Вы находитесь на странице: 1из 55

CP-1007 Optimizing BGP

Jeff Doyle Principal Architect

FishNet Security

CP-1007 – Optimizing BGP Jeff Doyle Principal Architect FishNet Security

Agenda

Introduction

Improving Failure Detection and Convergence

Improving BGP Performance

Improving BGP Management

Conclusion

© 2014 Cisco and/or its affiliates. All rights reserved.

3

BGP Performance • Improving BGP Management • Conclusion © 2014 Cisco and/or its affiliates. All rights

Introduction

Introduction
What’s So Special About BGP? • Optimized for complex policy support – Menu of path

What’s So Special About BGP?

Optimized for complex policy support

Menu of path attributes

Control incoming, internal, and outgoing routes separately

Menu of tools for setting policy

Route maps

Prefix filters

AS_PATH filters

Policy maps

Segmentation

Routes between (EBGP) or through (IBGP) Autonomous Systems

Path Vector protocol

Multiple address family support

Enables one protocol to support a multiservice core

© 2014 Cisco and/or its affiliates. All rights reserved.

5

– Enables one protocol to support a multiservice core © 2014 Cisco and/or its affiliates. All
BGP Overview Path Vector AS1 218.54.0.0/16 AS5 © 2014 Cisco and/or its affiliates. All rights

BGP Overview

Path Vector

AS1

218.54.0.0/16

AS5

© 2014 Cisco and/or its affiliates. All rights reserved.

AS6

AS2

6

AS3

AS4

Overview Path Vector AS1 218.54.0.0/16 AS5 © 2014 Cisco and/or its affiliates. All rights reserved. AS6
BGP Overview Path Vector AS1 218.54.0.0/16 AS6 AS3 [1] 218.54.0.0/16 > 218.54.0.0/16 [1] 218.54.0.0/16 [1]

BGP Overview

Path Vector

AS1 218.54.0.0/16 AS6 AS3 [1] 218.54.0.0/16 > 218.54.0.0/16 [1] 218.54.0.0/16 [1] AS5 AS2 AS4 >
AS1
218.54.0.0/16
AS6
AS3
[1]
218.54.0.0/16
> 218.54.0.0/16 [1]
218.54.0.0/16
[1]
AS5
AS2
AS4
> 218.54.0.0/16 [1]

© 2014 Cisco and/or its affiliates. All rights reserved.

7

218.54.0.0/16 [1] AS5 AS2 AS4 > 218.54.0.0/16 [1] © 2014 Cisco and/or its affiliates. All rights
BGP Overview Path Vector AS1 218.54.0.0/16 AS5 > 218.54.0.0/16 [1] 218.54.0.0/16 [5, 1] © 2014

BGP Overview

Path Vector

BGP Overview Path Vector AS1 218.54.0.0/16 AS5 > 218.54.0.0/16 [1] 218.54.0.0/16 [5, 1] © 2014 Cisco

AS1

218.54.0.0/16

AS5 > 218.54.0.0/16 [1]
AS5
> 218.54.0.0/16 [1]
Path Vector AS1 218.54.0.0/16 AS5 > 218.54.0.0/16 [1] 218.54.0.0/16 [5, 1] © 2014 Cisco and/or its
Path Vector AS1 218.54.0.0/16 AS5 > 218.54.0.0/16 [1] 218.54.0.0/16 [5, 1] © 2014 Cisco and/or its

218.54.0.0/16

[5, 1]

AS5 > 218.54.0.0/16 [1] 218.54.0.0/16 [5, 1] © 2014 Cisco and/or its affiliates. All rights reserved.

© 2014 Cisco and/or its affiliates. All rights reserved.

AS6 > 218.54.0.0/16 [1]
AS6
> 218.54.0.0/16 [1]
AS2 > 218.54.0.0/16 [5, 1]
AS2
> 218.54.0.0/16 [5, 1]

8

AS6 > 218.54.0.0/16 [1] AS2 > 218.54.0.0/16 [5, 1] 8 218.54.0.0/16 [6, 1] AS3 > 218.54.0.0/16
AS6 > 218.54.0.0/16 [1] AS2 > 218.54.0.0/16 [5, 1] 8 218.54.0.0/16 [6, 1] AS3 > 218.54.0.0/16

218.54.0.0/16

[6, 1]

AS6 > 218.54.0.0/16 [1] AS2 > 218.54.0.0/16 [5, 1] 8 218.54.0.0/16 [6, 1] AS3 > 218.54.0.0/16
AS6 > 218.54.0.0/16 [1] AS2 > 218.54.0.0/16 [5, 1] 8 218.54.0.0/16 [6, 1] AS3 > 218.54.0.0/16

AS3

> 218.54.0.0/16 [6, 1]

AS6 > 218.54.0.0/16 [1] AS2 > 218.54.0.0/16 [5, 1] 8 218.54.0.0/16 [6, 1] AS3 > 218.54.0.0/16

AS4

AS6 > 218.54.0.0/16 [1] AS2 > 218.54.0.0/16 [5, 1] 8 218.54.0.0/16 [6, 1] AS3 > 218.54.0.0/16
BGP Overview Path Vector AS1 218.54.0.0/16 AS5 > 218.54.0.0/16 [1] © 2014 Cisco and/or its

BGP Overview

Path Vector

AS1

218.54.0.0/16

AS5 > 218.54.0.0/16 [1]
AS5
> 218.54.0.0/16 [1]

© 2014 Cisco and/or its affiliates. All rights reserved.

