We are getting 2 DS3's in the next few months and we are going to load balance them. What is the difference between a full routing table and a partial routing table from the ISP? How much RAM should I have for each option?
With full routes from the ISP you receive the complete Internet routing table (which is nearing 250,000 entries). It gives you the most detailed view of routing alternatives, allows you to make routing decisions based on the most complete information available, and consumes the most resources on your router. With partial routing table the provider will send you only some of the routes in the Internet routing table (frequently the set of routes from them and their peering partners, but other selection criteria are possible). It allows you to choose the closest path when that is known and to use a default route for everything else. You are operating with somewhat less detailed information but require significantly less memory and other router resources to run.
I would not consider running full routes with less than 256 of memory and would greatly prefer 512.
We have 2 3845 with 256mb each. Each will support IBGP and EBGP with OSPF. That is all the function they will do, so 512 will be more then enough for the full table and support the other fuctions?
I agree with Rick. 256MB is not enough and 512MB is just nice. I use 3845 with 512MB, upgraded 3745 from 256MB to 512MB as well, they rocks!
To add, don't forget to filter the following:
- Prefixes that you will accept (i.e. I use /24). Some upstreams may accidentally advertise longer prefixes to you from /25 to /32 usually coming from their broadband services (they eat your router memory)
- IN/OUT ACL to avoid becoming a transit if you are NOT
These links may help provide some basic BGP security:
in an example from the the book BGP by Iljitsch jvan Beijnum a filter list is implemented to filter out all routes with an AS PAth longer than 7. The reasoning for this figure is that "if a possible path is long, it's unlikely that it's the best path anyway, so if you have to filter, this is a reasonable way to do it. A limit of seven AS hops seems to work well in most cases, but this will vary from network to network. Experiment if necessary."
router bgp [your AS]
neighbor [your ISP] filter-list 1 in
ip as-path access-list deny .+_.+_.+_.+_.+_.+_.+_
ip as-path access-list 1 permit .*
This is an interesting perspective. In my experience most of the ISPs offer an option to send the full routing table or an option to send partial routing table where they have applied selection criteria about what to include. This approach assumes that the ISP will send the full table and allows the customer to determine the selection criteria.
In either case the underlying logic is that it makes more difference whether you use ISP 1 or ISP 2 when an AS path is short but as AS path gets longer it makes less difference which ISP you use.
I recommend limiting yourself to customer and longer + default routes, then using Optimized Edge Routing/Performance Routing to make far more informed decisions about the quality of an individual path being used to a destination prefix.
AS Path really can be meaningless, conceivably I could have one large AS that spans the globe and gets me to California via Amsterdam, India, and Tokyo but is still just one AS hop away. That does you little good in getting your money's worth of two providers and all those routes.
OER is an awesome feature and I think you will benefit from considering it.
Your DS3's are they coming from 2 seperate providers or the same and are they in the same POP or different paths?
I see that you are going to use 2 seperate routers, what are you going to run between these two for connectivity or are they going to be for failover purposes?
What are you looking to do, BGP may not be your best option depending on what you are wanting to accomplish.
Per a conversation with a Cisco engineer .... This is what they suggested.
BGP between on serial ports for both 3845 to the ISP, Then on 3845 G0/1 IBGP to watch for failure. Then on G0/0 OSPF from 3845's to ASA 5510's. That is the suggestion/recommendations from Cisco.
We have two different ISP connections to provide the BGP. We are going to have both ISP advertise each other's routes. We are looking for redundancy so if one ISP fails the other will pick up without any intervention on our end and all routers will have a second VPN connection to one of the routers.
Ok, with your set-up you will need your own AS and I would get your own IP space too. This will take some time to get so start now. Since you are going to be multi-homed you will need to get your own AS number.
Then once that is done you make your announcements out each peer how you want and make sure your ISP is just sending it on with no communities or prepending to their upstreams.
I assume that the IP space is not swiped to you and that the ISP's will not allow you to route their space on another providers backbone. Reason why is they summerize their own IP space to the internet community. You will need your own IP space if you want to route traffic across both links at the same time using BGP and have some sort of load sharing across the two links, unless you are routing one block out one carrier and sending some traffic out that connection and then doing the same thing with the other carrier. In order to maximize your set-up you will need your own IP space from ARIN.