I had a few questions I was hoping to get some answers to. I was trying to figure out a way to to limit BGP tables per output port on my router.
The situation is currently I have a 700 Meg pipe coming in from my ISP which feeds into the ASR 1002 router. I have one customer who tries to utilize a full BGP route table. When they do this it uses up the CPU usage on my core switch, a Catalyst 6509-E switch, due to the fact that it is only capable of 256,000 routes with the Supervisor engine I have installed which is the WS-SUP720-3B. Currently I have put a filter list on my neighbor route to limit the number of BGP routes available but this limits everybody's connection coming out of the router now I believe. Is it put the access-list which is limiting my BGP routes on just specific output ports of the router instead of on the incoming connection?
If your router has the full table and there is no outbound filter, then you will share the full bgp table with your customer If you can provide more details like your bgp config in addition to show version
I have attached show version as a text file below.
Also below is a little bit more detail.
What we did was change to a different connection for bandwidth from AT&T. Originally we had an OC-12 connection which due to limitations in that connection the BGP routing was not an issue. We now have upgraded to a full GigE connection from AT&T for our bandwidth and without any filters on it we get a full BGP routing available which is overloading our core switch ( Catalyst 6509-E) due to the Supervisor Board (WS-SUP720-3B) we have running in it only being cable of so many routes and we have a customer hooked up in that core switch utilizing a 400Meg fiber connection and trying to utilize a full BGP route table which is pushing the CPU usage on our Catalyst 6509-E to its limits due to I believe them trying to use a full BGP route table.
To temporary fix this problem we changed the access-list that the neighbor IP address was using. It was using access-list 86 which lets everything through and we changed it to access-list 85 which just lets AT&T through I believe.
neighbor 0.0.0.0 filter-list 85 in
ip as-path access-list 85 permit ^7018$ ip as-path access-list 86 permit ^7018_[0-9]*$
What I was curious about is can you put these access list restrictions on an outbound port of the ASR1002 instead of on the incoming connection. If so what I am going to do is move my 400Meg fiber connection customer to one of the extra GigabitEthernet ports on the ASR1002 and try to just give that port the access-list 86 permissions so they can have a full BGP table and leave the access-list 85 restrictions on the GigabitEthernet port feeding my core switch and remove the restriction for the neighbor IP address.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...