AS6 > 218.54.0.0/16 [1]
AS6
> 218.54.0.0/16 [1]
AS2 > 218.54.0.0/16 [5, 1]
AS2
> 218.54.0.0/16 [5, 1]

9

AS3 > 218.54.0.0/16 [6, 1]
AS3
> 218.54.0.0/16 [6, 1]
218.54.0.0/16 [2, 5, 1]
218.54.0.0/16
[2, 5, 1]
AS4 > 218.54.0.0/16 [2, 5, 1]
AS4
> 218.54.0.0/16 [2, 5, 1]
> 218.54.0.0/16 [5, 1] 9 AS3 > 218.54.0.0/16 [6, 1] 218.54.0.0/16 [2, 5, 1] AS4 >
BGP Overview Path Vector AS1 218.54.0.0/16 AS5 > 218.54.0.0/16 [1] © 2014 Cisco and/or its

BGP Overview

Path Vector

AS1

218.54.0.0/16

AS5 > 218.54.0.0/16 [1]
AS5
> 218.54.0.0/16 [1]

© 2014 Cisco and/or its affiliates. All rights reserved.

AS6 > 218.54.0.0/16 [1]
AS6
> 218.54.0.0/16 [1]
AS2 > 218.54.0.0/16 [5, 1]
AS2
> 218.54.0.0/16 [5, 1]

10

AS3 > 218.54.0.0/16 [6, 1] 218.54.0.0/16 [4, 2, 5,1] 218.54.0.0/16 [4, 2, 5, 1] AS4
AS3
> 218.54.0.0/16 [6, 1]
218.54.0.0/16 [4, 2, 5,1]
218.54.0.0/16
[4, 2, 5, 1]
AS4
> 218.54.0.0/16 [2, 5, 1]
BGP Overview Path Vector AS1 218.54.0.0/16 AS5 > 218.54.0.0/16 [1] © 2014 Cisco and/or its

BGP Overview

Path Vector

AS1

218.54.0.0/16

AS5 > 218.54.0.0/16 [1]
AS5
> 218.54.0.0/16 [1]

© 2014 Cisco and/or its affiliates. All rights reserved.

AS6 > 218.54.0.0/16 [1]
AS6
> 218.54.0.0/16 [1]
AS2 > 218.54.0.0/16 [5, 1]
AS2
> 218.54.0.0/16 [5, 1]

11

AS3 > 218.54.0.0/16 [6, 1] 218.54.0.0/16 [4, 2, 5,1]
AS3
> 218.54.0.0/16 [6, 1]
218.54.0.0/16 [4, 2, 5,1]
AS4 > 218.54.0.0/16 [2, 5, 1]
AS4
> 218.54.0.0/16 [2, 5, 1]
218.54.0.0/16 [5, 1] 11 AS3 > 218.54.0.0/16 [6, 1] 218.54.0.0/16 [4, 2, 5,1] AS4 > 218.54.0.0/16
BGP Overview BGP Messages • Open • Update • Notification • Keepalive • Route Refresh

BGP Overview

BGP Messages

Open

Update

Notification

Keepalive

Route Refresh

© 2014 Cisco and/or its affiliates. All rights reserved.

12

Update • Notification • Keepalive • Route Refresh © 2014 Cisco and/or its affiliates. All rights
BGP Overview BGP Messages • Open – Type 1 – Requests BGP session open to

BGP Overview

BGP Messages

Open

Type 1

Requests BGP session open to a neighbor

Sent after TCP session is established

Update

Notification

Keepalive

Route Refresh

© 2014 Cisco and/or its affiliates. All rights reserved.

13

Update • Notification • Keepalive • Route Refresh © 2014 Cisco and/or its affiliates. All rights
BGP Overview BGP Messages • Open • Update – Type 2 – Network Layer Reachability

BGP Overview

BGP Messages

Open

Update

Type 2

Network Layer Reachability Information (NLRI)

Path attributes

Withdrawn routes

Notification

Keepalive

Route Refresh

© 2014 Cisco and/or its affiliates. All rights reserved.

14

routes • Notification • Keepalive • Route Refresh © 2014 Cisco and/or its affiliates. All rights
BGP Overview BGP Messages • Open • Update • Notification – Type 3 – Notifies

BGP Overview

BGP Messages

Open

Update

Notification

Type 3

Notifies neighbor of detected error

BGP session always closed after sending Notification

Keepalive

Route Refresh

© 2014 Cisco and/or its affiliates. All rights reserved.

