"2M today, 10M with no change in technology"? An informal survey.

Tue Aug 28 21:24:56 UTC 2007

On Tue, 28 Aug 2007 15:11:52 -0400
"William Herrin" <herrin-nanog at dirtside.com> wrote:

> 
> On 8/27/07, Deepak Jain <deepak at ai.net> wrote:
> > an MSFC2 can
> > hold 256,000 entries in its FIB of which 12,000 are reserved for
> > Multicast. I do not know if the 12,000 can be set to serve the general
> > purpose.
> >
> > The MSFC2 therefore can server 244,000 routes without uRPF turned on.
> 
<snip>
> 
> Now, my request for help:
> 
> I have a leaf node on the DFZ handled by a pair of Sup2's
> (pfc2/msfc2), two transit providers and several peers. My focus is
> very heavily domestic, and I'd like to delay my upgrade. I'd like to
> buy some time by aggregating the incoming APNIC region prefixes
> (http://www.iana.org/assignments/ipv4-address-space) into the
> following FIB entries:
> 
> 58.0.0.0/7
> 60.0.0.0/7
> 116.0.0.0/6
> 120.0.0.0/6
> 124.0.0.0/7
> 126.0.0.0/8
> 202.0.0.0/7
> 210.0.0.0/7
> 218.0.0.0/7
> 220.0.0.0/7
> 222.0.0.0/8
> 
> Can anyone suggest how to program that into the router or refer me to
> the URL of the correct documentation at Cisco's site?
> 

Probably better over at cisco-nsp, however I'd expect you'd use the
"aggregate-address <prefix> <mask> summary-only" command to create
aggregates, yet supressing them from being announced to any other BGP
peer. I think that would still cause the more specifics to get into the
FIB of the aggregating router, however there's a command I've only come
across recently, under the "router bgp" section, which allows you to
apply a route-map to routes as they go from the BGP RIB to the FIB. You
might be able to use that to stop the more specifics getting into the
FIB, with a route-map deny clause. The command is "table-map". I
haven't used it myself, and the command reference says that it's only
to set attributes so YMMV. I haven't had success using "deny" clauses
in BGP attribute setting route-maps, so it may not be possible at all to use
this command for this purpose.

Another way you might avoid the more specifics getting into
the FIB is to only accept a few known or selected large more specifics
from those ranges from your upstreams e.g. 3 or so, dropping the rest,
and use those select few to create the /6-8 aggregates you'll use
internally. Probably a bit more work than the table-map method, but if
that doesn't work, this is probably the way to do it.

(Looks like the coffee is just kicking in this morning - I've just come
up with another way just before I send this off.)

Or you could set up a route server upstream of your router with the
limited FIB and do the filtering and / or aggregation there. As it
isn't in the forwarding path, you could probably use a lower end
software Cisco platform with enough CPU and RAM just to do the BGP
processing e.g. probably something as low end as an 1800 series with
1GB of RAM (I'd suggest switching CEF off to save RAM) would be quite
fine to do that job. I'd even suggest an 800 series (400MHz PowerPCs
are no slouches), however they've only got a max of 256MB of RAM with
probably isn't enough (for a bit of fun one day, I put the full route
table in a 128MB one, but it only got to 140 000 routes before it ran
out of RAM.)

HTH,
Mark.

-- 

        "Sheep are slow and tasty, and therefore must remain constantly
         alert."
                                   - Bruce Schneier, "Beyond Fear"