Full BGP Table & Bogons

Aloha all!

I was wondering if you have a single connection to your service provider is there any benefit taking the full BGP table vs just a default route.  If there is what is the benefit, and if you do take the full BGP table should you implement strict BOGON filtering.  Is there a good way to take the full list from http://www.team-cymru.org/Services/Bogons/fullbogons-ipv4.txt and automate that into a prefix-list template? What type of router would you need to accept the full Internet BGP table I must imagine it would have to be pretty beefy :)

Also does anyone have any good reading links for this real world type of implementations or videos I have an all-access pass with INE.

 

thanks!

 

Lance

Comments

  • peetypeety ✭✭✭

    I've had customers take full routes before if they were going to be multihomed or at least so during the transition.  I've seen a customer encounter a partial outage when some routes were dropped but a default route was still functional, as the customer was relying on full routes for all reachability.

    The Cymru bogon filter has hit end-of-life I believe, such that there are no more changes expected to it.  Therefore I don't think you'd need to automate the updates.  I was a firm believer that the BGP feed of bogons wasn't enough, as it was still possible (without further prefix-list filtering) to accept a route longer than the bogon entry, creating a "punch-through" hole for that sub-bogon.

    You can fit a full table into a 2921/2951 with max RAM.  The wimpy CPU means you should expect increased latency for potentially 10 minutes after bringing up a full-table session though.  Depending on the IOS code chosen, you might be able to fit a single full-table session into a router with 512MB, but if you have multiple paths 768MB is minimum.  I consult for a network that's built entirely on 7206VXR/NPE-G1s and lower; the 1GB NPEs get a full table but the 512MB NPEs get some filtering.  ASR series is perhaps the lowest Cisco model that's safe for a full table, though the wimpy RP1 in ASR1001/1002 will potentially max out in a year or two.  In the Cat6500/6800 platform, Sup720-3BXL or Sup2T "XL" is needed, and companion _XL DFCs if in use.

    Good luck finding any good materials on real-world routing.  If you check the presentation archives at nanog.org, you'll find some stuff.  Some luser named Pete Templin has a couple of "lessons learned as a small network operator" tutorials you might like. ;)

  • Unless you have PI space and your own ASN, I'm not sure there's any benefit to running BGP at all.  IMO, Bogons = Martians at this point unless you're RBLing based on bad behavior lists.  You'd probably be better off with a workable S/RTBH setup, IMO.

Sign In or Register to comment.