15

after sending Notification • Keepalive • Route Refresh © 2014 Cisco and/or its affiliates. All rights
BGP Overview BGP Messages • Open • Update • Notification • Keepalive – Type 4

BGP Overview

BGP Messages

Open

Update

Notification

Keepalive

Type 4

Periodically sent after BGP session is open

Default 60 seconds

Route Refresh

© 2014 Cisco and/or its affiliates. All rights reserved.

16

session is open – Default 60 seconds • Route Refresh © 2014 Cisco and/or its affiliates.
BGP Overview BGP Messages • Open • Update • Notification • Keepalive • Route Refresh

BGP Overview

BGP Messages

Open

Update

Notification

Keepalive

Route Refresh

Type 5

RFC 2918

Asks neighbor to re-send Adj-RIB-Out

Allows non-disruptive application of new inbound policies

© 2014 Cisco and/or its affiliates. All rights reserved.

17

Allows non-disruptive application of new inbound policies © 2014 Cisco and/or its affiliates. All rights reserved.
BGP Overview BGP Routing Information Base (RIB) Outgoing Incoming Route Policies Route Policies BGP Incoming

BGP Overview

BGP Routing Information Base (RIB)

Outgoing Incoming Route Policies Route Policies BGP Incoming Outgoing Adj-RIBs-In Decision Loc-RIB Adj-RIBs-Out
Outgoing
Incoming
Route Policies
Route Policies
BGP
Incoming
Outgoing
Adj-RIBs-In
Decision
Loc-RIB
Adj-RIBs-Out
Updates
Updates
Process
Routing Table
Locally Injected
Routes

© 2014 Cisco and/or its affiliates. All rights reserved.

18

BGP Overview The IOS BGP Process Eldora# show processes cpu | include BGP 225 636

BGP Overview

The IOS BGP Process

Eldora#show processes cpu | include BGP

225

636

335

1898 0.08% 0.11% 0.12%

0 BGP Router

226

120

75

1600 0.00% 0.04% 0.02%

0 BGP I/O

227

92

10

9200 0.00% 0.07% 0.02%

0 BGP Scanner

228

0

1

0 0.00% 0.00% 0.00%

0 BGP Event

Eldora#

Incoming

BGP

Updates TCP BGP BGP BGP BGP BGP TCP InQ OutQ Socket I/O Router Table Router
Updates
TCP
BGP
BGP
BGP
BGP
BGP
TCP
InQ
OutQ
Socket
I/O
Router
Table
Router
I/O
Socket
BGP
BGP
Router
Scanner

© 2014 Cisco and/or its affiliates. All rights reserved.

Routing Table (RIB) 19
Routing
Table
(RIB)
19

Outgoing

BGP

Updates

Router Scanner © 2014 Cisco and/or its affiliates. All rights reserved. Routing Table (RIB) 19 Outgoing
BGP Overview Stuff We Don’t Have Time to Cover • Neighbor states • Differences in

BGP Overview

Stuff We Don’t Have Time to Cover

Neighbor states

Differences in EBGP and IBGP rules

BGP decision process

Policy configuration

Scaling tools

Route Reflectors

Confederations

© 2014 Cisco and/or its affiliates. All rights reserved.

20

• Scaling tools – Route Reflectors – Confederations © 2014 Cisco and/or its affiliates. All rights
BGP Challenges Failure Detection • Default keepalive interval: • Default hold time: 60 seconds 180

BGP Challenges

Failure Detection

Default keepalive interval:

Default hold time:

60 seconds 180 seconds

Neighbor “declared dead” only after hold time expires

Aggressive keepalives and hold times can cause false flapping

© 2014 Cisco and/or its affiliates. All rights reserved.

21

Aggressive keepalives and hold times can cause false flapping © 2014 Cisco and/or its affiliates. All
BGP Challenges Slow Convergence © 2014 Cisco and/or its affiliates. All rights reserved. 22

BGP Challenges

Slow Convergence

BGP Challenges Slow Convergence © 2014 Cisco and/or its affiliates. All rights reserved. 22

© 2014 Cisco and/or its affiliates. All rights reserved.

22

BGP Challenges Slow Convergence © 2014 Cisco and/or its affiliates. All rights reserved. 22
BGP Challenges Slow Convergence X © 2014 Cisco and/or its affiliates. All rights reserved. 23

BGP Challenges

Slow Convergence

X
X

© 2014 Cisco and/or its affiliates. All rights reserved.

23

BGP Challenges Slow Convergence X © 2014 Cisco and/or its affiliates. All rights reserved. 23
BGP Challenges Slow Convergence X 1. Failure detected 2. Invalid routes deleted (BGP table, FIB,

BGP Challenges

Slow Convergence

X
X

1. Failure detected

2. Invalid routes deleted (BGP table, FIB, RIB)

3. Alternate routes (if any) installed

© 2014 Cisco and/or its affiliates. All rights reserved.

