BGP peering with 3750s

ryanbyrdcisco · ‎08-14-2009

We currently have two stacked 3750s which are connected to Cogent through a single BGP link.

We want to get our own AS number and peer with two providers.

Can the 3750 hold a full BGP routing table? does it need to? (must it be upgraded with more memory?) Is it even a good idea to use a 3750 class device in this way? Will the connection to the two providers be active/active or must it be active/passive?

Here is my switch info:

ca1-sw1#sh version

Cisco IOS Software, C3750E Software (C3750E-UNIVERSAL-M), Version 12.2(35)SE2, RELEASE SOFTWARE (fc1)

Compiled Mon 05-Feb-07 23:04 by antonino

Image text-base: 0x00003000, data-base: 0x01475054

ROM: Bootstrap program is C3750E boot loader

BOOTLDR: C3750E Boot Loader (C3750E-HBOOT-M) Version 12.2(35r)SE, RELEASE SOFTWARE (fc1)

ca1-sw1 uptime is 1 year, 44 weeks, 6 days, 21 hours, 45 minutes

System returned to ROM by power-on

System image file is "flash:c3750e-universal-mz.122-35.SE2/c3750e-universal-mz.122-35.SE2.bin"

License Level: ipservices Type: Permanent

Next reboot license Level: ipservices

cisco WS-C3750E-24TD (PowerPC405) processor (revision C0) with 245760K/16376K bytes of memory.

Processor board ID CAT1129WG7H

Last reset from power-on

7 Virtual Ethernet interfaces

1 FastEthernet interface

56 Gigabit Ethernet interfaces

4 Ten Gigabit Ethernet interfaces

The password-recovery mechanism is enabled.

512K bytes of flash-simulated non-volatile configuration memory.

Model revision number : C0

Motherboard revision number : B0

Model number : WS-C3750E-24TD-E

Version ID : V01

Hardware Board Revision Number : 0x01

Switch Ports Model SW Version SW Image

------ ----- ----- ---------- ----------

* 1 30 WS-C3750E-24TD 12.2(35)SE2 C3750E-UNIVERSAL-M

2 30 WS-C3750E-24TD 12.2(35)SE2 C3750E-UNIVERSAL-M

Switch 02

---------

Switch Uptime : 1 year, 44 weeks, 6 days, 21 hours, 45 minutes

Model revision number : C0

Motherboard revision number : B0

Model number : WS-C3750E-24TD-E

Top assembly revision number : A0

Version ID : V01

License Level : ipservices

License Type : Permanent

Next reboot licensing Level : ipservices

Configuration register is 0xF

ca1-sw1#

Jerry Ye · ‎08-14-2009

Hi Ryan,

3750 cannot handle the full BGP table. Memory upgrade is not an option.

My question is why you want a full BGP table? Have you consider a partial table from the providers? With partial table, it can be active/active.

HTH,

jerry

ryanbyrdcisco · ‎08-14-2009

Thank you, Jerry!

what are the downsides to a partial table?

any ideas on how to setup an active/active dual peering with a partial table?

this is what i did the first time to peer with cogent:

router bgp 64562

no synchronization

bgp log-neighbor-changes

network A.B.62.0 mask 255.255.255.224

network A.B.67.11 mask 255.255.255.255

network A.B.67.13 mask 255.255.255.255

neighbor A.B.61.177 remote-as 174

neighbor A.B.61.177 description Cogent's A Peer 1-3647471

neighbor A.B.61.177 password PASSWORD

neighbor A.B.61.177 version 4

neighbor A.B.62.121 remote-as 174

neighbor A.B.62.121 description Cogent's A Peer 1-3650376

neighbor A.B.62.121 password PASSWORD

neighbor A.B.62.121 version 4

neighbor A.B.67.10 remote-as 174

neighbor A.B.67.10 description Cogent's B Peer 1-3650376

neighbor A.B.67.10 password PASSWORD

neighbor A.B.67.10 ebgp-multihop 5

neighbor A.B.67.10 update-source Loopback10

neighbor A.B.67.12 remote-as 174

neighbor A.B.67.12 description Cogent's B Peer 1-3647471

neighbor A.B.67.12 password PASSWORD

neighbor A.B.67.12 ebgp-multihop 5

neighbor A.B.67.12 update-source Loopback20

maximum-paths 6

no auto-summary

where A.B was the first two octets and PASSWORD was the secret password

Jerry Ye · ‎08-14-2009

Hi Ryan,

With partial table, let's say two different ISP's are going to give you two different set of specific routes. When the traffic is hitting the router, it will pick the most specific path to the destination.

