Hi all. I have an unusual situation regarding BGP and 3 different ISPs. Currently we have two internet links from two different ISPs and each link is connected to a Cisco 3825 router with 512 MB of RAM. Now due to some very rapid developments in the last couple of days in our company we need to introduce a third ISP with their internet link. Due to budget and time restrictions my initial plan of increasing RAM on one router to 1 GB(so it can accept an additional BGP routing table) and to connect the third link to the router isn't likely to happen.
The solution I am considering now is reintroducing one of our older Cisco 3725 routers with 256 MB of RAM so we can connect the third provider. Due to the smaller amount of RAM I'm thinking of asking provider for a summary BGP table so when it receives BGP information from other two routers it doesn't crash because it ran out of RAM.
Do you think this setup could work or should I try something else? Any comments and suggestions are very welcome.
I assume that you are an end customer and not a transit autonomous system yourself.
Your issue really depends mostly on how many prefixes you expect to receive from your ISP. As I assume that you are not a transit AS, you probably need your ISP to send you just a couple of routes - most certainly not an entire internet BGP routing table. Now, having tens or hundreds of prefixes should be fine even for 256MB RAM (but it would be a wise precaution to select the minimal IOS that supports BGP and the other features you need to minimize its memory footprint). Then again, do you actually need so many routes at all?
256 MB would certainly be unable to hold the entire BGP table but with a cautious filtering resulting only in necessary networks being advertised to you by BGP, the 256 MB should be just fine.
My answer is somewhat general - I apologize for that but I cannot presently tell you more as I don't know your needs on ISP connectivity.
Hi Peter. Yes we are an end customer not a transit AS. The thing is that we are currently hosting several web sites that have seen a rapid rise in bandwidth usage in the last week or so and that trend won't decline in the near future. Also we are already using load balancing between two existing routers with full BGP tables.
My main concern is that I have to include the third router into the load balancing but due to constraints mentioned earlier the best thing we can do right now is this 3725 router with 256 MB of RAM.
Altough I think your soloution of filtering the the full BGP table from the third provider to get only the necessary routes could be the solution. The sites we are hosting are used by the people in our country and most of them are on ADSL links from one provider. Do you think it would work if I allowed, from the full BGP table of the third provider, only the networks from that provider and routes to the networks of the provider that has most of the ADSL users? I can easily find through RIPE all the ADSL networks and allow them through the filter?
So if I understand you correctly, you have two routers with a full BGP table and you are modifying some attributes of BGP-received routes to load-balance the traffic going back to the Internet - am I correct?
I am still thinking if it is necessary to have the entire BGP table in your routers to do this and whether there is not an easier way to do it. One of my ideas was to statically partition the entire IP routable space into a blocks of reasonable size and configure the routing tables on your routers beforehand so that a router is a primary gateway to an entire partition of the IP address space, say, 188.8.131.52/5. It would be nice if you could provide a topology drawing of your network and the general idea of how you are using the BGP to load balance the traffic.
In any case, having the third router to receive a partial BGP table is not a problem as long as the table is not too large - and as long as you make sure that the third router has some kind of a default route to know where to send packets for unknown networks (those that you filtered out from BGP).
Avoid using summarization inside your network - because of the longest-prefix match rule, the traffic would follow the path of the most specific prefix.
Hi Peter. I have attached the picture of the network. You are correct as I'm modifying some of the attributes going back to the internet. As for the way I load balance traffic I use local preference on the routers to influence over which link the traffic to a particular network should go.
I will search a way to efficiently filter routes on the third router. I will also have to limit what other two routers will send to the third router as they both have full BGP tables so they don't overload them as they will all be in the same AS.
As for summarization I wasn't planning on using it in my network.
Hi. I have been testing around with this today and I'm a bit stuck. For test purposes I have attached a third router(before attaching the third ISP link) that is BGP peering with the two existing routers and I am playing with route maps to allow routes only from the directly connected ISPs over the two existing links.
Picture of the configuration is attached.
I used the following configuration on the third router:
router bgp X no synchronization bgp router-id x.x.x.x bgp log-neighbor-changes network x.x.x.x neighbor x.x.x.x remote-as X neighbor x.x.x.x soft-reconfiguration inbound neighbor x.x.x.x route-map FILTER in neighbor y.y.y.y remote-as X neighbor y.y.y.y soft-reconfiguration inbound neighbor y.y.y.y route-map FILTER in no auto-summary
ip as-path access-list 2 permit ^xxxx_[0-9]*$ ip as-path access-list 2 permit ^yyyyy_[0-9]*$
The thing is I'm not seeing all the routes especially from the ISP xxxx or better yet see them over the other link. I have used these filters(as I have found them online) so the third router will only have in it's BGP table only routes originated from ISPs xxxx and yyyyy and their directly connected Asystems. Am I missing something here? Is this configuration OK as I haven't used regular expressions at all before?
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...