24

table, FIB, RIB) 3. Alternate routes (if any) installed © 2014 Cisco and/or its affiliates. All
BGP Challenges Slow Convergence X 1. Failure detected 2. Invalid routes deleted (BGP table, FIB,

BGP Challenges

Slow Convergence

X
X

1. Failure detected

2. Invalid routes deleted (BGP table, FIB, RIB)

3. Alternate routes (if any) installed

table, FIB, RIB) 3. Alternate routes (if any) installed 4. Update(s) generated and sent, withdrawing effected
table, FIB, RIB) 3. Alternate routes (if any) installed 4. Update(s) generated and sent, withdrawing effected

4. Update(s) generated and sent, withdrawing effected routes

4. Update(s) generated and sent, withdrawing effected routes © 2014 Cisco and/or its affiliates. All rights

© 2014 Cisco and/or its affiliates. All rights reserved.

25

BGP Challenges Slow Convergence X 1. Failure detected 2. Invalid routes deleted (BGP table, FIB,

BGP Challenges

Slow Convergence

X
X

1. Failure detected

2. Invalid routes deleted (BGP table, FIB, RIB)

3. Alternate routes (if any) installed

table, FIB, RIB) 3. Alternate routes (if any) installed 4. Update(s) generated and sent, withdrawing effected
table, FIB, RIB) 3. Alternate routes (if any) installed 4. Update(s) generated and sent, withdrawing effected

4. Update(s) generated and sent, withdrawing effected routes

5. Update(s) processed, withdrawn routes removed 6. Alternate routes (if any) evaluated, new best paths

5. Update(s) processed, withdrawn routes removed

6. Alternate routes (if any) evaluated, new best paths installed

© 2014 Cisco and/or its affiliates. All rights reserved.

26

Alternate routes (if any) evaluated, new best paths installed © 2014 Cisco and/or its affiliates. All
BGP Challenges Slow Convergence X 1. Failure detected 2. Invalid routes deleted (BGP table, FIB,

BGP Challenges

Slow Convergence

BGP Challenges Slow Convergence X 1. Failure detected 2. Invalid routes deleted (BGP table, FIB, RIB)

X

1. Failure detected 2. Invalid routes deleted (BGP table, FIB, RIB) 3. Alternate routes (if

1. Failure detected

2. Invalid routes deleted (BGP table, FIB, RIB)

3. Alternate routes (if any) installed

table, FIB, RIB) 3. Alternate routes (if any) installed 4. Update(s) generated and sent, withdrawing effected
table, FIB, RIB) 3. Alternate routes (if any) installed 4. Update(s) generated and sent, withdrawing effected

4. Update(s) generated and sent, withdrawing effected routes

5. Update(s) processed, withdrawn routes removed 6. Alternate routes (if any) evaluated, new best paths

5. Update(s) processed, withdrawn routes removed

6. Alternate routes (if any) evaluated, new best paths installed

routes (if any) evaluated, new best paths installed 7. Update(s) generated and sent, withdrawing effected routes
routes (if any) evaluated, new best paths installed 7. Update(s) generated and sent, withdrawing effected routes
routes (if any) evaluated, new best paths installed 7. Update(s) generated and sent, withdrawing effected routes
routes (if any) evaluated, new best paths installed 7. Update(s) generated and sent, withdrawing effected routes
routes (if any) evaluated, new best paths installed 7. Update(s) generated and sent, withdrawing effected routes
routes (if any) evaluated, new best paths installed 7. Update(s) generated and sent, withdrawing effected routes
routes (if any) evaluated, new best paths installed 7. Update(s) generated and sent, withdrawing effected routes
routes (if any) evaluated, new best paths installed 7. Update(s) generated and sent, withdrawing effected routes

7. Update(s) generated and sent, withdrawing effected routes

and advertising new best paths

© 2014 Cisco and/or its affiliates. All rights reserved.

27

withdrawing effected routes and advertising new best paths © 2014 Cisco and/or its affiliates. All rights
BGP Challenges Slow Convergence X 1. Failure detected 2. Invalid routes deleted (BGP table, FIB,

BGP Challenges

Slow Convergence

BGP Challenges Slow Convergence X 1. Failure detected 2. Invalid routes deleted (BGP table, FIB, RIB)

X

1. Failure detected 2. Invalid routes deleted (BGP table, FIB, RIB) 3. Alternate routes (if

1. Failure detected

2. Invalid routes deleted (BGP table, FIB, RIB)

3. Alternate routes (if any) installed

table, FIB, RIB) 3. Alternate routes (if any) installed 4. Update(s) generated and sent, withdrawing effected
table, FIB, RIB) 3. Alternate routes (if any) installed 4. Update(s) generated and sent, withdrawing effected

