RE: BGP full-mesh

From: Jared Scrivener (jscrivener@ipexpert.com)
Date: Wed Jan 28 2009 - 14:24:19 ARST

• Next message: John Edom: "Re: CCIE Certified #23326"
• Previous message: Marijo Bernardic: "AW: CCIE Certified #23326"
• Maybe in reply to: Bogdan Sass: "BGP full-mesh"
• Next in thread: Bogdan Sass: "Re: BGP full-mesh"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hey Bogdan,
Hey Bogdan,

The first thing that comes to my mind is not the basic stuff (like getting
the BGP updates to pass) but the more complex stuff - like manipulating the
aforementioned updates.

The logic you're running with (or your student is) is that the ingress edge
router will be sending the update directly to every transit and edge router
(so you've managed to avoid peering between the transit routers). This
effectively means that we can't do most kinds of filtering on the transit
routers in the network (setting communities, changing local preference etc.)
as each of them would have to pass that change either back upstream to the
ingress edge router (which would create a loop) or directly to the egress
edge router (which would create a situation where each transit router may
send different values in its update).

So whilst the BGP network paths should pass in your situation, you'd most
likely have serious issues with update management and manipulation.

Cheers,

Jared Scrivener CCIE3 #16983 (R&S, Security, SP), CISSP
Technical Instructor - IPexpert, Inc.
Telephone: +1.810.326.1444
Fax: +1.810.454.0130
Mailto: jscrivener@ipexpert.com

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Bogdan Sass
Sent: Wednesday, 28 January 2009 4:24 AM
To: Cisco certification
Subject: BGP full-mesh

    A student of mine asked me a question today. One of those questions
that seem simple, but when you think about them you realize you don't
really know the answer. So I decided to come here for some guidance :)

    The question was: "Why do we need a full-mesh between _all_ the
BGP-running routers in an AS?" (we're not talking about confederations
or RRs here - just basic BGP). He proposed the following alternative:
    -we have an AS with edge routers (running both iBGP and eBGP), and
transit routers (iBGP only).
    -we do full-mesh BGP between the edge routers, and only connect each
transit router to each edge router.
    -for 4 edge and 8 transit routers, this takes the number of BGP
connections from 12*11/2=66 to 4*3/2+8*4=38. Quite a significant change.

    Try as I might, I was unable to find a topology in which his
solution would fail. I'm hoping someone more experienced with BGP could
help me...

    Thank you,

-- 
Bogdan Sass
CCAI,CCSP,JNCIA-ER,CCIE #22221 (RS)
Information Systems Security Professional
"Curiosity was framed - ignorance killed the cat"
Blogs and organic groups at http://www.ccie.net

• Next message: John Edom: "Re: CCIE Certified #23326"
• Previous message: Marijo Bernardic: "AW: CCIE Certified #23326"
• Maybe in reply to: Bogdan Sass: "BGP full-mesh"
• Next in thread: Bogdan Sass: "Re: BGP full-mesh"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Mar 01 2009 - 09:43:40 ARST