> From: Robert Raszuk [mailto:rob...@raszuk.net] > Sent: Friday, August 17, 2018 9:57 AM > To: Mark Tinka > Cc: adamv0...@netconsultings.com; juniper-nsp@puck.nether.net; cisco- > n...@puck.nether.net > Subject: Re: [j-nsp] L3VPN/RR/PE on Same router > > Hey Mark, > > It has been a while .... > > > We've been running all address families on the same RR's (different > > sessions, obviously, but same hardware) > > Out of pure curiosity how are you setting up different BGP sessions to the > same RR ? > > I think what Adam is proposing is real TCP session isolation, what you may be > doing is just same single TCP session, but different SAFIs which is not the > same. > Yes Robert, I was indeed proposing separate TCP sessions at least -as that's the only way to protect against the default behaviour of terminating session upon malformed bgp update reception.
> Sure you can configure parallel iBGP sessions on the TCP level say between > different loopback addresses to the same RR, but what would that really buy > you ? You could even be more brave and use BGP multisession code path (if > happens to be even supported by your vendor) which in most > implementations I have seen is full of holes like swiss cheese but is this > what > you are doing ? > Another alternative would be to spin up a separate BGP process, which I think is supported only in XR, but once again that somewhat places one on the outskirts of the common deployment graph. But I know Mark is using csr1k -so depending on the available NFVI resources (I guess dedicated servers in this case), I think it's not that onerous to spin up yet another VM right? adam netconsultings.com ::carrier-class solutions for the telecommunications industry:: _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp