[c-nsp] Internet in VRF

Dan Peachey dan at illusionnetworks.com
Tue May 5 11:11:14 EDT 2015 

>
>
> I guess PIC edge is more important as it provides fast failover
> (local-repair) towards the PE with alternate AS-Exit in case the link
> providing the primary AS-Exit fails, so while the BGP converges slowly and
> majority of the PEs are still forwarding traffic towards the node acting as
> primary AS-Exit the traffic is not dropped by this node but forwarded
> towards the backup AS-Exit node.
>

If you mean use PIC edge on the primary edge router to improve convergence
when a transit link fails (and the primary edge router forwards the traffic
to the backup edge router) then yeah that would help as you would not need
to wait for any BGP best path selection and RIB/FIB updates as you already
have the backup path in the FIB, however you have to weigh up doubling your
FIB entries against the improved convergence (for Internet prefixes I'd
argue it's not worth it).

PIC edge on PE's sending traffic to the edge routers won't help when a
transit link fails as there is no next-hop change, unless you are not doing
NHS on your iBGP for those prefixes and advertising your point-to-point
subnet into your IGP.


> Whereas BGP PIC core provides fast failover in cases where the whole PE
> router fails (which is less likely to happen) so when other PEs in the AS
> are notified via IGP that the primary NH is not reachable anymore there's
> no need to wait for the FIB to be reprogramed -so the convergence is as
> fast as the IGP (hence the need to tune LSA/LSP propagation).
>
>
PIC core (hierarchical FIB) only helps in a link failure scenario, where
the IGP next-hop changes (not the BGP next-hop) and only 1 FIB entry needs
updating vs. ~500k as in a flat FIB architecture. If your primary BGP
next-hop is not reachable any more then you have to rely on BGP next-hop
tracking, best-path selection and RIB/FIB updates (unless you use PIC edge
to program a backup FIB entry).


> I'm not sure it's enabled by default as I guess you'd still need to use
> the "additional-paths selection route-policy" under the vpnv4 AF to program
> the backup NH into the FIB.
>
>
"additional-paths selection route-policy" is used to program backup FIB
paths (ala PIC edge). I have read somewhere before that PIC core is on by
default in XR on ASR9K and CRS but I can't find where I read it. On IOS you
need to apply "cef table output-chain build favor convergence-speed" to
enable PIC core (may be platform specific, I only ever tried it on ME3x00).

Some of the documentation around PIC can be confusing (and I'm sure
different vendors mix up the terms in different ways) but that's how I
understand it.

Cheers,

Dan

More information about the cisco-nsp mailing list