4. Update(s) generated and sent, withdrawing effected routes

5. Update(s) processed, withdrawn routes removed 6. Alternate routes (if any) evaluated, new best paths

5. Update(s) processed, withdrawn routes removed

6. Alternate routes (if any) evaluated, new best paths installed

routes (if any) evaluated, new best paths installed 7. Update(s) generated and sent, withdrawing effected routes
routes (if any) evaluated, new best paths installed 7. Update(s) generated and sent, withdrawing effected routes
routes (if any) evaluated, new best paths installed 7. Update(s) generated and sent, withdrawing effected routes
routes (if any) evaluated, new best paths installed 7. Update(s) generated and sent, withdrawing effected routes
routes (if any) evaluated, new best paths installed 7. Update(s) generated and sent, withdrawing effected routes
routes (if any) evaluated, new best paths installed 7. Update(s) generated and sent, withdrawing effected routes
routes (if any) evaluated, new best paths installed 7. Update(s) generated and sent, withdrawing effected routes
routes (if any) evaluated, new best paths installed 7. Update(s) generated and sent, withdrawing effected routes

7. Update(s) generated and sent, withdrawing effected routes

and advertising new best paths

© 2014 Cisco and/or its affiliates. All rights reserved.

8. Repeat….

28

routes and advertising new best paths © 2014 Cisco and/or its affiliates. All rights reserved. 8.
BGP Challenges Route Storage and Processing © 2014 Cisco and/or its affiliates. All rights reserved.

BGP Challenges

Route Storage and Processing

© 2014 Cisco and/or its affiliates. All rights reserved.

Source: www.potaroo.net

29

Route Storage and Processing © 2014 Cisco and/or its affiliates. All rights reserved. Source: www.potaroo.net 29
BGP Challenges Route Storage and Processing Source: www.potaroo.net © 2014 Cisco and/or its affiliates. All

BGP Challenges

Route Storage and Processing

Source: www.potaroo.net

© 2014 Cisco and/or its affiliates. All rights reserved.

route-views>show ip bgp summary [Information removed]

 

Neighbor

V

AS MsgRcvd MsgSent

TblVer InQ OutQ Up/Down State/PfxRcd

4.69.184.193

4

3356 1594049

16329 8730261

0

0 1w3d

497768

12.0.1.63

4

7018 2444534

11750 8730261

0

0 1w3d

499387

66.59.190.221

4

6539 658504

18212 8730261

0

0 1w3d

503979

66.110.0.86

4

6453 932399

11758 8730261

0

0 1w3d

499327

66.110.0.124

4

6453

0

0

1

0

0 never

Idle

66.185.128.48

4

1668 2019709

34221 8730261

0

0 1w3d

496950

69.31.111.244

4

4436 1528658

27161 8730261

0

0 1w1d

500482

89.149.178.10

4

3257 808553

2996 8730261

0

0 1w2d

499700

114.31.199.1

4

4826 1055694

18230 8730261

0

0 1w3d

508501

128.223.253.10

4

3582 1040285

34215 8730261

0

0 1w3d

501209

129.250.0.11

4

2914 1755917

32286 8730261

0

0 1w3d

499711

134.222.87.1

4

286 3930199

14884 8730261

0

0 1w2d

500985

144.228.241.130

4

1239 319848

5412 8730261

0

0 5d15h

498997

154.11.11.113

4

852

0

0

1

0

0 never

Active

154.11.98.225

4

852 1368774

16301 8730261

0

0 1w3d

503369

157.130.10.233

4

701 814025

32262 8730261

0

0 1w3d

498385

162.250.137.254

4

4901 579351

32271 8730261

0

0 1w3d

500811

164.128.32.11

4

3303 603220

9836 8730261

0

0 1w3d

443763

192.203.116.253

4

22388 105312

9844 8730261

0

0 1w3d

14454

193.0.0.56

4

3333 2726844

32254 8730261

0

0 1w3d

506291

194.85.40.15

4

3267 1295694

16286 8730261

0

0 1w3d

508215

194.85.102.33

4

3277 1309804

9841 8730261

0

0 1w3d

511982

195.66.232.239

4

5459 865295

9838 8730261

0

0 1w3d

420027

196.7.106.245

4

2905 10531 3968 8730261

0

0 2d11h

3761

202.232.0.2

4

2497 1065618 9839 8730261

0

0 1w3d

501413

202.249.2.86

4

7500 410442 7578 8730261

0

0 4d18h

508870

203.62.252.186

4

1221 591747

9829 8730261

0

0 1w3d

501338

203.181.248.168

4

7660 1051042

2993 8730261

0

0 1w2d

506877

206.24.210.80

4

3561 944009

5409 8730261

0

0 5d15h

499857

207.46.32.34

4

8075

0

0

1

0

0 never

Active

207.172.6.1

4

6079 1039070

16270 8730261

0

0 1w3d

499438

207.172.6.20

4

6079 1042677

16282 8730261

0

0 1w3d

499446

208.51.134.254

4

3549 1035057

14823 8730261

0

0 1w2d

500149

208.74.64.40

4

19214 1038983

16289 8730261

0

0 1w3d

500582

209.124.176.223 4

101 3626021

32214 8730261

0

0 1w3d

506792

216.218.252.164

4

6939 2588621

16274 8730261

0

0 1w3d

504974

217.75.96.60

4

16150 1080296

9828 8730261

0

0 1w3d

499310

route-views>

 

Source: University of Oregon Route Views Project

30

BGP Challenges Configuration Management • BGP and policy configurations can be huge • Session and

BGP Challenges

Configuration Management

BGP and policy configurations can be huge

Session and policy configurations are often repetitive

Or at least share common characteristics

Processing policy configurations can be CPU intensive

© 2014 Cisco and/or its affiliates. All rights reserved.

