Re: OSPF vs IS-IS vs PrivateAS eBGP

On 19 Aug 2009, at 16:12, Clue Store wrote: I would like to run an IGP (currently OSPF) to our customers that are multi-homed in a non-mpls environment. They are multi-homed with small prefixes that are swipped from my ARIN allocations. [...] Customers do, err, interesting and creative thin

Re: Anyone else seeing "(invalid or corrupt AS path) 3 bytes E01100" ?

On Tue, Aug 18, 2009 at 09:37:22AM +0200, Ivan Pepelnjak wrote: > > Anybody have a handy route-map that will deny anything with a > > as-path longer than say 15-20? ;-) > > http://wiki.nil.com/Filter_excessively_prepended_BGP_paths It will still be a while before we see unbroken 4byte AS behavio

Re: OSPF vs IS-IS vs PrivateAS eBGP

> Unless you want your customers to have very substantial control over > your internal network, don't use an SPF IGP like ospf or is-is. with your customer ^ i know that's what you meant, but i thought it worth making it very explicit. practice safe

Re: Anyone else seeing "(invalid or corrupt AS path) 3 bytes E01100" ?

On 19/08/2009, at 6:58 AM, Ivan Pepelnjak wrote: No. You cannot influence the inbound traffic apart from not advertising some of your prefixes to some of your neighbors or giving them hints with BGP communities or AS-path prepending. Whatever you do with BGP on your routers influences only

RE: OSPF vs IS-IS vs PrivateAS eBGP

Do not EVER run an SPF routing protocol with your customer. They can insert anything they want into it (due to configuration mistake, malicious intent or third-party hijacking) and your whole network (or at least the other customers) will be affected. Just to give you a few examples: * They could

Re: OSPF vs IS-IS vs PrivateAS eBGP

On Aug 20, 2009, at 7:13 PM, Ivan Pepelnjak wrote: Do not EVER run an SPF routing protocol with your customer. I don't generally like 'me, too', posts, but Ivan's advice here cannot be overstated; this way lies madness. -

Re: OSPF vs IS-IS vs PrivateAS eBGP

On Wed, Aug 19, 2009 at 12:58:01PM -0500, Clue Store wrote: [snip] > would like to go with , but I have had some in the industry say this is not > as good as running an IGP with the customer. Name and shame. TTBOMK, no-one who thought walking that road was a Good Idea did so for long after start

Re: OSPF vs IS-IS vs PrivateAS eBGP

Clue Store said the following on 20/8/09 01:12 : > > I know this has been discussed probably many times on this list, but I was > looking for some specifics about what others are doing in the following > situations. Discussed on list, presented in tutorials, how much more advice is actually requir

Re: OSPF vs IS-IS vs PrivateAS eBGP

Thanks again for all of the replies on and off list. As I stated earlier, I didn't not think IGP was the protocol of choice for running to customers, i've just been to many different houses that do actually do this. 99% of all of our customer CPE is not managed by the customer, so that leaves it u

Re: F5/Cisco catalyst configuration question

Darren Bolding wrote: > What model BIG-IP? > On some models I have had to set the BIG-IP's or the 6500 (can't remember > which) to specified speed/duplex and the other side to auto. > > I believe it was auto on the BIG-IP and fixed on the 6500. > > Setting both sides the same did not work. We have

RE: F5/Cisco catalyst configuration question

Darren, It's the F5-BIG-LTM-6400, pair of them. Thanks for your info. Got alot of good, helpful responses. Best regards, Scott Spencer Data Center Asset Recovery/Remarketing Manager Duane Whitlow & Co. Inc. Nationwide Toll Free: 800.977.7473. Direct: 972.865.1395 Fax: 972.931.3340

RE: F5/Cisco catalyst configuration question

This couldn't be something as simple as a crossover cable, could it? -Original Message- From: Scott Spencer [mailto:sc...@dwc-computer.com] Sent: Thursday, August 20, 2009 11:24 AM To: 'Darren Bolding'; 'Christopher Greves' Cc: nanog@nanog.org Subject: RE: F5/Cisco catalyst configurati

