NHRP over IBGP from mohammed shoeb ahmed on 2010-02-15 (Ccielab archives /201002)

From: mohammed shoeb ahmed <mdshoeb_at_gmail.com>
Date: Tue, 16 Feb 2010 02:04:09 +0300

Hi Experts,

I am designing a solution for one of my client they have MPLS cloud of over
200 sites, they dont want to share their IP scheme with telco (not
advertising their internal IP addresses in BGP) and want to have fullmesh
routed network. The goal is to hide ip addressing scheme from Telco but not
to loose the MPLS full mesh capability. For this requirement the only
solution comes into mind is DMVPN spoke to spoke full mesh.

Telco here is running BGP on PE and so on CE. As I already have BGP running
on my CEs I thought of using IBGP over DMVPN spoke to spoke full mesh
configuration as two sites among those 200 sites as hub sites for
redundancy. The two sites I am selecting has high bandwidth and 3845
routers. I will be filtering internal routes not to be advertised to ebgp
peers, my IBGP peers to not to advertise EBGP routes to each other. I tested
it in my LAB and seems every thing fine. My NHRP working fine spoke to spoke
tunnels are ok, and routing as well. I tested with one Hub and three spokes.

Well my concerns are as follows:

As I am having two sites, should I configure dual cloud for DMVPN or one
cloud dual Hub as cisco doesn't recommend single cloud and dual hub. but
with bgp things will differ.

IBGP fullmesh problem, I am addressing it through RR making my Hub
routers as RR for the all spokes, each spoke will be peering with two hubs
and both the Hubs will be RR for all spokes and ofcourse Hubs will be
peering to each other.

Scalabilty of IBGP could 3845 would be able handle 200 IBGP peers, or we
might change the platform to bigger one but I want to have real world
numbers maximum supported BGP peers.

How fast the convergence will be, I was thinking of having ospf but ospf
have scalability issue on NBMA network, Cisco recommends not to go beyond 50
neighbors on one segment. I cannot go to EIGRP as I have Juniper firewalls
which needs to run the same routing protocol. using RIP will not be
efficient for this scale of routing updates.

I would be grateful if experts shed some light on my concerns.

-- 
Best Regards,
Mohammed Shoeb Ahmed
Sr. Consultant,
CCIE 18379
Blogs and organic groups at http://www.ccie.net

Received on Tue Feb 16 2010 - 02:04:09 ART

This archive was generated by hypermail 2.2.0 : Mon Mar 01 2010 - 06:28:36 ART