using gated for multi-home BGP
we are currently using gated to do BGP with some private peers. the configs are based on a few factoids derived from the examples and alot of trial and error. i wonder if there is a site or some sample configs that i can use to learn about using gated/BGP in the following contexts: - filters (rejecting/dropping specific routes RFC1918, default, sub/24, etc) - combining AS's (we have 3+ AS's behind our network) - raising/lowering preferences on routes/AS's also, if using an intel platform, with FreeBSD, what would your recommendations be for processor/RAM with two full peers? -- [ Jim Mercer Reptilian Research jim@reptiles.org +1 416 410-5633 ] [ The telephone, for those of you who have forgotten, was a commonly used ] [ communications technology in the days before electronic mail. ] [ They're still easy to find in most large cities. -- Nathaniel Borenstein ]
On Sat, 16 Oct 1999, Jim Mercer wrote: | also, if using an intel platform, with FreeBSD, what would your recommendations | be for processor/RAM with two full peers? | Any of the high speed Celeron processors (466 is <$100 now) work great, you probably want to start at 64MB RAM --- I dress like a pimp I walk with a limp I see the Browns for free in My low-rider blimp.
On Sat, 16 Oct 1999, Jim Mercer wrote:
| also, if using an intel platform, with FreeBSD, what would your recommendations | be for processor/RAM with two full peers? |
Any of the high speed Celeron processors (466 is <$100 now) work great, you probably want to start at 64MB RAM Gated use more memory than CISCO IOS, because this case you have the GATED
tables and the kernel tables; menory is cheap today, don't experiment and install 128 or 256 MB RAM if you want a few core images. CPU power should not be so important, I guess. And use commercial gated if you can.
--- I dress like a pimp I walk with a limp I see the Browns for free in My low-rider blimp.
Aleksei Roudnev, Network Operations Center, Relcom, Moscow (+7 095) 194-19-95 (Network Operations Center Hot Line),(+7 095) 230-41-41, N 13729 (pager) (+7 095) 196-72-12 (Support), (+7 095) 194-33-28 (Fax)
On Sat, Oct 16, 1999 at 12:12:42PM -0400, Jim Mercer wrote:
the configs are based on a few factoids derived from the examples and alot of trial and error.
also, if using an intel platform, with FreeBSD, what would your recommendations be for processor/RAM with two full peers?
This is *not* a recommendation to drop gated, but you may want to start looking at zebra (http://www.zebra.org) which is becoming stable enough to use in a "real" environment. Comparing to the public versions of gated, it uses less memory and less CPU and supported lots more "new" (read necessary) attributes. Our external router (just onefor now - it is only a small network) runs gated, but next time I am back in the office on a weekend it is likely to get zebra installed. I have zebra operating (bgpd actually - not kernel updates) on my test/desktop machine with 3 full-ish BGP peers in 64M RAM: bgpd> show ip bgp sum Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/Pref 195.40.167.193 4 9179 435872 59921 0 0 0 01w2d16h 66646 XXXXXXXXXXXXXXX 4 AAAA 1856882 61712 0 0 0 3d08h37m 65153 YYYYYYYYYYYYY 4 BBBBB 106231 133262 0 0 0 5d21h22m 27668 from top: PID USERNAME PRI NICE SIZE RES STATE WAIT TIME CPU COMMAND ... 16556 root 2 0 20M 21M sleep select 23:18 0.34% bgpd (IP and ASes blurred to protect my testing partners). This is no exports - import only, but export works OK in our smaller tests. The only major area I think needs lots of work is logging - I can say this because I volunteered to do it, but have not had any spare time in the passed couple of months. Regards, -- Peter Galbavy Knowledge Matters Ltd http://www.knowledge.com/
On Sat, 16 Oct 1999 12:12:42 -0400 (EDT) Jim Mercer wrote:
the configs are based on a few factoids derived from the examples and alot of trial and error.
i wonder if there is a site or some sample configs that i can use to learn about using gated/BGP in the following contexts:
- filters (rejecting/dropping specific routes RFC1918, default, sub/24, etc) - combining AS's (we have 3+ AS's behind our network) - raising/lowering preferences on routes/AS's
Major caveat: I haven't used gated in about six months and haven't used any version of gated released since say, 1997. I don't know of any other than the Merit gated site. I thought that the Merit site was pretty good. If you are familar with the underlying concepts and technologies, I find the gated configuration file BNF more intuitive than say, Cisco.
also, if using an intel platform, with FreeBSD, what would your recommendations be for processor/RAM with two full peers?
