[j-nsp] MPLS VPN BGP Local Convergence
Phil Bedard
philxor at gmail.com
Sun Jan 25 22:19:55 EST 2015
There is an older feature called MPLS Egress Protection for L3VPNs which
perhaps is being replaced by BGP PIC Edge, since they are both PE
protection mechanisms.
http://www.juniper.net/documentation/en_US/junos14.1/topics/topic-map/mpls-
egress-protection-layer-3-vpn-services-configuration.html
You can use the same feature for protecting labeled unicast global routes
for something like Seamless MPLS or Inter-AS Option C setups.
They also have a feature called L3VPN PE Edge Protection that is
specifically used to setup a backup path to cover a PE-CE failure.
http://www.juniper.net/documentation/en_US/junos14.2/topics/topic-map/layer
-3-vpn-pe-edge-protection.html
Phil
On 1/21/15, 10:52 AM, "Adam Vitkovsky" <avitkovsky at gammatelecom.com> wrote:
>Right the documentation is concerning the BGP PIC Edge just for MPLS
>L3VPNs and in a context that it is a remedy for only PE failure not the
>CE-PE link failure (I'll assume the draft has been followed though).
>But now I'm thinking since it's configured under the routing options
>-wouldn't it work for all AFs i.e. non VPN traffic as well?
>Has anyone tested that please?
>Or has anyone tested the Junos BGP PIC Edge for CE-PE link failure for
>that matter?
>
>
>adam
>> -----Original Message-----
>> From: juniper-nsp [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf
>> Of Adam Vitkovsky
>> Sent: 20 January 2015 23:08
>> To: Saku Ytti; juniper-nsp at puck.nether.net
>> Subject: Re: [j-nsp] MPLS VPN BGP Local Convergence
>>
>> Hi Saku,
>>
>> Yeah the "BGP local convergence" is an old one indeed from days where we
>> had to run iBGP multipath load sharing to get two paths programed into
>>the
>> HW.
>> However this feature is essential for fast convergence.
>>
>> This feature prevents from blackholing during BGP convergence in cases
>> where you have primary and backup egress PEs and a PE-CE link fails on
>>the
>> primary PE.
>> While the BGP infrastructure is converging the ingress PEs keep on
>>sending
>> data towards the primary PE with the failed PE-CE link that would
>>otherwise
>> drop the packets.
>> Primary PE running "MPLS VPN BGP Local Convergence" feature will keep
>>the
>> VPN(e.g. per in-vrf-NH) label for the failed link for some time (which
>>would
>> be otherwise released).
>> But the label no longer points to the egress PE-CE in-vrf-NH but now it
>>points
>> to a NH label on the path towards the backup PE.
>> So that's how the Primary PE does kind of local repair till the BGP
>>converges
>> and ingres PEs start using backup PE as the NH for the VPN prefixes.
>>
>> Right solving a PE router failure is easy as IGP will notify all PEs in
>>no time and
>> they can then start using the preinstalled backup path(PIC) or just
>>reprogram
>> the chained NHs to point to an alternate forwarding NH which should be
>> fairly quick as well.
>>
>> But with failed CE-PE link all you've got to let everybody know is the
>>slow BGP
>> process (unless you put your CE-PE links into IGP which is the way it
>>was
>> done back in the old old days - pure ipv4 BGP core).
>> This is where the BGP local convergence feature becomes handy.
>>
>> adam
>> > -----Original Message-----
>> > From: juniper-nsp [mailto:juniper-nsp-bounces at puck.nether.net] On
>> Behalf
>> > Of Saku Ytti
>> > Sent: 20 January 2015 18:49
>> > To: juniper-nsp at puck.nether.net
>> > Subject: Re: [j-nsp] MPLS VPN BGP Local Convergence
>> >
>> > On (2015-01-20 16:57 +0000), Adam Vitkovsky wrote:
>> >
>> > > Hi Folks,
>> > >
>> > > Is there an equivalent to the "MPLS VPN BGP Local Convergence"
>>feature
>> > on Junos please?
>> > > Possibly for non VPN prefixes as well.
>> >
>> >
>> http://www.juniper.net/documentation/en_US/junos14.2/topics/task/confi
>> > guration/layer3-vpn-bgp-pic-edge-configuring.html
>> >
>> > I don't really recall difference in 'local convergence' and BGP PIC,
>>but I
>> > seem to recall, 'local convergence' didn't install backup path, but
>> > recalculated it when fault occurred.
>> > I don't know if this inferior version is available in JunOS or if
>>you'd even
>> > want to run it, if it were.
>> >
>> > <rant>
>> > Unfortunately only for VPN. Why oh why do we have concept of global
>> table
>> > and
>> > VRF, INET should in same code path as VRF, with no special treatment.
>> > Juniper
>> > still introduced in 14.2 features that work only in global table.
>>This feature
>> > disparity between global and vrf is highly annoying. And I'm sure it
>>adds
>> > development costs to consider these different things. Rather than pay
>>one
>> > time
>> > cost to redesign the legacy code, vendors opt to pay for decades to
>>support
>> > the old architecture which things they are different things.
>> > </rant>
>> >
>> >
>> > --
>> > ++ytti
>> > _______________________________________________
>> > juniper-nsp mailing list juniper-nsp at puck.nether.net
>> > https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>>-------------------------------------------------------------------------
>>--------------
>> This email has been scanned for email related threats and delivered
>>safely
>> by Mimecast.
>> For more information please visit http://www.mimecast.com
>>
>>-------------------------------------------------------------------------
>>--------------
>>
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>--------------------------------------------------------------------------
>-------------
> This email has been scanned for email related threats and delivered
>safely by Mimecast.
> For more information please visit http://www.mimecast.com
>--------------------------------------------------------------------------
>-------------
>
>_______________________________________________
>juniper-nsp mailing list juniper-nsp at puck.nether.net
>https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list