[j-nsp] BGP peering from a VIP address

Kim Halavakoski kim at halavakoski.net
Fri Mar 28 12:57:24 EDT 2008

I'm no BGP guru but I can put in my guess on the "motivation" part:  
Cost :) Atleast that was something we considered when planning our  
multi-homing solution @work and not being completely fluent in BGP  
yet :)

Consider the following setup:

2 routers, 2 peerings: 1 peering to router 1 and 1 peering to router  
2, igp between router 1 and router 2. Getting two BGP-sessions to each  
transit to have a full mesh will in most cases double the cost for  
that transit capacity, so instead of having 2 * X Mbps costs you would  
have 4 * X Mbps costs.

By configuring the BGP to a VIP on the routers one would think that  
there is another layer of resilency for hardware failure in the VRRP  
instead of just relying on BGP timers / BFD  to fail over traffic to  
the other BGP session...but like Pekka said, I'm not sure about the  
motivation and real facts here... :)

What would be the major drawbacks/differences between using 2  
peerings, 4 peerings fully meshed and 2 peerings to router VIPs in the  
above scenario?

Kim Halavakoski

On 28 Mar 2008, at 18:30, Pekka Savola wrote:
> On Fri, 28 Mar 2008, Stefan Fouant wrote:
>> There is some internal debate here in my office today as to whether  
>> or not
>> Juniper can support a BGP implementation in conjunction with VRRP,  
>> as in,
>> BGP is sourced from a VRRP VIP address.
>> Now before everyone attempts to tear me a new one...  I should  
>> state that
>> I'm pretty sure this shouldn't be done and to do so would pretty  
>> much break
>> the protocol in every way imaginable... however, I am being told  
>> that Cisco
>> has some knobs to accomplish this and I just want to be certain if  
>> Juniper
>> can do something along these lines...
> I guess this would work, for some definition of "work", if you add
> "accept-data" under VRRP config.
> The BGP session would flap when VRRP mastership switches (TCP reset,
> so it would likely be re-established quickly), but depending on the
> number of routes carried and some other BGP timers, this would be
> possible.
> I'm not sure what motivation there would be to configure BGP to VIP
> address, instead of just having two BGP sessions and tuning down BGP
> timers (and/or using BFD).
> -- 
> Pekka Savola                 "You each name yourselves king, yet the
> Netcore Oy                    kingdom bleeds."
> Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list