However, if the BGP session with the provider is re-established, the system will start rerouting traffic to this provider. In case one of the timers expires, the provider is switched to a FAIL state and all the improvements towards this provider will be withdrawn from the routing table. If according to the ping response the session is reestablished during this time, the hold timer will be discarded while the longhold timer continues. If the next-hop stops responding to these requests, another 30 seconds timer (called hold timer) ( ↓) will be started. The requests will be sent once in keepalive period (a parameter adjustable in the BGP daemon configuration interface) ( ↓). During this time the monitor will be sending ICMP/UDP ping requests toward the configured provider’s next-hop IP address ( peer.X.ipv4.next_hop↓ or peer.X.ipv6.next_hop↓). In this case a timeout status will be reported to the Internal Monitor and a 30 minutes timer (called longhold timer) ( ↓) will be started. DDoS attack or various factors causing router CPU over-usage) there may be no response to the SNMP queries at all. In this case, additional network interfaces on the server will be required - one for each mirrored port. Or: configure port mirroring (a partial traffic copy will suffice). NetFlow is most suitable for high traffic volumes, or in the case of a sophisticated network infrastructure, where port mirroring is not technically possible. Make sure the IRP server gets both inbound and outbound traffic info.Įgress flow accounting should be enabled on the provider links, or, if this is not technically possible, ingress flow accounting should be enabled on all the interfaces facing the internal network. sFlow, NetFlow (v1, 5, 9) or jFlow and send it to the main server IP.The settings relating to BGP configuration, prefixes announced by your ASN, the route maps, routing policies, access control list, sFlow/NetFlow and related interfaces configurations are used to setup similar IRP settings or to determine what settings do not conflict with existing network policies. When configuring multiple SPAN ports the same number of additional CPU cores are needed to analyze traffic. If providing raw traffic data by port mirroring - additional 10G interfaces are required for each of the configured SPAN ports (Myricom 10G network cards with Sniffer10G license are recommended to be used for high pps networks). If providing sFlow/NetFlow data - at least 1 x 1000Mbps NIC while two NICs are recommended (one will be dedicated to management purposes). More disk space might be required under heavy workload. This is required for big mysql tables manipulation. – At least 10GB disk space usable for /tmp or separate partition. – At least 100GB disk space usable for /var or separate partition SAS disks are recommended (SSDs are required only for 40Gbps+ networks).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |