RE: Route Reflector Client Design Question

[michalis.bersimis]

Hello,

In order to accept only the default route, I assume that you want to have 
internet access to the ASR920 inside a vrf. ?!?
 If this is the case, your consideration of the default route and the TCAM size 
is correct. But, if there is internet traffic between the PE2-PE3 in the same 
vrf , then I think that its ok to leak more specific prefixes from PE2 to PE3 
(by using specific Route Targets) from the CORE1 & CORE2 (RR).

Unless there is something that I miss,  option #2, is more favorable.


Michalis Bersimis


-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Erik Sundberg
Sent: Friday, May 04, 2018 9:02 AM
To: NANOG
Subject: Route Reflector Client Design Question

I have a RR Client design question..


CORE1---2x10G---CORE2
|   
|
|   
|
|10G Ring   |
|   
|
|   

| |
PE1--PE2--PE3--PE4--PE5


-Core1 & Core2 are RR Reflectors with full IPV4 Tables (ASR9K) -MPLS LDP 
Enabled -IGP is ISIS -Each PE peers only with Core1 and Core2 as RR Clients 
with iBGP -PE's are only receiving a default route from the Core Routers due to 
TCAM size of 20K (ASR920's\ME3800's) -The ring does not have that much traffic 
on it <500m, so I do not want to use additional 10G ports on the Core's and is 
why I have it in a 10G U ring.
-Primary link to the cores is via the PE1 --- CORE1 Like. For this 
discussion the link between PE5 to CORE2 is set up as a backup link.

The scenario is I have traffic between PE2 and PE3. Since the PE's are only 
receiving a default route from the Cores. Traffic is label switch from PE2 - 
PE1 - Core1 does a IP lookup at Ingress then label switches back to 
PE1-PE2-PE3. This ends up being 5 hops and doubling the traffic on the link to 
the Cores.

My questions is how do I get traffic to go directly between the PE's without 
going to the Core Routers?

1. Can I enable iBGP between the PE's in a full mesh to allow traffic between 
the PE's without going to the core's. Or does this break the Route Reflector 
model?
2. Create a route policy on the Core's advertising routes learned from the PE's 
back to all the PE's on the ring.
3. Is this one of the down sides to U Rings?
4. Leave it alone and move on to bigger and better things


Thanks

Erik



CONFIDENTIALITY NOTICE: This e-mail transmission, and any documents, files or 
previous e-mail messages attached to it may contain confidential information 
that is legally privileged. If you are not the intended recipient, or a person 
responsible for delivering it to the intended recipient, you are hereby 
notified that any disclosure, copying, distribution or use of any of the 
information contained in or attached to this transmission is STRICTLY 
PROHIBITED. If you have received this transmission in error please notify the 
sender immediately by replying to this e-mail. You must destroy the original 
transmission and its attachments without reading or saving in any manner. Thank 
you.

RE: isp/cdn caching

[michalis.bersimis]

I think that Cloudflare has a caching solution, but I think they have strict 
requirements towards the isp in order to install them on their premises.

Best Regards,

Michalis Bersimis

-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Aaron Gould
Sent: Thursday, September 28, 2017 6:25 PM
To: Nanog@nanog.org
Subject: isp/cdn caching

Hi, I've been aware of a few caching providers for a few years now, but I'm 
learning of others as time goes on. which makes me curious if there are more 
springing up and gaining popularity.  I'm speaking of ISP-type caching whereas 
the cache provider sends hardware servers and perhaps a switch to the local ISP 
to install locally in their network.  Can someone please send a simple list of 
what they know is the current players in this ISP Caching space?  I'll list the 
ones I know about and you please let me know of others.  This seems to be an 
evolving/growing thing and I'm curious of where we are today for significant 
providers and possibly up-and-coming ones that I should know about.  (amazon 
prime has my wondering also.)

 

Google (GGC)

Netflix (OCA)

Akamai (AANP)

Facebook (FNA)

Apple (I heard this isn't isp-located like the others, but unsure)

? others ?

? others ?

? others ?

 

-Aaron Gould

RE: Cisco NCS5501 as a P Router

[michalis.bersimis]

Ι would be interested to use NCS5501 as a core or aggregation P router to 
aggregate smaller PE routers. Its low cost (compared to ASR9K) and the small 
features that one can need in order to run a P router it makes the platform 
attractive. 

I would like to hear other use case  (eg. Internet peering routers)

Best Regards,
Michalis Bersimis

-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Erik Sundberg
Sent: Thursday, May 18, 2017 4:22 PM
To: nanog@nanog.org
Subject: Cisco NCS5501 as a P Router

**This message triggered one or more security rules. Proceed with caution**

We're at the growing point where we need a dedicated P router for a core 
device. We are taking a serious look at the NCS5501. Is there anyone else using 
a NCS5501 as P Router or just general feedback on the NCS5501 if you are using 
it?

The big downside is it's only has a single processor

I Can't justify a ASR9K or NCS5500 Chassis yet.



CONFIDENTIALITY NOTICE: This e-mail transmission, and any documents, files or 
previous e-mail messages attached to it may contain confidential information 
that is legally privileged. If you are not the intended recipient, or a person 
responsible for delivering it to the intended recipient, you are hereby 
notified that any disclosure, copying, distribution or use of any of the 
information contained in or attached to this transmission is STRICTLY 
PROHIBITED. If you have received this transmission in error please notify the 
sender immediately by replying to this e-mail. You must destroy the original 
transmission and its attachments without reading or saving in any manner. Thank 
you.

RE: PlayStationNetwork blocking of CGNAT public addresses

[michalis.bersimis]

Another aspect, for those users that need to go the PSN network but experience 
issues via the CGNAT, an opt-out solution (giving them public IPv4) may should 
mitigate the problem, that PSN network does not support IPv6.

After all what percentage of your total subscribers that uses PSN and are 
gamers 2-3%  ?  Which might be relatively small amount to give public IPv4.

Michalis

-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Roland Dobbins
Sent: Friday, September 16, 2016 4:32 PM
To: nanog@nanog.org
Subject: Re: PlayStationNetwork blocking of CGNAT public addresses


On 16 Sep 2016, at 20:12, Simon Lockhart wrote:

> Has anyone else come up against the problem, and/or have any 
> suggestions on how best to resolve it?

I'm pretty sure that at least part of it has to do with DDoS-related activity.  
The best bet is to try and identify and engage with the relevant operational 
personnel with clue.  Going the customer-service route isn't fruitful, as you 
indicate.

Another aspect is ensuring that one has the ability to detect, classify, 
traceback, and mitigate outbound badness southbound of the CGN.

This sort of thing has always been a problem with NAT; as CGN becomes more 
prevalent on wireline broadband networks, it's only going to get worse.

AFAIK, PSN doesn't support IPv6.  That would be another topic of discussion 
with the operational folks.

---
Roland Dobbins