Scott, Careful... filtering on prefix length will block the very "local" prefixes you are probably most interested in--the prefixes of the upstreams' other customers who may be advertising a /24 not in that upstream's address space.
Vince -- Vincent C. Jones Networking Unlimited, Inc. Phone: +1 201 568-7810 [email protected] On Wed, 2010-01-06 at 12:20 -0800, Scott Granados wrote: > This is a good approach, another is to filter the length of prefixes you > install and set up some floating static defaults. > > You could filter against a prefix list for something like > > ip prefix-list not-to-specific seq 5 permit 0.0.0.0/0 le X where X depends > on how finely you wish to filter. In most full feeds you'd take a /24 or > shorter but in your case you can't do this do to memory concerns. You could > try /20 or shorter, /19 etc until you meet your memory requirements. Simply > by filtering shorter than /24 you'll gain a lot of milage. Of course your > ability to control outbound traffic deteriorates the more heavily you filter > but them's the breaks when memory is a concern. > > On the inbound side with a single /24 you won't have a lot of flexability. > You'll hit issues for example if upstream carriers filter shorter than /24 > and only pick up your provider's parent block. If your upstreams have good > community options you can control announcments of your block a bit more. > For example, in the case of XO you can trigger prepends to specific major > peers allowing you to pad say AS 701 more heavily but leave other networks > untouched. Depends on what knobs your carrier gives you to twittle. > There's also local pref but that's non transative. > > > > ----- Original Message ----- > From: "Vincent C Jones" <[email protected]> > To: "Jason Shearer" <[email protected]> > Cc: <[email protected]> > Sent: Wednesday, January 06, 2010 11:57 AM > Subject: Re: [c-nsp] Cisco 2801 full bgp multihome > > > > One trick I've used where resources are tight is to "take" full routes, > > but filter them so that I only accept "local" (short AS path) and a few > > key indicator prefixes (typically out of country root DNS server > > subnets). The indicator prefixes are used to drive a conditional default > > route (use this ISP as default only if it appears to be well connected) > > while the number of ASN's allowed in "local" prefixes can be adjusted to > > control the number accepted. > > > > Note that this only impacts traffic going out from you. Inbound traffic > > is a separate issue. With only a single /24, your inbound load balancing > > options are limited. Depending on the connectivity of your upstreams and > > who your users are talking to, you may also see lots of asymmetric > > routing. > > > > Good luck and have fun! > > -- > > Vincent C. Jones > > Networking Unlimited, Inc. > > Phone: +1 201 568-7810 > > [email protected] > > > > On Wed, 2010-01-06 at 10:50 -0600, Jason Shearer wrote: > >> Ben, > >> > >> Not going to be able to load balance inbound as you only have a single > >> /24 to advertise (this is the minimum prefix that will make it to the > >> NAP). Outbound you should be good....just note that you will experience > >> asymmetric routing (in one out the other). > >> > >> I have used 28xx routers for full tables before and it will be good when > >> the going is good but very bad when the going gets bad. If you are going > >> to use an ISR I would recommend a 3825 at a minimum (two would be > >> better). Convergence will be much faster. > >> > >> A better alternative if you are strapped for cash may be to just accept > >> defaults. Make your backup connection smaller but have it contracted to > >> grow or burst if you experience problems with the primary. > >> > >> Jason > >> > >> >>>Tranlation<<< > >> > >> No va a ser capaz de equilibrar la carga de entrada, ya que sólo tienen > >> un único / 24 para anunciar (este es el prefijo mínimo que hará en el > >> PNA). De salida debe ser bueno .... Solo ten en cuenta que la experiencia > >> de enrutamiento asimétrico (en uno el otro). > >> > >> He utilizado 28xx routers para mesas completas antes y que será bueno > >> cuando las cosas es bueno, pero muy mal cuando las cosas se ponen malas. > >> Si usted va a utilizar un ISR yo recomendaría un 3825 a un mínimo (dos > >> sería mejor). Convergencia será mucho más rápido. > >> > >> Una mejor alternativa si está atado por dinero en efectivo puede ser > >> simplemente aceptar valores por