Gosh, one of the nice things about PC routers is that this is essentially a non-issue. You are going to be able to max out the PCI bus with just about any configuration of RAM and CPU. We have been very happy with multi-homed BGP systems with a Pentium 166mHz CPU and 128MB of RAM holding three full views. Here is a great secret One PC based routers: Given the prices for PC systems, I strongly recommend you get one PC router per uplink and run IBGP between them *and* always have one running IBGP as a hot-swap/spare. The problem with PC routers is that unlike say Ciscos, it is significant downtime to swap in/out boards or upgrade the OS. Using IBGP, you can get around this problem by always having at least one of your links up. The advantage of PC routers is that they are so cheap, you can have complete redundancy. This will allow you to do things like rotate in during off hours, your spare router, which has the latest version of the OS or gated or whatever, without causing significant downtime. Great secret two is to be aware of what features the PC routers lack in terms of routing protocols and inteface cards. Trust not the interface card vendors to give you accurate information (or working cards/drivers.) All of the routing daemons I know of lack features that you will end up wanting at some point. You gotta know what is there, what will be there and what is missing. MLPS, high quality multiple path load balancing, OSPF NSSA, etc. You may not need any of these features now, but when conteplating future designs, you need to know when to swap out other technologies. Don't bet the farm on any interface card that you have not installed in your spare/sandbox router and really beat on. Some of the interface card vendors are really strange people. Expect to be your own support organization.... Unix based routers are really a great tool to have in your toolbox. I have basically been using them on and off for 15 years. No matter what size your network, there are definitely jobs for which they make sense. There are a much greater set of jobs for which they make no sense at all.... It is great to be able to understand the advantages/disadvantages and optimally deploy them. Good luck! Have fun! regards, fletcher
> Major caveat: I haven't used gated in about six months and haven't > used any version of gated released since say, 1997. I too, but I have (yet) two or tree PC routers (working as the console servers mainly) in our network, and there was years when PC was the base routers here in Russia (about 4 - 5 years ago). > The advantage of PC routers is that they are so cheap, you can have > complete redundancy. This will allow you to do things like rotate in > during off hours, your spare router, which has the latest version of > the OS or gated or whatever, without causing significant downtime. No only. Last year we see a lot of new, very insteresting features supported by the base PC-router-capable system, Free BSD (why FreeBSD? because: - it's free, not as the BSDI - it have classical IP stack, not as the Linux - It have a lot of packages and ports, not as NetBSD or OpenBSD), Modern PC-based systems have: - firewall features - NAT features - traffic control features (even traffic shaping does work) - it's safe (if use ssh and remote-authentication and Security-Level and don't use the services opened by default) - and of course they cheaper. I think we are facing to the next wave of PC-based access routers in a few next years, because this year is the first when the network features became very stable in the modern Free system (just as the Free systems themself became stable about 2 years ago). The world when 99% of the routers are CISCO can't live forever, even if we like CISCO very much -:). > > All of the routing daemons I know of lack features that you will end > up wanting at some point. You gotta know what is there, what will be > there and what is missing. MLPS, high quality multiple path load > balancing, OSPF NSSA, etc. You may not need any of these features > now, but when conteplating future designs, you need to know when to > swap out other technologies. Quite agree. Or you should use commercial software. This was just the primary reason why we dropped out the customers from the PC a few years ago. Another reason was the stability - the piece of hardware withouth the disks (Cisco) seems to be just more stable than PC with (often) badly designed fans, power supply and rotating disks... On the other hand, firewalling and NAT and traffic control seems to became a good designed and written features of the modern FreeBSD system (and it seems of the Linux, too). A little about configs... (may be not interesting here, but). Gated config is just more readable and more understandable, it's logical (CISCO config does not have any logic at all). It could be easily generated and collected from the pieces. On the other hand, CISCO's config is almost 100% stable against the mistakes or errors, and GATED's config is just the strict language. And they use the different principals in import/export/redistribution... > > Unix based routers are really a great tool to have in your toolbox. I > have basically been using them on and off for 15 years. No matter > what size your network, there are definitely jobs for which they make > sense. There are a much greater set of jobs for which they make no > sense at all.... It is great to be able to understand the > advantages/disadvantages and optimally deploy them. Good luck! Have > fun! > > regards, > fletcher > > Aleksei Roudnev, Network Operations Center, Relcom, Moscow (+7 095) 194-19-95 (Network Operations Center Hot Line),(+7 095) 230-41-41, N 13729 (pager) (+7 095) 196-72-12 (Support), (+7 095) 194-33-28 (Fax)
participants (5)
-
Alex P. Rudnev
-
Chris Cappuccio
-
Fletcher E Kittredge
-
jim@reptiles.org
-
Peter Galbavy