31

• Processing policy configurations can be CPU intensive © 2014 Cisco and/or its affiliates. All rights
What Do We Mean By BGP Optimization? • Faster failure detection • Faster convergence •

What Do We Mean By BGP Optimization?

Faster failure detection

Faster convergence

Better local performance

More efficient configuration management

© 2014 Cisco and/or its affiliates. All rights reserved.

32

performance • More efficient configuration management © 2014 Cisco and/or its affiliates. All rights reserved. 32

Improving Failure Detection and

Convergence

Improving Failure Detection and Convergence
Changing BGP Hold Time • Default keepalive interval: • Default hold time: • If hold

Changing BGP Hold Time

Default keepalive interval:

Default hold time:

If hold time is reduced, reduce keepalive interval accordingly

Overly aggressive timers can cause mistaken flaps

60 seconds 180 seconds

BGP busy with other things

Keepalives, hold times processed in software

timers bgp keepalive holdtime [min-holdtime]

© 2014 Cisco and/or its affiliates. All rights reserved.

34

in software timers bgp keepalive holdtime [min-holdtime] © 2014 Cisco and/or its affiliates. All rights reserved.
Fast External Failover • Tears down EBGP session as soon as link to neighbor fails

Fast External Failover

Tears down EBGP session as soon as link to neighbor fails

Enabled by default

Fast failover flapping links can cause BGP instabilities

Global configuration:

bgp fast-external-failover

Interface configuration (for more granularity):

ip bgp fast-external-failover [permit | deny]

© 2014 Cisco and/or its affiliates. All rights reserved.

35

granularity): ip bgp fast-external-failover [permit | deny] © 2014 Cisco and/or its affiliates. All rights reserved.
Bidirectional Forwarding Detection (BFD) • Very fast failure detection • Processed in hardware • Independent

Bidirectional Forwarding Detection (BFD)

Very fast failure detection

Processed in hardware

Independent of media types and encapsulations

BFD can be shared by multiple protocols

Interface configuration:

bfd interval milliseconds min_rx milliseconds multiplier interval-multiplier

BGP configuration:

neighbor ip-address fall-over bfd

© 2014 Cisco and/or its affiliates. All rights reserved.

36

BGP configuration: neighbor ip-address fall-over bfd © 2014 Cisco and/or its affiliates. All rights reserved. 36
Next-Hop Tracking (NHT) • Event-driven removal of BGP prefixes from RIB • Improves IBGP convergence

Next-Hop Tracking (NHT)

Event-driven removal of BGP prefixes from RIB

Improves IBGP convergence time

IGP changes in next-hop addresses scanned quickly

Default trigger time: 5 seconds

Does not wait for BGP Scanner

Does not wait for hold timer

BGP routes with no next-hop are removed

Enabled by default

bgp nexthop {trigger delay seconds | route-map map-name}

© 2014 Cisco and/or its affiliates. All rights reserved.

37

nexthop { trigger delay seconds | route-map map-name } © 2014 Cisco and/or its affiliates. All
Prefix-Independent Convergence (PIC) • Can reduce reconvergence to sub-second for individual prefixes – Assuming

Prefix-Independent Convergence (PIC)

Can reduce reconvergence to sub-second for individual prefixes

Assuming there is another path available

Similar concept to EIGRP feasible routes

Alternate path pre-installed in FIB

bgp additional-paths select best-external

© 2014 Cisco and/or its affiliates. All rights reserved.

38

in FIB bgp additional-paths select best-external © 2014 Cisco and/or its affiliates. All rights reserved. 38
TCP Transport • TCP port 179 • Default TCP Maximum Segment Size (MSS) = 536

TCP Transport

TCP port 179

Default TCP Maximum Segment Size (MSS) = 536 octets

Path MTU Discovery can negotiate larger MSS sizes

More efficient packing of Update messages

PMTU enabled by default in modern IOS

bgp transport path-mtu-discovery

© 2014 Cisco and/or its affiliates. All rights reserved.

