North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Prefix filtering for Cisco SUP2

  • From: Henry Futzenburger
  • Date: Fri Feb 29 13:43:55 2008
  • Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type; bh=Xfb3H6K9J1nYyHqgoekdpQ7M6/GPd4MKHkD9c1fQxXs=; b=ox5WL4BGxJ/TlI6u9JHCVqgIaqi2hLvAWyHyRIVIAIhPq9pfamuJ6bEKf6Qw+/U3XpVUgIsaCOIXnYkh5xvbp3K9DCANTpNhv4Ng6WczGlP8y85G1yMA+3MiAhNCtYS39shXCUGMqArda61tZXQemseYA+6tY8LhGbbTOmosBlU=
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:mime-version:content-type; b=b+n7EhEqv3QSXrMRcbAc3YNtQ6QsPMvVwp0cmiPG4VoqQGluYibpiyUiWlxQOnJbM3/xNBA/cjzxobitoYMMMSVRPW+LR+waCRIK4hhmJlbo9OJV10/BTW+Rc5qSVUhqsIUs4Yf5fhVN46FXV0A2MHubvUIcuH7AI+D2ss1kkh0=
I am hoping to help an ISP keep a couple of Cisco 6500's with SUP2's in production for a while longer.  They are currently just about at the FIB limit of 250,000 entries, mostly composed of BGP routes.  I'm considering two alternatives to reduce the number of entries.

1. Accept only default and partial routes from upstream.
    a. Accept directly-connected routes, reject everything else and rely on the default route.
    b. Assume a reduction to about 30,000 unique routes per upstream ISP (currently 3).

2. Accept only default and RIR minimum routes from upstream.
    a. Filter based on RIR minimums, rely on default for unaggregated routes.
    b. Assume a reduction of about 50,000-100,000 total routes.

Does anyone have any opinions as to whether one option is better than the other?  Are there options that would be better than either of these?  Are there serious risks to either option?

My sense is that either of these would be a fairly benign change, only having a marginal impact on routing efficiency in either case.  It seems like the better option is the one that retains the greater number of routes within some margin of safety.  What do you think?