On Tue, 28 Aug 2007 15:11:52 -0400 "William Herrin" <herrin-nanog@dirtside.com> wrote:
On 8/27/07, Deepak Jain <deepak@ai.net> wrote:
an MSFC2 can hold 256,000 entries in its FIB of which 12,000 are reserved for Multicast. I do not know if the 12,000 can be set to serve the general purpose.
The MSFC2 therefore can server 244,000 routes without uRPF turned on.
<snip>
Now, my request for help:
I have a leaf node on the DFZ handled by a pair of Sup2's (pfc2/msfc2), two transit providers and several peers. My focus is very heavily domestic, and I'd like to delay my upgrade. I'd like to buy some time by aggregating the incoming APNIC region prefixes (http://www.iana.org/assignments/ipv4-address-space) into the following FIB entries:
58.0.0.0/7 60.0.0.0/7 116.0.0.0/6 120.0.0.0/6 124.0.0.0/7 126.0.0.0/8 202.0.0.0/7 210.0.0.0/7 218.0.0.0/7 220.0.0.0/7 222.0.0.0/8
Can anyone suggest how to program that into the router or refer me to the URL of the correct documentation at Cisco's site?
Probably better over at cisco-nsp, however I'd expect you'd use the "aggregate-address <prefix> <mask> summary-only" command to create aggregates, yet supressing them from being announced to any other BGP peer. I think that would still cause the more specifics to get into the FIB of the aggregating router, however there's a command I've only come across recently, under the "router bgp" section, which allows you to apply a route-map to routes as they go from the BGP RIB to the FIB. You might be able to use that to stop the more specifics getting into the FIB, with a route-map deny clause. The command is "table-map". I haven't used it myself, and the command reference says that it's only to set attributes so YMMV. I haven't had success using "deny" clauses in BGP attribute setting route-maps, so it may not be possible at all to use this command for this purpose. Another way you might avoid the more specifics getting into the FIB is to only accept a few known or selected large more specifics from those ranges from your upstreams e.g. 3 or so, dropping the rest, and use those select few to create the /6-8 aggregates you'll use internally. Probably a bit more work than the table-map method, but if that doesn't work, this is probably the way to do it. (Looks like the coffee is just kicking in this morning - I've just come up with another way just before I send this off.) Or you could set up a route server upstream of your router with the limited FIB and do the filtering and / or aggregation there. As it isn't in the forwarding path, you could probably use a lower end software Cisco platform with enough CPU and RAM just to do the BGP processing e.g. probably something as low end as an 1800 series with 1GB of RAM (I'd suggest switching CEF off to save RAM) would be quite fine to do that job. I'd even suggest an 800 series (400MHz PowerPCs are no slouches), however they've only got a max of 256MB of RAM with probably isn't enough (for a bit of fun one day, I put the full route table in a 128MB one, but it only got to 140 000 routes before it ran out of RAM.) HTH, Mark. -- "Sheep are slow and tasty, and therefore must remain constantly alert." - Bruce Schneier, "Beyond Fear"