39

by default in modern IOS bgp transport path-mtu-discovery © 2014 Cisco and/or its affiliates. All rights

Improving BGP Performance

Improving BGP Performance
BGP Scan Timer Eldora# debug ip bgp events BGP events debugging is on Eldora# *Mar

BGP Scan Timer

Eldora#debug ip bgp events BGP events debugging is on Eldora# *Mar 9 07:33:20.943: BGP: Performing BGP general scanning *Mar 9 07:33:20.947: BGP(0): scanning IPv4 Unicast routing tables *Mar 9 07:33:20.947: BGP(IPv4 Unicast): Performing BGP Nexthop scanning for general scan *Mar 9 07:33:20.951: BGP(0): Future scanner version: 74, current scanner version: 73 *Mar 9 07:33:20.951: BGP(1): scanning IPv6 Unicast routing tables *Mar 9 07:33:20.955: BGP(IPv6 Unicast): Performing BGP Nexthop scanning for general scan *Mar 9 07:33:20.955: BGP(1): Future scanner version: 75, current scanner version: 74

.

.

.

*Mar 9 07:33:20.959: BGP(NSAP Unicast): Performing BGP Nexthop scanning for general scan *Mar 9 07:33:20.959: BGP(6): Future scanner version: 75, current scanner version: 74

*Mar 9 07:33:35.959: BGP: Import timer expired. Walking from 1 to 1 *Mar 9 07:33:50.967: BGP: Import timer expired. Walking from 1 to 1 *Mar 9 07:34:05.979: BGP: Import timer expired. Walking from 1 to 1 *Mar 9 07:34:20.983: BGP: Performing BGP general scanning *Mar 9 07:34:20.983: BGP(0): scanning IPv4 Unicast routing tables *Mar 9 07:34:20.987: BGP(IPv4 Unicast): Performing BGP Nexthop scanning for general scan *Mar 9 07:34:20.987: BGP(0): Future scanner version: 75, current scanner version: 74 *Mar 9 07:34:20.991: BGP(1): scanning IPv6 Unicast routing tables *Mar 9 07:34:20.991: BGP(IPv6 Unicast): Performing BGP Nexthop scanning for general scan *Mar 9 07:34:20.991: BGP(1): Future scanner version: 76, current scanner version: 75

.

.

.

*Mar 9 07:35:21.047: BGP: Performing BGP general scanning *Mar 9 07:35:21.051: BGP(0): scanning IPv4 Unicast routing tables *Mar 9 07:35:21.051: BGP(IPv4 Unicast): Performing BGP Nexthop scanning for general scan *Mar 9 07:35:21.055: BGP(0): Future scanner version: 76, current scanner version: 75

Future scanner version: 76, current scanner version: 75 © 2014 Cisco and/or its affiliates. All rights

© 2014 Cisco and/or its affiliates. All rights reserved.

41

BGP Scan Timer • Scan time is time between scans • Scan of large tables

BGP Scan Timer

Scan time is time between scans

Scan of large tables can take tens of seconds

Reducing scan time:

Can increase BGP performance

But will increase CPU utilization

Scan is low priority process, should not interfere with other processes

bgp scan-time scanner-interval

© 2014 Cisco and/or its affiliates. All rights reserved.

42

with other processes bgp scan-time scanner-interval © 2014 Cisco and/or its affiliates. All rights reserved. 42
BGP Advertisement Interval • Minimum route advertisement interval (MRAI) between Update messages – Allows time

BGP Advertisement Interval

Minimum route advertisement interval (MRAI) between Update messages

Allows time for multiple route changes to be collected into single Update

Defaults:

EBGP = 30 seconds

IBGP = 0 seconds (Update sent immediately upon change)

Reducing MRAI:

Decreases convergence time

Decreases BGP performance (efficiency)

neighbor ip-address advertisement-interval seconds

© 2014 Cisco and/or its affiliates. All rights reserved.

43

neighbor ip-address advertisement-interval seconds © 2014 Cisco and/or its affiliates. All rights reserved. 43
Controlling Table Size • Accept partial tables instead of full tables – Default route for

Controlling Table Size

Accept partial tables instead of full tables

Default route for prefixes not accepted

Advertised or locally configured

AS_PATH filters

Community filters

Example:

• AS_PATH filters • Community filters • Example: – Accept upstream peer’s customer routes – Accept
• AS_PATH filters • Community filters • Example: – Accept upstream peer’s customer routes – Accept

Accept upstream peer’s customer routes

Accept upstream peer’s partner routes

Accept upstream peer’s locally generated routes

Default route to everything else

generated routes – Default route to everything else Remember to account for AS_PATH prepending Good guide

Remember to account for AS_PATH

prepending

Good guide for major ISPs’ Community policies:

Use distant next-hops for default routes to insure reachability

Loss of route information increases chances of sub-optimal routing

© 2014 Cisco and/or its affiliates. All rights reserved.

44

of route information increases chances of sub-optimal routing © 2014 Cisco and/or its affiliates. All rights
Outbound Route Filters • BGP Updates carrying thousands of prefixes can take time, bandwidth •

Outbound Route Filters

BGP Updates carrying thousands of prefixes can take time, bandwidth

Often, many or most prefixes are dropped on reception

Outbound Route Filtering (ORF):

Allows a router to tell a neighbor what incoming prefixes it will filter

Neighbor can then suppress transmission of prefixes that will be dropped on reception

Caution: Configuring ORF causes a session reset

neighbor ip-address capability orf prefix-list [receive | send | both ]

© 2014 Cisco and/or its affiliates. All rights reserved.

