On Jun 14, 2010, at 12:08 PM, Fred Baker wrote: > upstream, full routes are generally not as useful as one might expect. You're > at least as well off with default routes for your upstreams plus what we call > "Optimized Edge Routing", which allows you to identify (dynamically, for each > prefix/peer you care about) which of your various ISPs gives you a route that > *you* would prefer in terms of reachability and RTT. In the words of a > prominent hardware store in my region, "you can do it, we can help".
+1. additionally, one could filter on reasonable RIR allocation 'boundaries' per /8, cutting the fib down substantially. Cisco and a host of others maintain such a list of ready-to-use examples here: ftp://ftp-eng.cisco.com/cons/isp/security/Ingress-Prefix-Filter-Templates/ lastly, one could do something far more crude (yet strangely effective), like so: ip prefix-list longs permit 0.0.0.0/0 ge 23 ip prefix-list shorts permit 0.0.0.0/0 le 22 ip as-path access-list 10 permit (^_[0-9]+$|^_[0-9]+_[0-9]+$|^_[0-9]+_[0-9]+_[0-9]+$) route-map provider-in permit 10 match ip address prefix-list longs match as-path 10 route-map provider-in permit 20 match ip address prefix-list shorts ...etc -Tk
