Re: [c-nsp] Outbound Load balancing using eBGP
Hi, On Wed, Dec 22, 2010 at 10:33:57PM +, RAZ MUHAMMAD wrote: I would appreciate if someone can shed some further light on using the default route or full routing table scenario while multi homed. In this case hardware is not an issue, I am trying to assess the operational, differences, or the outcome in terms of traffic patterns. This very much depends on the ISPs involved, and their view of the world. We pretty much do not fiddle with BGP *at all*, since we've choosen our uplinks in a way that traffic balances pretty much on its own - one of the uplinks is strong for the european market and has very tight peerings there, one of the others is strong for USA and Asia, and so traffic naturally distributes itself. Bandwidth commitment is then purchased according to need. This is something nobody can give you a definite answer - as it depends on too many local factors (is one of the ISPs more expensive? faster, slower? what is BGP doing if left alone - and why is this not what you want?). gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de pgpTvklFzWZMN.pgp Description: PGP signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Outbound Load balancing using eBGP
If it is internal WAN environment, why not use PfR/OER? It comes with IOS and has improved a lot. PfR could dynamically load balance traffic. For Internet facing the PfR would NOT balance for full routing table but would do upto five thousand routes or so. I maybe off on the numbers. But still for 5k routes or so it works pretty good. Mack On Wed, Dec 22, 2010 at 5:31 PM, Keegan Holley keegan.hol...@sungard.comwrote: In addition to the manual route map method there are also appliances such as internap and F5 link controller that will you to match your bgp metrics more closely to the traffic traversing your AS. I think the internap supports dynamic metric changes based in traffic flow. Sent from my iPhone On Dec 20, 2010, at 4:30 PM, RAZ MUHAMMAD raz.muham...@gmail.com wrote: Hi all, I would like to find out how one can use BGP to load balance outbound traffic, while multi homed to 2 transit providers or ISPs and getting full routing tables, no default routes? The BGP peer at the client end is a non Cisco router, so would not be able to use the multipath feature. The load balancing is intended for all routes in the routing table, or at least to achieve some kind of load distribution. Is there any other way to achieve an optimal outbound load balancing method using eBGP? Regards ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Odd IPv6 Issue
On Thu, 2010-12-23 at 00:23 -0500, Pete Lumbis wrote: So none of the routes are being installed on RouterA from the BGP table into the RIB? all the routes are marked as RIB failure in the BGP table of RouterA? If this is the case then show ip bgp ipv6 unicast rib-failure should give the reason why nothing's being installed. -- Peter ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BFD and EoMPLS
Many thanks for the replies, they confirmed my suspicions and provided some very useful points and suggestions. Michael. -- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] 10G for 6506-E with Sup32-8Gb or replace with 4900M
We have 3 campus with on each campus a 6506-E/Sup720-10G as 'master router' and a 6506/E-Sup32-8gbit as backup router, in a HSRP config. In each router we also have GBIC boards to connect the different buildings. These Sup32 routers also act as L2 concentrator for part of each campus. Now we are thinking about connecting both routers to each other on each campus with a 10G connection. As the Sup32 don't have a 10G yet, we have multiple options to do so. We can add a 10G board to the chassis, replace the supervisor with a Sup720 or replace the whole router with a 4900M. If I take a look at listprices, I get 28000$ for Sup720, 2$ for 6704 (but these are Xenpacks), 37500$ for 6708 and 22000$ for 4900M (base + 10/100/1000 card, dual power). We have 65XX as routers because we had FWSM boards in them but these are not used anymore. Based on the price, it seems we best opt to replace the 6506-E/Sup32 with the 4900M option (there is also a difference in maintenance cost). With Twingig convertors this offers us a good combination of 10G and 1G SFP ports. For 7500$ we can add a second 8 port X2 board that gives us extra 10G/SFP-ports if needed. Has anyone had bad/good experience with using a 4900M as router, given the following environment : - Router acts as backup router, so in 99.xxx% of the time it only has to forward L2 traffic - Only static routes, no active routing protocol. - 40 vlans, 40 SVI's with ACLs on it - No IPv6 for the moment, but according to the specs, the 4900M should handle IPv6 in hardware just fine. - No Qos yet, but we are planning to implement that in 2011 I know we lose the netflow capability if the primary router fails, but we can live with that. All comments are welcome. Wim Holemans Network Services University of Antwerp Belgium ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 10G for 6506-E with Sup32-8Gb or replace with 4900M