45

capability orf prefix-list [ receive | send | both ] © 2014 Cisco and/or its affiliates.
BGP Route Dampening Route 2250 Suppressed Suppress Threshold 2000 1750 1500 1250 Flap 1000 Reuse

BGP Route Dampening

Route

2250 Suppressed Suppress Threshold 2000 1750 1500 1250 Flap 1000 Reuse Threshold 750 500 Flap
2250
Suppressed
Suppress Threshold
2000
1750
1500
1250
Flap
1000
Reuse Threshold
750
500
Flap
Suppression
Removed
250
Flap
0
5
10
15
20
25
30
35
40
45
50
55
60
POINTS

© 2014 Cisco and/or its affiliates. All rights reserved.

MINUTES

46

5 10 15 20 25 30 35 40 45 50 55 60 POINTS © 2014 Cisco
Route Dampening Precautions • Current best practice recommends not using route damping – Effects of

Route Dampening Precautions

Current best practice recommends not using route damping

Effects of dampening can cascade through network

Un-intuitively, dampening can cause more instabilities than it solves

Default dampening parameters vary widely among vendors

Change defaults to match in multi-vendor networks

Dampening defaults are generally too aggressive

Change defaults to be more tolerant

© 2014 Cisco and/or its affiliates. All rights reserved.

47

too aggressive – Change defaults to be more tolerant © 2014 Cisco and/or its affiliates. All
Peer Groups A Little History • Configuration s caling – Group peers sharing the same

Peer Groups

A Little History Configuration scaling

Group peers sharing the same policies and session parameters

Changes can be performed just once for entire group

BGP performance (legacy)

Original motivation for peer groups

Without peer groups:

Router scans routing table separately for each peer

150,000 routes + 30 peers = 4,500,000 NLRI updates generated

With peer groups:

Each peer group represents an Update Group

Router scans routing table once for each peer group

150,000 routes + 30 peers = 150,000 NLRI updates generated

Dynamic peer groups eliminate this driver

© 2014 Cisco and/or its affiliates. All rights reserved.

48

generated – Dynamic peer groups eliminate this driver © 2014 Cisco and/or its affiliates. All rights
Dynamic Update Groups Why Peer Groups Are Obsolete • Introduced in IOS 12.0(24)S – Automatically

Dynamic Update Groups

Why Peer Groups Are Obsolete

Introduced in IOS 12.0(24)S

Automatically groups neighbors sharing the same outbound policies

Eliminates need for peer groups to improve performance

Eliminates need for many small peer groups when outbound policies vary slightly

No configuration, built into IOS

Session and policy templates are a better way to scale configuration

© 2014 Cisco and/or its affiliates. All rights reserved.

49

and policy templates are a better way to scale configuration © 2014 Cisco and/or its affiliates.

Improving BGP Management

Improving BGP Management
Session and Policy Templates • Improvement over Peer Groups – Dynamic Update Groups  Performance

Session and Policy Templates

Improvement over Peer Groups

Dynamic Update Groups Performance

Policy and Session Templates Reduced configuration size

Peer Groups and Session / Policy Templates are mutually exclusive

Session templates for shared session parameters

Policy templates for shared policies

One session template and one policy template per neighbor

“Inheritance” enables nested templates

© 2014 Cisco and/or its affiliates. All rights reserved.

51

per neighbor • “Inheritance” enables nested templates © 2014 Cisco and/or its affiliates. All rights reserved.
Route Refresh • Eliminates: – Need to reset BGP session – Need to store incoming

Route Refresh

Eliminates:

Need to reset BGP session

Need to store incoming prefixes

BGP Route Refresh message

Sent to neighbor, to request re-send of prefixes

Route Refresh capability negotiated during session establishment

Neighbors must understand and support Route Refresh messages

If neighbor supports Route Refresh capability:

clear ip bgp {* | as-number | ip-address | peer-group-name} in

© 2014 Cisco and/or its affiliates. All rights reserved.

52

{ * | as-number | ip-address | peer-group-name } in © 2014 Cisco and/or its affiliates.

Conclusion

Conclusion
Conclusions • BGP is effective but notoriously slow – This is not always a bad

Conclusions

BGP is effective but notoriously slow

This is not always a bad thing

Don’t expect BGP to behave similarly to an IGP

They’re built for different purposes

“Tweaking” timers can sometimes backfire

A good BGP implementation will have built-in optimizations

Controlling the information can be as effective as controlling the process

Know your routers’ limits

CPU

Memory

© 2014 Cisco and/or its affiliates. All rights reserved.

54

process • Know your routers’ limits – CPU – Memory © 2014 Cisco and/or its affiliates.