Of course, the ISP should also give you a default as the last resort.

HTH,

jerry

Edison Ortiz · ‎08-14-2009

Let me clarify this passive/active active/active concept.

As long as you are peering with a BGP speaking router and the connection is up, you are in active state.

If you are peering with multiple BGP speaking devices, you will get routes from each BGP peer but if you get the same route from 2 different BGP peers, the BGP Best Path Selection kicks in:

http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094431.shtml

And only one best route will be installed in the routing table.

Thus, the traffic leaving your network will only use one link while keeping the other BGP peer as backup.

You can install multiple best routes in the RIB with BGP by applying this command:

http://www.cisco.com/en/US/docs/ios/iproute/command/reference/irp_bgp3.html#wp1012489

HTH,

__

Edison.

ryanbyrdcisco · ‎08-14-2009

does that mean that you can't do outbound traffic balancing with different upstream providers?

i'm told that equal-cost multipath doesn't work well with different upstreams. is that true?

Jerry Ye · ‎08-14-2009

You can still load balance the traffic with partial + default bgp tables, but it is not going to be 50/50. You need to manipulate your route policy carefully.

If you did what Edison mention, use full table and use maximum-paths eibgp, you can load balance the flow. Assuming the a prefix's AS-Path is equal. The problem this might introduce is large amount of out of sequence packets and retransmission, and depend on how the application can handle this type of traffic.

HTH,

jerry

ryanbyrdcisco · ‎08-14-2009

Does this mean that if we peer with two providers (say, Cogent and XO), each 200mbps, that our outbound traffic would be limited to 200mbps because the other is used as a backup?

how might multipath (ECMP) or something similar be used to load balance the outgoing links so we could get 400mbps?

ryanbyrdcisco · ‎08-14-2009

if having two different upstream peers means we're essentially in master/failover mode, would it be better to use HSRP instead of BGP? http://en.wikipedia.org/wiki/Hot_Standby_Router_Protocol

how do you designate which peer is the primary one?

Jerry Ye · ‎08-14-2009

HSRP is a.k.a. first hop redundancy protocol. Most likely you will use that for your LAN.

With BGP, you can manipulate the BGP attribute to influence which way is the prefer for certain routes.

Example are Local Preference, Metric, AS-Path.

http://www.cisco.com/en/US/docs/internetworking/technology/handbook/bgp.html

HTH,

jerry

ryanbyrdcisco · ‎08-14-2009

Incidentatlly, are there any limitations to BGP peering if we get our own ASN versus using a private ASN?

Jerry Ye · ‎08-14-2009

The only caveat I can think of right now is make sure your own ASN is not configured as transit.

HTH,

jerry

Edison Ortiz · ‎08-14-2009

The only reason you may want a full BGP routing table from 2 different providers is if you want to balance the traffic between the 2 links.

For instance, if you are trying to reach cisco.com and provider A has a shorter AS PATH towards cisco.com, traffic will be via provider A in both directions. If provider B has a shorter AS PATH towards other destinations, then provider B will be used.

You may lose this feature with partial routes or a default route, it's up to the provider.

If you decide to carry a partial route table, make sure to change the 'sdm template' to routing.

The default template only gives you 8,000 routes while the routing template gives you 11,000 routes.

http://www.cisco.com/en/US/products/hw/switches/ps5023/products_tech_note09186a00801e7bb9.shtml

HTH,

__

Edison.

ryanbyrdcisco · ‎08-14-2009

how do you control how large of a partial routing table the 3750 loads in?

Jerry Ye · ‎08-14-2009

You can control how many prefixs you want to receive from your provider

http://www.cisco.com/en/US/docs/ios/iproute/command/reference/irp_bgp3.html#wp1014669

You can also ask your provider how many routes are in partial + default if that is the option you would like them to provide.

HTH,

jerry