BGP Config Question - Filtering Small Networks Received from ISPs

Unanswered Question
Feb 14th, 2007

I've searched the WAN forum and didn't find anything that specifically answered my question so here goes:

I've got a 3745 with 512 MB and I'd like to now receive full routes from both of my providers. Currently we are receiving only a handful of local provider routes due to limitations on our previous hardware. I use neighbor weight to ensure there is a default path out for those routes I do not receive, which is most of them. Note: I run BGP and have 2 ISPs more for uptime reliability rather than for performance.

While I think the 3745 can support full routes from 2 providers with 512MB ram, I was thinking about filtering out all received /24 announcements and then rely on a neighbor weight as a way out for any routes that are not found. My hope is that this could cut the ram consumption way down and keep the number of routes to a less CPU-intensive number.

Question 1: Does this make sense? Am I gaining anything here?

Question 2: Can someone give me an example of how to filter these small prefixes out yet giving them a default route (if the neighbor weight isn't the way to go).

Thanks in advance,

Hutch

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
Loading.
royalblues Wed, 02/14/2007 - 10:05

Hutch,

you can use a prefix list for this.

ip prfix-list test seq 10 permit 0.0.0.0/0 le 23

This will deny all the prefixes which have a mask greater than 23

HTH, rate if it does

Narayan

mhcraig Wed, 02/14/2007 - 13:18

Gotcha - Actually it appears I already have something in the config:

ip prefix-list bogons seq 525 permit 0.0.0.0/0 le 28

I'll just lower that down to "23" and I should be ok.

Question: Does this solution seem like it makes sense for keeping ram/cpu usage under control or is this not necessary with 512 mb and a 3745?

Hutch

mheusinger Wed, 02/14/2007 - 14:12

Hello,

just one remark: do not forget to configure two static default routes towards your two ISPs. Or ask the ISPs to announce a default route to you. Otherwise you loose connectivity to all /24 networks when applying the filter.

In fact the 3745 should be able to handle the full BGP table from two ISPs. SOu you might even accept the full table for testing first and monitor CPU and RAM. I would expect not more than 40% average CPU and not more than 100 MB for BGP and routing plus cef table.

Regards, Martin

mhcraig Wed, 02/14/2007 - 14:37

I do get a default route from each ISP so I'm ok there but this does generate another question...

I noticed that there are many /24 networks being received from my ISPs currently. These are probably just local netblocks from each ISP. If I filter anything less than or equal to /23 and ultimately force all unknown routes (including those /24's) out a default route by weight statement then am I really hurting performance as far as hop count goes? I guess basically I'd be forcing ISP B's local /24s out ISP A (assuming ISP A is the default route installed) which is not at all optimal. Right? Or are these local ISP routes somehow excluded from this prefix list (which I would doubt)?

ip prefix-list bogons seq 525 permit 0.0.0.0/0 le 23

Additionally, 40% CPU worries me a bit just because we just upgraded hardware because our older routers were even less than that normally, but spiked during high traffic times to 85%+. I realize you are just guesimating and I think at this point, depending on your reply, I should not filter out these /24s and see how the performance is just like you suggested.

Thanks in advance,

Hutch

Danilo Dy Thu, 02/15/2007 - 05:57

I have used 3745/256 connected to three ISP full BGP route with OSPF, bogons le/24 plus ACL. My CPU utilization is less than 10% and spikes less than 20%. There might be something in your configuration that causes high CPU utilization to 40% and spikes over 80%. Check which process is making so much attention from the CPU "sh proc cpu"

mhcraig Thu, 02/15/2007 - 06:01

Great - thanks for info.

I think at this point it most certainly makes sense to give it a shot and accept all routes before I filter anything out.

The old routers were 3640s so they were significantly less powerful. So far the 3745 is running arond 7% and only spiking to 12% so hopefully this won't cause too much of an issue. I'd rather not filter unless I have to.

Thanks again,

Hutch

Actions

This Discussion