[j-nsp] Full BGP table, one provider w/ 2 routers, slow forwarding convergence

Amos Rosenboim amos at oasis-tech.net
Thu Aug 14 08:41:39 EDT 2014 

Hi,

What model of router are you using ?
What you are describing is a general problem of juniper routers, however it's really bad on the low-mid range routers, MX5-80, the 104 is slightly better but not very.
The stronger REs are less prone for this, although the real solution is a serious change to RPD.
Recent releases should have incremental improvements, although afaik the root cause was not corrected.

There was also another similar issue that involved full routing table and netflow.
I believe this one was corrected in one of the recent releases.

Do you really need full routing table?
Especially when both links are to the same ISP?

There is also an option to filter routes between the RIB and FIB, so you can send the full table downstream but rely on a smaller set of routes for forwarding.

Cheers,

Amos

Sent from my iPhone

On 14 Aug 2014, at 14:59, "Clarke Morledge" <chmorl at wm.edu<mailto:chmorl at wm.edu>> wrote:

I am trying to resolve a forwarding convergence problem in our existing
architecture all doing BGP with full routing feeds with upstream
providers. In one particular case, I am multihomed with one single
provider (single AS) with two routers (A and B)  existing in different
locations for redundancy.

My objective initially is an active/passive scenario, failing over to the
backup link to this provider in the event of a fiber cut, using BFD to
signal to BGP a problem. My first thought was to establish one external
BGP group connecting to neighbor A, sending out my routes without much AS
prepending and setting a high local preference for incoming routes. A
second external BGP group connects to neighbor router B, using lots of AS
prepending for my routes going out, and using a lower local preference for
routes coming in.

In testing the design, my advertisements going out get updated almost
immediately with my upstream provider, per looking at their looking glass
during a "fiber cut." But on my end, even though BGP starts to change
the preference for the incoming routes fairly quickly, it takes a long
time to push the changes to the forwarding tables in the PFE.  With the
full Internet table, I have seen it take up to about 80 to 90 seconds for
a few selected routes.

My objective was to get the failover to complete in less than 20 seconds.
Presumably, if I were only handling the default route, the solution would
be trivial, but at this point I need to keep on receiving the full
Internet table.

Can I do what I need to do with some sort of BGP multipath load balancing,
but with keeping my traffic engineering objectives intact?

Below are some config snippets. Thanks for any suggestions/solutions.

Clarke Morledge
College of William and Mary


--------------------------------

Upstream Provider ASN: 65001
Upstream Provider Router A (Primary): 172.16.0.2
Upstream Provider Router B (Backup): 172.16.1.2


[edit policy-options policy-statement bgp-isp-router-b-out]
term local-16 {
    from {
        route-filter 192.168.0.0/16 exact;
    }
    then {
        as-path-prepend "65002 65002 65002 65002 65002 65002 65002 65002
65002";
        accept;
    }
}

[edit policy-options policy-statement bgp-isp-router-a-out]
term local-16 {
    from {
        route-filter 192.168.0.0/16 exact;
    }
    then {
        as-path-prepend "65002 65002 65002";
        accept;
    }
}
[edit policy-options policy-statement bgp-isp-router-b-in]
term default {
    then {
        local-preference 285;
        accept;
    }
}
[edit policy-options policy-statement bgp-isp-router-a-in]
term default {
    then {
        local-preference 290;
        accept;
    }
}
[protocols bgp]
group isp-router-a {
    type external;
    import bgp-isp-router-a-in;
    export bgp-isp-router-a-out;
    peer-as 65001;
    bfd-liveness-detection {
        minimum-interval 999;
        multiplier 10;
    }
    neighbor 172.16.0.2;
}
group isp-router-b {
    type external;
    import bgp-isp-router-b-in;
    export bgp-isp-router-b-out;
    peer-as 65001;
    bfd-liveness-detection {
        minimum-interval 999;
        multiplier 10;
    }
    neighbor 172.16.1.2;


_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net<mailto:juniper-nsp at puck.nether.net>
https://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list