Hi, On Thu, Dec 23, 2010 at 02:05:25PM +, Holemans Wim wrote: Now we are thinking about connecting both routers to each other on each campus with a 10G connection. As the Sup32 don't have a 10G yet, we have multiple options to do so. We can add a 10G board to the chassis, replace the supervisor with a Sup720 or replace the whole router with a 4900M. JFTR: you can *not* add a 10G board to the chassis. The Sup32 has no fabric, and the 10G boards are fabric-only (67xx). You could do Sup720-10G or Sup32-10G, though. Or Sup720 + 6704/6708. If you only need 2 or 4 10G ports, and can live with the slow CPU and limited routing table, Sup32-10G sounds like the best plan forward. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de pgpVxfxZ3pqdJ.pgp Description: PGP signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 10G for 6506-E with Sup32-8Gb or replace with 4900M
I don't think you can do the 1G distribution on the 4900M without converting the 10G interfaces back to dual 1G. I have heard from others on the list that this severely limits your queue sizes but. Ymmv. Beating the multi-vendor drum this is a perfect use for the juniper ex4200 series. I have been giving my cisco se a hard time because they don't have an all fiber stackable with dual power that can do 10G. The ex will give you 24 fiber ports with 2 10G per switch for about 10k list. I know this is A cisco list but it's what I'd use. I have a hunch that they do this by design to force us to buy chassis based switches. In your situation I'd check when the sup32 goes eos/eol. You may be dodging a bullet by upgrading to the 720. Sent from my iPhone On Dec 23, 2010, at 9:05 AM, Holemans Wim wim.holem...@ua.ac.be wrote: We have 3 campus with on each campus a 6506-E/Sup720-10G as 'master router' and a 6506/E-Sup32-8gbit as backup router, in a HSRP config. In each router we also have GBIC boards to connect the different buildings. These Sup32 routers also act as L2 concentrator for part of each campus. Now we are thinking about connecting both routers to each other on each campus with a 10G connection. As the Sup32 don't have a 10G yet, we have multiple options to do so. We can add a 10G board to the chassis, replace the supervisor with a Sup720 or replace the whole router with a 4900M. If I take a look at listprices, I get 28000$ for Sup720, 2$ for 6704 (but these are Xenpacks), 37500$ for 6708 and 22000$ for 4900M (base + 10/100/1000 card, dual power). We have 65XX as routers because we had FWSM boards in them but these are not used anymore. Based on the price, it seems we best opt to replace the 6506-E/Sup32 with the 4900M option (there is also a difference in maintenance cost). With Twingig convertors this offers us a good combination of 10G and 1G SFP ports. For 7500$ we can add a second 8 port X2 board that gives us extra 10G/SFP-ports if needed. Has anyone had bad/good experience with using a 4900M as router, given the following environment : - Router acts as backup router, so in 99.xxx% of the time it only has to forward L2 traffic - Only static routes, no active routing protocol. - 40 vlans, 40 SVI's with ACLs on it - No IPv6 for the moment, but according to the specs, the 4900M should handle IPv6 in hardware just fine. - No Qos yet, but we are planning to implement that in 2011 I know we lose the netflow capability if the primary router fails, but we can live with that. All comments are welcome. Wim Holemans Network Services University of Antwerp Belgium ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] 10G for 6506-E with Sup32-8Gb or replace with 4900M
It is very interesting that a 2:1 8 port 10G X2 card is $37500 for C6509 and $7500 for 4900M (+ has the ability to use Twingig). So I would say if don't need the extension capacity of C6506-E go for something smaller like 4900M. Also if you will only need 2x10G in the future you also might explore the SP BU - ME 3800X-24FS seems like exactly what you need right now. -pavel On Thu, Dec 23, 2010 at 3:32 PM, Gert Doering g...@greenie.muc.de wrote: Hi, On Thu, Dec 23, 2010 at 02:05:25PM +, Holemans Wim wrote: Now we are thinking about connecting both routers to each other on each campus with a 10G connection. As the Sup32 don't have a 10G yet, we have multiple options to do so. We can add a 10G board to the chassis, replace the supervisor with a Sup720 or replace the whole router with a 4900M. JFTR: you can *not* add a 10G board to the chassis. The Sup32 has no fabric, and the 10G boards are fabric-only (67xx). You could do Sup720-10G or Sup32-10G, though. Or Sup720 + 6704/6708. If you only need 2 or 4 10G ports, and can live with the slow CPU and limited routing table, Sup32-10G sounds like the best plan forward. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de ___ cisco-nsp mailing list cisco-...@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] RES: Outbound Load balancing using eBGP
