Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > EBGP neighbor limit?

Reply
Thread Tools

EBGP neighbor limit?

 
 
Hansang Bae
Guest
Posts: n/a
 
      07-24-2004
For all you ISP folks, can you tell me how many neighbors you put on
your routers? (Cisco 6500/7200 or Juniper M10s).

The remote sites would only require 0/0 and a few select routes. I'm
thinking of ditching OSPF and going with BGP as the primary routing
protocols to my branches.

Why? Because the branches have application level HA built in, but due
to the nature of totally stubby area, branch router A does not know that
branch router B has a more direct route.

I can switch to stub area and allow external routes to come in, but then
I have to play with recursive routing to ensure that certain networks
are preferred over link A and others over link B. With BGP, this
becomes a very simple task.

Also, I will no longer require GRE tunnels to keep the areas whole. I a
WAN link fails, it's possible that a remote site will become transit
(since intra area routes are preferred). I don't have that problem with
BGP.

Another reason? I can IPSec the bgp traffic. Now I won't have to worry
about OSPF not dying while IPSec goes to la la land - thereby black
holing traffic. I can use GRE tunnels to force this relaireliable
failure, but if I use bgp, I can just encrypt tcp port 179.

Comments?

--

hsb

"Somehow I imagined this experience would be more rewarding" Calvin
*************** USE ROT13 TO SEE MY EMAIL ADDRESS ****************
************************************************** ******************
Due to the volume of email that I receive, I may not not be able to
reply to emails sent to my account. Please post a followup instead.
************************************************** ******************
 
Reply With Quote
 
 
 
 
John Agosta
Guest
Posts: n/a
 
      07-25-2004
2 cents...

What about BGP convergence times ?
Perhaps ISIS, with route leaking would help
with the Tstubby issue, and there's not so much of an issue
with keeping areas "whole."
I think ISIS will provide better convergence times ??

-ja




"Hansang Bae" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> For all you ISP folks, can you tell me how many neighbors you put on
> your routers? (Cisco 6500/7200 or Juniper M10s).
>
> The remote sites would only require 0/0 and a few select routes. I'm
> thinking of ditching OSPF and going with BGP as the primary routing
> protocols to my branches.
>
> Why? Because the branches have application level HA built in, but due
> to the nature of totally stubby area, branch router A does not know that
> branch router B has a more direct route.
>
> I can switch to stub area and allow external routes to come in, but then
> I have to play with recursive routing to ensure that certain networks
> are preferred over link A and others over link B. With BGP, this
> becomes a very simple task.
>
> Also, I will no longer require GRE tunnels to keep the areas whole. I a
> WAN link fails, it's possible that a remote site will become transit
> (since intra area routes are preferred). I don't have that problem with
> BGP.
>
> Another reason? I can IPSec the bgp traffic. Now I won't have to worry
> about OSPF not dying while IPSec goes to la la land - thereby black
> holing traffic. I can use GRE tunnels to force this relaireliable
> failure, but if I use bgp, I can just encrypt tcp port 179.
>
> Comments?
>
> --
>
> hsb
>
> "Somehow I imagined this experience would be more rewarding" Calvin
> *************** USE ROT13 TO SEE MY EMAIL ADDRESS ****************
> ************************************************** ******************
> Due to the volume of email that I receive, I may not not be able to
> reply to emails sent to my account. Please post a followup instead.
> ************************************************** ******************



 
Reply With Quote
 
 
 
 
Hansang Bae
Guest
Posts: n/a
 
      07-25-2004
In article <(E-Mail Removed)>,
j_agosta@remove_wideopenwest.kom says...
> 2 cents...
>
> What about BGP convergence times ?
> Perhaps ISIS, with route leaking would help
> with the Tstubby issue, and there's not so much of an issue
> with keeping areas "whole."
> I think ISIS will provide better convergence times ??


We can crank down the timers so that shouldn't be too much of an issue.
the keeping the area whole comes into play when one of the redundant
link goes down. Do to area summarizations, another branch can become a
transit network.

ISIS is not an option due to operational issues. Our operational team
has zero experience in ISIS (not that I have much either) so that's out.

