[j-nsp] BGP output queue priorities between RIBs/NLRIs
Michael Hare
michael.hare at wisc.edu
Tue Jul 28 11:25:50 EDT 2020
I'm quite interesting in this topic as I am in the same boat. I have problems similar to Rob in 18.3R3.
We do have jtac support but I haven't contacted them; a time/priority issue so far.
- "show bgp output-scheduler" is empty without top-level "protocols bgp output-queue-priority" config, regardless of anything else
= same here, so I pasted a canonical top level from https://www.juniper.net/documentation/en_US/junos/topics/topic-map/bgp-route-prioritization.html]
= I'm not sure I get the significance of the defaults section if priority has a token assignment; what ends up in low/medium/high by default? Is his related to assignment via policy-statement?
protocols {
bgp {
output-queue-priority {
expedited update-tokens 100;
priority 1 update-tokens 1;
priority 2 update-tokens 10;
..
..
priority 15 update-tokens 75;
priority 16 update-tokens 80;
defaults {
low priority 1;
medium priority 10;
high expedited;
}
}
}
}
Anyway, I tried the following under lab iBGP, for fun, to prioritize VPN-ish things before global [for us internet is NOT in VRF].
Group: iBGP-reflector-client-v4
family inet-vpn {
unicast {
output-queue-priority priority 10;
route-refresh-priority priority 4;
withdraw-priority priority 16;
}
}
family inet6-vpn {
unicast {
output-queue-priority priority 10;
route-refresh-priority priority 4;
withdraw-priority priority 16;
}
}
family evpn {
signaling {
output-queue-priority priority 11;
route-refresh-priority priority 5;
withdraw-priority expedited;
}
}
And output [below] is implying on the first nlri in the list has priority. Where is the priority output for evpn and inet6-vpn-unicast? With this technique must you do a different group per NLRI?
Lastly the lack of counters and reliance on gauges makes it really difficult to determine what is going .
@lab # run show bgp group output-queues iBGP-reflector-client-v4
Group Type: Internal AS: 65400 Local AS: 65400
Name: iBGP-reflector-client-v4 Index: 4 Flags: <Export Eval>
Export: [ flowspec-advertise select-iBGP-reflector-routes next-hop-self accept-selected-routes ]
Options: <Confed>
Holdtime: 0
NLRI inet-vpn-unicast:
OutQ: priority 10 RRQ: priority 4 WDQ: priority 16
Total peers: 2 Established: 2
$rrip1+179
$rrip2+179
Table Tot Paths Act Paths Suppressed History Damp State Pending
inet.0
12 0
inetflow.0
0 0
bgp.l3vpn.0
6 0
bgp.l3vpn-inet6.0
6 0
bgp.evpn.0
38 0
L3VPN-9105.inet.0
1 0
L3VPN-9105.inet6.0
1 0
L3VPN-9104.inet.0
1 0
L3VPN-9104.inet6.0
1 0
EVPN-9100.evpn.0
31 0
EVPN-9101.evpn.0
3 0
__default_evpn__.evpn.0
4 0
[FIN]
-Michael
> -----Original Message-----
> From: juniper-nsp <juniper-nsp-bounces at puck.nether.net> On Behalf Of Rob
> Foehl
> Sent: Monday, July 27, 2020 10:06 PM
> To: juniper-nsp at puck.nether.net
> Subject: [j-nsp] BGP output queue priorities between RIBs/NLRIs
>
> Anyone know the secret to getting BGP output queue priorities working
> across multiple NLRIs?
>
> Had trouble with EVPN routes getting stuck behind full refreshes of the v4
> RIB, often for minutes at a time, which causes havoc with the default DF
> election hold timer of 3 seconds. Bumping those timers up to tens of
> minutes solves this, but... poorly.
>
> The documentation[1] says:
>
> "In the default configuration, that is, when no output-queue-priority
> configuration or policy that overrides priority exists, the routing
> protocol process (rpd) enqueues BGP routes into the output queue per
> routing information base (RIB). [...] While processing output queues, the
> BGP update code flushes the output queue for the current RIB before moving
> on to the next RIB that has a non-empty output queue."
>
> I've tried about a dozen combinations of options, and cannot get any other
> result with inet/evpn routes in the same session -- inet.0 routes always
> arrive ahead of *.evpn.0. Am I missing something[2], or is that text not
> quite accurate?
>
> -Rob
>
>
> [1] https://www.juniper.net/documentation/en_US/junos/topics/topic-
> map/bgp-route-prioritization.html
>
> [2] Highlight reel of failed attempts, all on 19.2R2 thus far:
>
> - "show bgp output-scheduler" is empty without top-level "protocols bgp
> output-queue-priority" config, regardless of anything else
>
> - Top-level "protocols bgp family evpn signaling" priority config -- and
> nothing else within that stanza -- broke every v6 session on the box,
> even with family inet6 explicitly configured under those groups
>
> - Per-group family evpn priority config would show up under "show bgp
> group output-queues" and similar, but adding family inet would cause the
> NLRI evpn priority output to disappear
>
> - Policy-level adjustments to any of the above had no effect between NLRIs
>
> - "show bgp neighbor output-queue" output always looks like this:
>
> Peer: x.x.x.x+179 AS 20021 Local: y.y.y.y+52199 AS n
> Output Queue[1]: 0 (inet.0, inet-unicast)
>
> Peer: x.x.x.x+179 AS 20021 Local: y.y.y.y+52199 AS n
> Output Queue[2]: 0 (bgp.evpn.0, evpn)
>
> ...which seems to fit the default per-RIB behavior as described.
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list