Hi, There is an approach of matching on LSB from the prefixes' octets of the full routing table (even/odd) and increase local-preference for one provider. For example: access-list 1 permit 0.0.0.0 255.254.254.255 access-list 2 permit 0.0.1.0 255.254.254.255 access-list 3 permit 0.1.0.0 255.254.254.255 access-list 4 permit 0.1.1.0 255.254.254.255 route-map ISP1 permit 10 match ip address 1 2 set local-preference 120 route-map ISP1 permit 20 match ip address 3 4 set local-preference 110 route-map ISP1 permit 1000 route-map ISP2 permit 10 match ip address 1 2 set local-preference 110 route-map ISP2 permit 20 match ip address 3 4 set local-preference 120 route-map ISP2 permit 1000 Most likely you will achieve a good distribution of best paths and thus outbound traffic among the transit providers. Moreover you can play with the wildcard masks and the matching bits in order to improve the distribution. -Mensagem original- De: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] Em nome de RAZ MUHAMMAD Enviada em: segunda-feira, 20 de dezembro de 2010 19:30 Para: cisco-nsp@puck.nether.net Assunto: [c-nsp] Outbound Load balancing using eBGP Hi all, I would like to find out how one can use BGP to load balance outbound traffic, while multi homed to 2 transit providers or ISPs and getting full routing tables, no default routes? The BGP peer at the client end is a non Cisco router, so would not be able to use the multipath feature. The load balancing is intended for all routes in the routing table, or at least to achieve some kind of load distribution. Is there any other way to achieve an optimal outbound load balancing method using eBGP? Regards ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] RES: Outbound Load balancing using eBGP
Hi, On Thu, Dec 23, 2010 at 01:41:34PM -0200, Leonardo Gama Souza wrote: There is an approach of matching on LSB from the prefixes' octets of the full routing table (even/odd) and increase local-preference for one provider. We have stopped using local-pref for outbound traffic control about 15 years ago. If you start going there, you will end being *stuck* there - having to fiddle with local-pref again and again, because inevitably, you will have cases where you prefer a 10-AS-hop-paths over a 2-AS-hop-paths, and that way, enforce poor connectivity for your users. (As a well-known net person tends to say I encourage my competitors to do this. Amen.) gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de pgpXKgDimQQ0W.pgp Description: PGP signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] RES: Outbound Load balancing using eBGP
- Original Message - From: Gert Doering g...@greenie.muc.de To: Leonardo Gama Souza leonardo.so...@nec.com.br Cc: RAZ MUHAMMAD raz.muham...@gmail.com; cisco-nsp@puck.nether.net Sent: Thursday, December 23, 2010 11:19 AM Subject: Re: [c-nsp] RES: Outbound Load balancing using eBGP ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ Plus using a look-good-on-paper-math-model will more than likely leave you disappointed. Unfortunately, outbound traffic patterns do not follow odd/even IP addressing. tv ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] RES: RES: Outbound Load balancing using eBGP
If you start going there, you will end being *stuck* there - having to fiddle with local-pref again and again, because inevitably, you will have cases where you prefer a 10-AS-hop-paths over a 2-AS-hop-paths, and that way, enforce poor connectivity for your users. (As a well-known net person tends to say I encourage my competitors to do this. Amen.) The only problem is that increase in deaggregation and AS path prepend changes this logic a bit and you should have upstream providers with different connectivity matrix. For a big ISP it is the best approach tough. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] 10G for 6506-E with Sup32-8Gb or replace with 4900M
