Re: iBGP Scaling
Dave, Your netblock might be a standard /19 or just a modest /30 :-) or you are just deploying IPv6 and therefore applied for one of the most recent RIPE assigments. Do you have different AS private/public numbers running on your network? filtering IGP routes part pf the OSPF design would be to find out how many areas you need to have LSA types ...or just one area O all part of your routing policy or LCR policy in place. Or just go for ISIS and then you have to think about L2/L1 bounderies. Can you be more specific on the question? .//ID --- On Sat, 3/28/09, tt tt wrote: > From: tt tt > Subject: iBGP Scaling > To: nanog@nanog.org > Date: Saturday, March 28, 2009, 6:13 PM > Hi List, > > We are looking to move our non infrastructure routes into > iBGP to help with our IGP scalability (OSPF). We already > run full BGP tables on our core where we connect to multiple > upstream and downstream customers. Most of our aggregation > and edge routers cannot hold full tables and it's > certainly not possible to upgrade them. Is there any reason > why we shouldn't filter iBGP routes between our core and > aggregation layers (we plan to use route reflectors) or > should we be look at using a private AS number per POP? > > Thanks > > Dave
Re: iBGP Scaling
On Sat, Mar 28, 2009 at 1:13 PM, tt tt wrote: > > Hi List, > > We are looking to move our non infrastructure routes into iBGP to help with > our IGP scalability (OSPF). We already run full BGP tables on our core where > we connect to multiple upstream and downstream customers. Most of our > aggregation and edge routers cannot hold full tables and it's certainly not > possible to upgrade them. Is there any reason why we shouldn't filter iBGP > routes between our core and aggregation layers (we plan to use route > reflectors) or should we be look at using a private AS number per POP? Dave, From past experiences, you would be better off by only keeping directly connected networks (as in the netblocks/routes used for the interconnections between your routers, both internal an external). Most should be /30's or the like unless you aggregate the address space between stub areas and area 0).After that, you should tag (via BGP Communities) externally learned routes (mainly from Transit and Peers) and suppress those routes going out to your sub-par aggregation routers. Keep in mind, when you filter these routes you will have to pass a default route, either via iBGP or via your IGP (as the one exception).Also, since you are doing this via BGP Communities when additional routes are learned from your external peers, those routes would not be passed onto your aggregation routers. charles
[NANOG-announce] VERP now active on all NANOG mailing lists
Hi everyone All NANOG mailing lists were updated to use VERP (variable envelope return paths) at the beginning of the week. This will aid in bounce detection and help identify the subscriber. A more detailed description of VERP can be found here: http://wiki.list.org/display/DOC/So+what+is+this+VERP+stuff With this change some headers have changed. Depending on how you are performing your filtering this may or may not affect you. The header changes are: Old Return-Path: listname-boun...@nanog.org New Return-Path: listname-bounces+userid=dom...@nanog.org Old Errors-To: : listname-boun...@nanog.org New Return-Path: listname-bounces+userid=dom...@nanog.org I hope that this change does not cause any serious issues for you. The mailing list admins are always reachable at adm...@nanog.org if you have any technical questions. Thanks! Kris Foster MLC Chair ___ NANOG-announce mailing list nanog-annou...@nanog.org http://mailman.nanog.org/mailman/listinfo/nanog-announce
iBGP Scaling
Hi List, We are looking to move our non infrastructure routes into iBGP to help with our IGP scalability (OSPF). We already run full BGP tables on our core where we connect to multiple upstream and downstream customers. Most of our aggregation and edge routers cannot hold full tables and it's certainly not possible to upgrade them. Is there any reason why we shouldn't filter iBGP routes between our core and aggregation layers (we plan to use route reflectors) or should we be look at using a private AS number per POP? Thanks Dave
Re: Google Over IPV6
Athanasios Douitsis wrote: > Heard that they are somewhat picky about who they -enable. Our campus > has had native IPv6 everywhere and upwards all the way to Geant for many > years. We are thinking of applying in the hopes that it will boost IPv6 > usage. Did you have any trouble getting them to IPv6-enable you? Anyone > from Google in the list with any informative comment? We have one hop in between (the german NREN), haven't had any issues getting it enabled. bschm...@lxbsc01:~$ traceroute6 -q1 www.google.com traceroute to www.google.com (2001:4860:a005::68) from 2001:4ca0:0:f000:211:43ff:fe7e:3a76, port 33434, from port 38962, 30 hops max, 60 byte packets 1 vl-23.csr1-2wr.lrz-muenchen.de (2001:4ca0:0:f000::1) 0.612 ms 2 xr-gar1-te1-3-108.x-win.dfn.de (2001:638:c:a003::1) 0.429 ms 3 zr-fra1-te0-7-0-1.x-win.dfn.de (2001:638:c:c043::2) 8.273 ms 4 de-cix20.net.google.com (2001:7f8::3b41:0:1) 8.202 ms 5 2001:4860::34 (2001:4860::34) 20.122 ms 6 2001:4860:a005::68 (2001:4860:a005::68) 20.691 ms If you are only connected to GEANT your mileage will vary, as GEANT doesn't peer themselves there will be at least one additional hop in between (GBLX most likely). I think they want a decent path and a usable backup path, not sure whether Telia (the second Geant transit) is ready yet. I'd suggest you just try to contact them. Bernhard
Re: REVERSE DNS Practices.
On Sat, 2009-03-28 at 03:12 -0400, Luke S Crawford wrote: > bmann...@vacation.karoshi.com writes: > > or - the more modern approach is to let the node (w/ proper authorization) > > do a secure dynamic update of the revserse map - so the forward and reverse > > delegations match. ... a -VERY- useful technique. > > I have a question. Is this an abuse problem? some ISPs require their domain > to be in the rdns in an effort to herd abuse reports to the correct org. > Is this generally considered useless? Is it generally considered OK to > hand relatively untrusted users the keys to their own rdns? > > (I'm forcing my own customers to have a rdns of something.xen.prgmr.com > for several months, Much to the chagrin of many presumably innocent and > legitimate customers. ) We allow RDNS controls to RapidXen customers since January 2009. It seems to be ok. We do have the ability to disable RDNS access to specific users if we feel it is being abused, however. -- William Pitcock SystemInPlace - Simple Hosting Solutions 1-866-519-6149
Re: REVERSE DNS Practices.
bmann...@vacation.karoshi.com writes: > or - the more modern approach is to let the node (w/ proper authorization) > do a secure dynamic update of the revserse map - so the forward and reverse > delegations match. ... a -VERY- useful technique. I have a question. Is this an abuse problem? some ISPs require their domain to be in the rdns in an effort to herd abuse reports to the correct org. Is this generally considered useless? Is it generally considered OK to hand relatively untrusted users the keys to their own rdns? (I'm forcing my own customers to have a rdns of something.xen.prgmr.com for several months, Much to the chagrin of many presumably innocent and legitimate customers. )
