[j-nsp] BGP output queue priorities between RIBs/NLRIs

Tue Jul 28 09:45:49 EDT 2020

See below:

> On Jul 27, 2020, at 11:05 PM, Rob Foehl <rwf at loonybin.net> wrote:
> 
> [External Email. Be cautious of content]
> 
> 
> Anyone know the secret to getting BGP output queue priorities working
> across multiple NLRIs?
> 
> Had trouble with EVPN routes getting stuck behind full refreshes of the v4
> RIB, often for minutes at a time, which causes havoc with the default DF
> election hold timer of 3 seconds.  Bumping those timers up to tens of
> minutes solves this, but... poorly.
> 
> The documentation[1] says:
> 
> "In the default configuration, that is, when no output-queue-priority
> configuration or policy that overrides priority exists, the routing
> protocol process (rpd) enqueues BGP routes into the output queue per
> routing information base (RIB). [...] While processing output queues, the
> BGP update code flushes the output queue for the current RIB before moving
> on to the next RIB that has a non-empty output queue."
> 
> I've tried about a dozen combinations of options, and cannot get any other
> result with inet/evpn routes in the same session -- inet.0 routes always
> arrive ahead of *.evpn.0.  Am I missing something[2], or is that text not
> quite accurate?
> 
> -Rob
> 
> 
> [1] https://www.juniper.net/documentation/en_US/junos/topics/topic-map/bgp-route-prioritization.html
> 
> [2] Highlight reel of failed attempts, all on 19.2R2 thus far:
> 
> - "show bgp output-scheduler" is empty without top-level "protocols bgp
>  output-queue-priority" config, regardless of anything else
> 
> - Top-level "protocols bgp family evpn signaling" priority config -- and
>  nothing else within that stanza -- broke every v6 session on the box,
>  even with family inet6 explicitly configured under those groups

If you're simply trying to prioritize evpn differently than inet unicast, simply having a separate priority for that address family should have been sufficient.

Can you clarify what you mean "broke every v6 session"?

I think what you're running into is one of the generally gross things about the address-family stanza and the inheritance model global => group => neighbor.  If you specify ANY address-family configuration at a given scope level, it doesn't treat it as inheriting the less specific scopes; it overrides it.

FWIW, the use case of "prioritize a family different" is one of the things this was intended to address.  Once you have a working config you may find that you want to do policy driven config and use the route-type policy to prioritize the DF related routes in its own queue.  That way you're not dealing with the swarm of ARP related routes.

-- Jeff

> 
> - Per-group family evpn priority config would show up under "show bgp
>  group output-queues" and similar, but adding family inet would cause the
>  NLRI evpn priority output to disappear
> 
> - Policy-level adjustments to any of the above had no effect between NLRIs
> 
> - "show bgp neighbor output-queue" output always looks like this:
> 
>  Peer: x.x.x.x+179 AS 20021 Local: y.y.y.y+52199 AS n
>    Output Queue[1]: 0            (inet.0, inet-unicast)
> 
>  Peer: x.x.x.x+179 AS 20021 Local: y.y.y.y+52199 AS n
>    Output Queue[2]: 0            (bgp.evpn.0, evpn)
> 
>  ...which seems to fit the default per-RIB behavior as described.
> 
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://urldefense.com/v3/__https://puck.nether.net/mailman/listinfo/juniper-nsp__;!!NEt6yMaO-gk!Xqncm4WhWcDxEBmq2G8Oj_x0PGbBfFynQ62E2OyAj00qIuijy3p3IqwTnSifXP8$