Message: 3 Date: Thu, 23 Dec 2010 14:05:25 + From: Holemans Wim wim.holem...@ua.ac.be To: cisco-nsp@puck.nether.net cisco-nsp@puck.nether.net Subject: [c-nsp] 10G for 6506-E with Sup32-8Gb or replace with 4900M Based on the price, it seems we best opt to replace the 6506- E/Sup32 with the 4900M option (there is also a difference in maintenance cost). With Twingig convertors this offers us a good combination of 10G and 1G SFP ports. For 7500$ we can add a second 8 port X2 board that gives us extra 10G/SFP-ports if needed. Note - you can't use twingig converters in the base 10G ports of a 4900M - you have to buy the 8-port X2 half-card if you want to use the twingig converters. (you say 10/100/1000 card so I am guessing you intended to use a copper gig half-card in the first slot.) I have a handful of 4900Ms, they work fine pushing fair amounts of traffic at multi-gig rate (they're in place handling the first-level uplinks from my TOR 4948-10Gs). I don't do anything terribly fancy with 'em, but they seem as solid as the rest of the 4900s. DOM works nicely with 12.2(54)SG, finally. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] pix sitevpn
Hi all Do I need to disable firewall to use site to sitevpn? thank you ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] pix sitevpn
No. But if you want to firewall the connections, you'll need to disable 'sysopt connection permit-vpn' -ryan -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Deric Kwok Sent: Thursday, December 23, 2010 3:43 PM To: Cisco Network Service Providers Subject: [c-nsp] pix sitevpn Hi all Do I need to disable firewall to use site to sitevpn? thank you ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Outbound Load balancing using eBGP
I still recommend at least checking out the BGP appliances. You'll never get any where near even distribution without some kind of active processing. However, if you are dead set on manual configuration do you have any idea what your traffic spread is? For example if your customers are predominantly in one AS or IP block, or if you are a hosting company you can choose some of the larger ISP's and nail their traffic to one link or another. Implementing netflow will help with this as well. Unfortunately in there isn't a single easy configuration that makes this work as different business have different traffic patterns and different needs. On Mon, Dec 20, 2010 at 4:30 PM, RAZ MUHAMMAD raz.muham...@gmail.comwrote: Hi all, I would like to find out how one can use BGP to load balance outbound traffic, while multi homed to 2 transit providers or ISPs and getting full routing tables, no default routes? The BGP peer at the client end is a non Cisco router, so would not be able to use the multipath feature. The load balancing is intended for all routes in the routing table, or at least to achieve some kind of load distribution. Is there any other way to achieve an optimal outbound load balancing method using eBGP? Regards ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] RES: Outbound Load balancing using eBGP
On Thu, Dec 23, 2010 at 10:41 AM, Leonardo Gama Souza leonardo.so...@nec.com.br wrote: Hi, There is an approach of matching on LSB from the prefixes' octets of the full routing table (even/odd) and increase local-preference for one provider. For example: access-list 1 permit 0.0.0.0 255.254.254.255 access-list 2 permit 0.0.1.0 255.254.254.255 access-list 3 permit 0.1.0.0 255.254.254.255 access-list 4 permit 0.1.1.0 255.254.254.255 route-map ISP1 permit 10 match ip address 1 2 set local-preference 120 route-map ISP1 permit 20 match ip address 3 4 set local-preference 110 route-map ISP1 permit 1000 route-map ISP2 permit 10 match ip address 1 2 set local-preference 110 route-map ISP2 permit 20 match ip address 3 4 set local-preference 120 route-map ISP2 permit 1000 I don't think this would work very well on the actual internet. For example I can think of several large ISP's where most of their aggregated IP space would fall on the same link or wouldn't be touched at all. For example ATT (12/9) and Level3 (4/8) among others. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] pix sitevpn
No. same security traffic permit intra-interface; if you need to hair-pin will do the job. On a separate note, how about doing-a-little-bit-of-leg-work Yourself? Google is you friend and the cisco-nsp is NOT you hand-holding-forum. Regards ./Randy --- On Thu, 12/23/10, Deric Kwok deric.kwok2...@gmail.com wrote: From: Deric Kwok deric.kwok2...@gmail.com Subject: [c-nsp] pix sitevpn To: Cisco Network Service Providers cisco-nsp@puck.nether.net Date: Thursday, December 23, 2010, 12:42 PM Hi all Do I need to disable firewall to use site to sitevpn? thank you ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Outbound Load balancing using eBGP
