures your edge > routers can re-route traffic to the backup exit point whilst it's > withdrawing BGP routes for the failed peering/transit so minute(s) of > downtime can be avoided. > > Cheers, > > Dan
I'm aware of the add-path feature though the drawback is that you'd have to deploy yet another feature whereas with Internet in a VRF you can just use unique RDs. Of course in both cases you'd still need to run best-external and BGP-PIC to achieve the ultra-fast local repair. So the point is that instead of "BGP-ipv4 + add-path & BGP-ipv6 + add-path & BGP-vpnv4 & BGP-vpnv6" -you can run just "BGP-vpnv4 & BGP-vpnv6" on the RRs adam --------------------------------------------------------------------------------------- This email has been scanned for email related threats and delivered safely by Mimecast. For more information please visit http://www.mimecast.com --------------------------------------------------------------------------------------- _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
