On Jun 14, 2010, at 12:08 PM, Fred Baker wrote:
upstream, full routes are generally not as useful as one might expect. You're at least as well off with default routes for your upstreams plus what we call "Optimized Edge Routing", which allows you to identify (dynamically, for each prefix/peer you care about) which of your various ISPs gives you a route that *you* would prefer in terms of reachability and RTT. In the words of a prominent hardware store in my region, "you can do it, we can help".
+1. additionally, one could filter on reasonable RIR allocation 'boundaries' per /8, cutting the fib down substantially. Cisco and a host of others maintain such a list of ready-to-use examples here: ftp://ftp-eng.cisco.com/cons/isp/security/Ingress-Prefix-Filter-Templates/ lastly, one could do something far more crude (yet strangely effective), like so: ip prefix-list longs permit 0.0.0.0/0 ge 23 ip prefix-list shorts permit 0.0.0.0/0 le 22 ip as-path access-list 10 permit (^_[0-9]+$|^_[0-9]+_[0-9]+$|^_[0-9]+_[0-9]+_[0-9]+$) route-map provider-in permit 10 match ip address prefix-list longs match as-path 10 route-map provider-in permit 20 match ip address prefix-list shorts ...etc -Tk