defecto. Hacer la conexión de copia de > >> seguridad más pequeña, pero que han contratado para crecer o explotar si > >> tiene problemas con la primaria. > >> > >> > >> From: Benjamín Gálvez [mailto:[email protected]] > >> Sent: Wednesday, January 06, 2010 10:35 AM > >> To: Jason Shearer > >> Subject: Re: [c-nsp] Cisco 2801 full bgp multihome > >> > >> Jason, > >> > >> In Spanish > >> > >> La idea es conectar la Empresa (Bank) a dos ISP (Service provider) vía > >> bgp en modo full para tener Balanceo de carga de salida y entrada. > >> Ambos enlaces son de 10Mb. y la empresa tiene un solo prefijo /24 a > >> publicar y su propio ASN. > >> La idea es lograr redundancia de salida a Internet y tambien de entrada > >> para acceso de clientes. > >> > >> La opcion "ruta default" me obliga a utilizar un enlace y el otro dejarlo > >> pasivo (standbye) > >> > >> Ambos ISP pondran router Cisco 2801 pero con 256Mb. > >> > >> La pregunta es ¿Me sirve el router 2801 pero con 512Mb? o necesito > >> cambiarlo por otro router con mejores prestaciones? > >> Ambos ISP me hablan de un router serie 7000 como "minimo". > >> > >> In English > >> > >> Pending traslate.... > >> Sorry > >> > >> Benjamín > >> 2010/1/6 Jason Shearer > >> <[email protected]<mailto:[email protected]>> > >> No way Jose. You will start fragging. I would recommend no less than > >> 512 to receive full tables. > >> > >> Outside of memory the 2801 is not going to be a very good platform to > >> accept full tables on. Any major routing updates is going to choke the > >> platform. How big are the circuits you are landing from each provider? > >> > >> What are you trying to accomplish? Outbound load sharing? Inbound? How > >> many /24 prefixes to you have to advertise? > >> > >> Jason > >> > >> -----Original Message----- > >> From: > >> [email protected]<mailto:[email protected]> > >> > >> [mailto:[email protected]<mailto:[email protected]>] > >> > >> On Behalf Of Benjamín Gálvez > >> Sent: Wednesday, January 06, 2010 10:03 AM > >> To: [email protected]<mailto:[email protected]> > >> Subject: [c-nsp] Cisco 2801 full bgp multihome > >> *Hi, > >> > >> Can Cisco 2801 with 256MB RAM can handle full BGP table (1-2 peers, > >> multihome) ? > >> > >> Best regards > >> Benjamín > >> * > >> _______________________________________________ > >> cisco-nsp mailing list > >> [email protected]<mailto:[email protected]> > >> https://puck.nether.net/mailman/listinfo/cisco-nsp > >> archive at http://puck.nether.net/pipermail/cisco-nsp/ > >> *** NOTICE--The attached communication contains privileged and > >> confidential information. If you are not the intended recipient, DO NOT > >> read, copy, or disseminate this communication. Non-intended recipients > >> are hereby placed on notice that any unauthorized disclosure, > >> duplication, distribution, or taking of any action in reliance on the > >> contents of these materials is expressly prohibited. If you have received > >> this communication in error, please delete this information in its > >> entirety and contact the Amedisys Privacy Hotline at 1-866-518-6684. > >> Also, please immediately notify the sender via e-mail that you have > >> received this communication in error. *** > >> > >> > >> ________________________________ > >> *** NOTICE--The attached communication contains privileged and > >> confidential information. If you are not the intended recipient, DO NOT > >> read, copy, or disseminate this communication. Non-intended recipients > >> are hereby placed on notice that any unauthorized disclosure, > >> duplication, distribution, or taking of any action in reliance on the > >> contents of these materials is expressly prohibited. If you have received > >> this communication in error, please delete this information in its > >> entirety and contact the Amedisys Privacy Hotline at 1-866-518-6684. > >> Also, please immediately notify the sender via e-mail that you have > >> received this communication in error. *** > >> _______________________________________________ > >> cisco-nsp mailing list [email protected] > >> https://puck.nether.net/mailman/listinfo/cisco-nsp > >> archive at http://puck.nether.net/pipermail/cisco-nsp/ > > _______________________________________________ > > cisco-nsp mailing list [email protected] > > https://puck.nether.net/mailman/listinfo/cisco-nsp > > archive at http://puck.nether.net/pipermail/cisco-nsp/ > _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