--

hsb

"Somehow I imagined this experience would be more rewarding" Calvin
*************** USE ROT13 TO SEE MY EMAIL ADDRESS ****************
************************************************** ******************
Due to the volume of email that I receive, I may not not be able to
reply to emails sent to my account. Please post a followup instead.
************************************************** ******************
 
Reply With Quote
 
John Agosta
Guest
Posts: n/a
 
      07-25-2004

"Hansang Bae" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> In article <(E-Mail Removed)>,
> j_agosta@remove_wideopenwest.kom says...
> > 2 cents...
> >
> > What about BGP convergence times ?
> > Perhaps ISIS, with route leaking would help
> > with the Tstubby issue, and there's not so much of an issue
> > with keeping areas "whole."
> > I think ISIS will provide better convergence times ??

>
> We can crank down the timers so that shouldn't be too much of an issue.
> the keeping the area whole comes into play when one of the redundant
> link goes down. Do to area summarizations, another branch can become a
> transit network.
>
> ISIS is not an option due to operational issues. Our operational team
> has zero experience in ISIS (not that I have much either) so that's out.
>
> --
>
> hsb
>



Well, 2 cents is worth just that, isn't it?

I dunno - perhaps your idea is a good one. It's hard to comment
not seeing the 'picture.' I assume other IGPs have been looked at,
and have been deemed "less superior" for your needs.
Knowing your pedigree, I suspect that whatever
solution you feel most comfortable with will do the trick;
and there's nothing wrong with BGP being used as an IGP......
Personally, I don't like the idea of tweaking timers unless I am sure
that everyone on board is aware of the tweaks and cranks.
Changes from the norm can bite ya down the road when people
are not well informed and paper is not well documented.......

PS - Rosie O'Grady's in NYC was nice.
Much better than the other joint.
Sorry it didn't pan out.......


-ja



 
Reply With Quote
 
Vincent C Jones
Guest
Posts: n/a
 
      07-26-2004
In article <(E-Mail Removed)>,
John Agosta <j_agosta@remove_wideopenwest.kom> wrote:
>
>"Hansang Bae" <(E-Mail Removed)> wrote in message
>news:(E-Mail Removed)...
>> In article <(E-Mail Removed)>,
>> j_agosta@remove_wideopenwest.kom says...
>> > 2 cents...
>> >
>> > What about BGP convergence times ?
>> > Perhaps ISIS, with route leaking would help
>> > with the Tstubby issue, and there's not so much of an issue
>> > with keeping areas "whole."
>> > I think ISIS will provide better convergence times ??

>>
>> We can crank down the timers so that shouldn't be too much of an issue.
>> the keeping the area whole comes into play when one of the redundant
>> link goes down. Do to area summarizations, another branch can become a
>> transit network.
>>
>> ISIS is not an option due to operational issues. Our operational team
>> has zero experience in ISIS (not that I have much either) so that's out.
>>
>> --
>>
>> hsb
>>

>
>
>Well, 2 cents is worth just that, isn't it?
>
>I dunno - perhaps your idea is a good one. It's hard to comment
>not seeing the 'picture.' I assume other IGPs have been looked at,
>and have been deemed "less superior" for your needs.
>Knowing your pedigree, I suspect that whatever
>solution you feel most comfortable with will do the trick;
>and there's nothing wrong with BGP being used as an IGP......
>Personally, I don't like the idea of tweaking timers unless I am sure
>that everyone on board is aware of the tweaks and cranks.
>Changes from the norm can bite ya down the road when people
>are not well informed and paper is not well documented.......
>
>-ja


Hansang,

I've been following this discussion and can pitch in another 2 cents
worth...

You should have no problem with numbers. The killer activity for
BGP is scanning the routing table, which is a CPU hog when running
defaultless on a 7200 and accepting multiple feeds. In your case,
the routing table is a joke, maybe a few hundred routes if you
get carried away, and if you can detect the CPU impact, even after
cranking up the timers, I'd be amazed.

Another approach to consider is policy routing, because that is the
key feature of BGP you are actually using. Combined with SAA/RTR,
you could even get around the IPSec problems, although you may need
to wait a few years for an IOS which supports all the features to
get through the approval process.

Have you discussed your ideas with Ms. Y.A.? When I was there she
was the only employee in the tower who really understood BGP, and if
she doesn't bless it, it doesn't matter how good a solution it is,
it won't get past design review. It doesn't matter that your use
of BGP is unrelated to her use of BGP.

As for John's concern re: future maintenance, I'm not too worried
about the "down the road" part. As you've already mentioned in other
postings, there is a good documentation trail built into your change
control system there (yes Virginia, some organizations actually do
have formal change controls that work), so there is no excuse for the
knowledge of what you are doing and why to be lost. Just remember
to write it up so that BGP skill is not required to understand the
impact of making changes without understanding how it works

Good luck and have fun!
--
Vincent C Jones, Consultant Expert advice and a helping hand
Networking Unlimited, Inc. for those who want to manage and
Tenafly, NJ Phone: 201 568-7810 control their networking destiny
http://www.networkingunlimited.com
 
Reply With Quote
 
Hansang Bae
Guest
Posts: n/a
 
      07-27-2004
In article <ce2t5l$btj$(E-Mail Removed)>,
http://www.velocityreviews.com/forums/(E-Mail Removed) says...
> I've been following this discussion and can pitch in another 2 cents
> worth...
>
> You should have no problem with numbers. The killer activity for
> BGP is scanning the routing table, which is a CPU hog when running
> defaultless on a 7200 and accepting multiple feeds. In your case,
> the routing table is a joke, maybe a few hundred routes if you
> get carried away, and if you can detect the CPU impact, even after
> cranking up the timers, I'd be amazed.


At the branch side, it's of no concern. The headends can get the
aggressively summarized routes so that shouldn't be too bad either. It
may go up to 600-800, though.


> Another approach to consider is policy routing, because that is the
> key feature of BGP you are actually using. Combined with SAA/RTR,
> you could even get around the IPSec problems, although you may need
> to wait a few years for an IOS which supports all the features to
> get through the approval process.


We are just piloting 12.2.24a to remedy the T3 bugs we found in pa-mc-
2t3+ cards. So as you note, it may be a while before I can roll
something like saa/rtr. Another thing to consider is the operational
support.



> Have you discussed your ideas with Ms. Y.A.? When I was there she
> was the only employee in the tower who really understood BGP, and if
> she doesn't bless it, it doesn't matter how good a solution it is,
> it won't get past design review. It doesn't matter that your use
> of BGP is unrelated to her use of BGP.



You do have good memory! She actually runs the internal network
engineering these days and has been out of the day to day design
process.


> As for John's concern re: future maintenance, I'm not too worried
> about the "down the road" part. As you've already mentioned in other
> postings, there is a good documentation trail built into your change
> control system there (yes Virginia, some organizations actually do
> have formal change controls that work), so there is no excuse for the
> knowledge of what you are doing and why to be lost. Just remember
> to write it up so that BGP skill is not required to understand the
> impact of making changes without understanding how it works



It would actually be a template for others to implement. Do to some data
center strategy changes, I have 7 months to build a new data center and
move about 800+ branches! And that's only phase I. Well, it does keep
it exciting I suppose!

--

hsb

"Somehow I imagined this experience would be more rewarding" Calvin
*************** USE ROT13 TO SEE MY EMAIL ADDRESS ****************
************************************************** ******************
Due to the volume of email that I receive, I may not not be able to
reply to emails sent to my account. Please post a followup instead.
************************************************** ******************
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
dual honed ebgp multihop mmark751969 Cisco 1 03-31-2008 10:11 AM
dual peer ebgp mmark751969 Cisco 1 03-25-2008 05:34 AM
Recommended Hardware for eBGP Kevin Sonney Cisco 6 11-03-2005 04:42 PM
belkin USB tendency to connect to neighbor's router?! peter Wireless Networking 3 12-03-2004 08:05 AM
EBGP Neighbor limits (for you enterprise/ISP folks) Hansang Bae Cisco 0 08-24-2004 03:11 PM



Advertisments