On Monday, September 24, 1990 at 8:59:42 PM UTC-7, Curt Bemis,46708::bemis; 615-574-4769 wrote:
From: ORECES::HYMANLL "Lynn Hyman, (615)574-7619" 20-SEP-1990 08:42:57.29
To: @SYS$LOGIN:MIL.DIS
CC: HYMANLL
Subj: Filtering MILnet routing updates
We did it!!!! With considerable fear and trepidation, we
removed the incoming access-list filters on the EGP routing update
processes from the MILnet (DDN)!! Remember, our Cisco CSC/2 gateway
router that supports the ORNL link to MILnet (DDN) only has 1 MByte
of memory, earlier software versions for the CSC/2, prior to V.8.1(19) rendered the box useless without a heavy set of filters on the incoming updates because the DDN advertises nearly everything. Not sufficient
memory with prior versions to handle it when the box does DDN X25, in addition to the usual gateway IP stuff.
However, using the latest set of PROMs from Cisco with Version
8.1(19), the executing software runs out of ROM, not RAM thus saving considerable memory. For example, our access-list restricted the
incoming EGP routing information content to about 450 nets, not the
usual 1500 or so that the DDN advertises. Using 8.1(19), we freed up
over 500 kbytes in the box!! That gave us the idea that we should
take whatever information the incoming DDN updates would give us, all
1500 nets or so, use the same access list, BUT, put it on the outgoing
IGRP process that sends the routing information to our "master router"
at ORNL. Doing it this way, gives us the advantage of "seeing" all
the nets that the DDN advertises, but allows us the decision to select
those nets appropriate to route via the DDN (directly attached .mil
nets plus those others that have primary DDN connections).
The only disadvantage doing what we do, (running the CSC/2
out of ROM with V. 8.1(19), is that the operating system has a little
slower access time, BUT, it makes little difference because the box
only supports the 56 kbps DDN X25 serial line, in addition to its ether connection, and the ether connection is in a "protected environment".
Even with IP Accounting turned on, taking the entire DDN
routing updates, filtering only the subsequent IGRP outgoing updates
to our "firewall", we still have 450-to-500 kbytes of free memory!!
Free memory varies as nets appear and disappear off the DDN. We feel
quite comfortable with that much free memory, and even if the DDN starts
to advertise 2-3 times the number of routes that it currently does, we
still should be in good shape!
Thank you Cisco--
Lynn and Curt
(hym...@oreces.ctd.ornl.gov)
(be...@oreces.ctd.ornl.gov)
congrats!!!
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)