BGP offloading (fixing legacy router BGP scalability issues)

• Previous message (by thread): PoC for shortlisted DDoS Vendors
• Next message (by thread): BGP offloading (fixing legacy router BGP scalability issues)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,

We've a lot of customers with Cisco 6500 routers (mostly with SUP720
supervisors) in operation. They are very popular with smaller ISPs in
Africa/middle east due to their cheap price on the used marked and
their fully sufficient routing performance for the given tasks. In
practice the biggest problem with them is their poor BGP scalability
due to the CPU/memory limitations.

We're looking into options for a cheap fix for this problem.

The idea is to offload BGP IPv4/IPv6 RIB calculation from the router
to a standard server. All BGP sessions will be handled by the server.
The server takes care of the RIB calculation and aggregates the result
as much as possible (the aggregation potential of the global tables
should be very high if it can completely ignore the AS path and only
care about the next hop). The final optimized RIB is then pushed to
the Router via an iBGP session (the only BGP session configured on the
router).

If there's room in the transfer net for the server and the router, the
setup is simple (eBGP session is established with the server and
next-hop is set to the router).

In other peering situations the setup might be more challenging. E.g.
with typical IXP constrains (only a single MAC address/IP address
allowed) the session would have to be a multihop session and an
additional static route (host route for the server) on the peer router
should be installed.

Another way to make the server appear completely transparent for other
peers (no special configuration on the peer side) might be NAT for the
BGP port to the server or proxy ARP. But we would like to avoid doing
NAT with a SUP720 and proxy ARP would make us the default gateway for
any incorrectly configured IXP participant router and a configuration
error on our side might cause severe harm to the IXP. And of course
both ideas won't work for IPv6 (SUP720 doesn't support NAT for IPv6 or
proxy NDP).

The only solution to make it fully transparent for IPv4 and IPv6 we
came up with it is to configure the IXP router interface as unnumbered
+ static route for the IXP nets + host routes for the assigned IXP IPs
to the server. In that case the server would have to monitor the IXP
vlan and take care of responding to ARP and Neighbor Solicitation
requests for the IXP IPs (using the MAC of the router). Additionally
it might be necessary to inject the ARP/IPv6 neighbors into the cisco
using static entries (to avoid sending ARP/NS requests with a non IXP
IP).

We're wondering if anyone has experience with such a setup?


Best Regards,

Freddy

• Previous message (by thread): PoC for shortlisted DDoS Vendors
• Next message (by thread): BGP offloading (fixing legacy router BGP scalability issues)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]