Hi, I would like to thank everyone who contributed to this thread. Your valuable feedback on the subject is quite useful and would greatly help me in planning the next move. Just for your interest, the box I am talking about is a beefed up box running Vyatta. Regards On 20 December 2010 21:30, RAZ MUHAMMAD raz.muham...@gmail.com wrote: Hi all, I would like to find out how one can use BGP to load balance outbound traffic, while multi homed to 2 transit providers or ISPs and getting full routing tables, no default routes? The BGP peer at the client end is a non Cisco router, so would not be able to use the multipath feature. The load balancing is intended for all routes in the routing table, or at least to achieve some kind of load distribution. Is there any other way to achieve an optimal outbound load balancing method using eBGP? Regards ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] RES: Outbound Load balancing using eBGP
Hi Gert, Just wondering if you have stopped using local-pref manipulation, then do you rely on BGP protocol to decide the best path based on the decision made by the algorithm(without any attributes manipulation)? Raz On 23 December 2010 17:19, Gert Doering g...@greenie.muc.de wrote: Hi, On Thu, Dec 23, 2010 at 01:41:34PM -0200, Leonardo Gama Souza wrote: There is an approach of matching on LSB from the prefixes' octets of the full routing table (even/odd) and increase local-preference for one provider. We have stopped using local-pref for outbound traffic control about 15 years ago. If you start going there, you will end being *stuck* there - having to fiddle with local-pref again and again, because inevitably, you will have cases where you prefer a 10-AS-hop-paths over a 2-AS-hop-paths, and that way, enforce poor connectivity for your users. (As a well-known net person tends to say I encourage my competitors to do this. Amen.) gert -- USENET is *not* the non-clickable part of WWW! // www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Outbound Load balancing using eBGP
Hi Jay, Many thanks for providing a practical example and a good piece of advice on using default routes for dynamic load balancing. Raz On 22 December 2010 23:15, Jay Hennigan j...@west.net wrote: On 12/22/10 2:33 PM, RAZ MUHAMMAD wrote: I would appreciate if someone can shed some further light on using the default route or full routing table scenario while multi homed. In this case hardware is not an issue, I am trying to assess the operational, differences, or the outcome in terms of traffic patterns. Outbound is easier than inbound. In general, use a route map to set local preference or another attribute based on as-path and apply to each neighbor. Say you're multi-homed to AS100 and AS200. You would do something like: ip as-path access-list 100 deny _200_ ip as-path access-list 100 permit _100$ ip as-path access-list 100 permit _100_[0-9]+$ ip as-path access-list 100 permit _100_[0-9]+_[0-9]+$ ip as-path access-list 200 deny _100_ ip as-path access-list 200 permit _200$ ip as-path access-list 200 permit _200_[0-9]+$ ip as-path access-list 200 permit _200_[0-9]+_[0-9]+$ Then towards your AS100 neighbor apply a route-map to bump local-pref to a value of 110 any inbound announcements matching as-path 100, likewise same on AS200 for as-path 200. All else matches the default local-pref of 100. Other traffic will use the regular BGP metrics to choose a path. This sends your traffic to AS100 targets, its customers, and second level out the link to AS100 and likewise for AS200. If you lose either link, the other will pick up all traffic. After a while you'll get a sense of how well balanced things are and you can tweak the lists to prefer one path or the other for portions of your outbound traffic to other networks. For example, if AS200 is only taking 20% of your outbound traffic and you send quite a bit to AS300, then add a permit to as-path list 200 to prefer sending AS300 traffic out that path. Don't try to dynamically load-balance individual flows between your two neighbors. You'll have horrible issues with packets out of order and things will get very ugly. You'll never get anywhere close to an exact 50-50 balance and it will vary a lot depending on what destinations become popular and unpopular with your customers at what time of day, etc. -- Jay Hennigan - CCIE #7880 - Network Engineering - j...@impulse.net Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Catalyst 4500 E-Series
- Original Message - From: Sachin Gupta sagu...@cisco.com To: Antonio Soares amsoa...@netcabo.pt; cisco-nsp@puck.nether.net Sent: Tuesday, December 14, 2010 11:08 AM Subject: Re: [c-nsp] Catalyst 4500 E-Series The +E chassis has new mux-buffers to support 48G/slot in the redundant chassis. The higher speed mux-buffers result in the lower rated MTBF. We priced lower to encourage transition. Going forward, I recommend R+E chassis purchases only. Sachin If you are from the BU and expect to hit your bonus, come out with some bundles that are competitive with the 6E. Otherwise, everyone is going to continue buying that price point regardless. tv ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/