RE: F5/Cisco catalyst configuration question

That is what I was thinking when I first read your email. I would agree with Darren. CL -Original Message- From: Dylan Ebner [mailto:dylan.eb...@crlmed.com] Sent: Thursday, August 20, 2009 10:36 AM To: Scott Spencer; 'Darren Bolding'; 'Christopher Greves' Cc: nanog@nanog.org Subject: RE:

RE: OSPF vs IS-IS vs PrivateAS eBGP

> The only issue with using ebgp is getting enough of my > staff that actually understand bgp to the point where they > can deploy it themselves without having to get me involved on > every install. I think I can make this pretty cookie-cutter > config to start off and then work from there. F

Re: F5/Cisco catalyst configuration question

On Thu, Aug 20, 2009 at 11:50:45AM -0400, Jeff Kell wrote: > Anyone have "smarter" etherchannels running F5-to-Catalysts ? Yes, I'm running LACP between SUP-720 6500s and BIG-IP 6900 boxes on the SFP interfaces. The key was to disable ethernet flow control on the BIG-IP side. They enable it by d

Re: OSPF vs IS-IS vs PrivateAS eBGP

FWIW, we use BGP to our multihomed customers (even when we manage the CPE), using a private AS. OSPF doesn't have the right toolset to provide protection for inter-network route propogation, and the risk of some customer's CPE screwing up you routing is just too high to go naked. A basic CPE BGP co

Re: OSPF vs IS-IS vs PrivateAS eBGP

On Thu, Aug 20, 2009 at 08:47:14AM -0500, Clue Store wrote: > 99% of all of our customer CPE is not managed by the customer, so that > leaves it up to me to decide what to run to them. And then you run into the customer who thinks it's better to use a CPE of his own, breaks into the CPE to read yo

Re: OSPF vs IS-IS vs PrivateAS eBGP

I think you misunderstood me. You definitely need prefix filters on the *provider* side, but the CPE doesn't necessarily need them as the impact is hopefully limited to that particular customer. They're always better of course. GG On 8/20/09, Daniel Roesen wrote: > On Thu, Aug 20, 2009 at 08:47:

Re: OSPF vs IS-IS vs PrivateAS eBGP

> Am I alone in my view that BGP is _far_ more simple and > straight-forward than OSPF this is a very telling statement in a number of ways. that ospf has become exceedingly complex, and all that results thereof. that both are known for their complexity. randy

Re: OSPF vs IS-IS vs PrivateAS eBGP

> Am I alone in my view that BGP is _far_ more simple and > straight-forward than OSPF >that ospf has become exceedingly complex, and all that results thereof. I couldn't agree more. Most of my staff are still under the impression in Cisco land that the "network 10.0.0.0 255.255.255.0" statement

Re: OSPF vs IS-IS vs PrivateAS eBGP

Gary T. Giesen wrote: > FWIW, we use BGP to our multihomed customers (even when we manage the > CPE), using a private AS. OSPF doesn't have the right toolset to > provide protection for inter-network route propogation, and the risk > of some customer's CPE screwing up you routing is just too high t

Re: OSPF vs IS-IS vs PrivateAS eBGP

Clue Store wrote: I couldn't agree more. Most of my staff are still under the impression in Cisco land that the "network 10.0.0.0 255.255.255.0" statement injects that network into OSPF, when it simply turns on OSPF for the interfaces that are in that network. I'm really glad to see Cisco that ma

RE: OSPF vs IS-IS vs PrivateAS eBGP

> Configure eBGP from your edge to the client edge using > private-AS. Since I already have copy/paste templates (thanks > to RANCID), I make it a habit to ensure filters are at both > ends. Goes without saying that > BCP-38 is followed, and strict is deployed everywhere possible. > > peer-grou