Professional Documents
Culture Documents
Agenda
Deployment Profiles
Summary of current service provider and enterprise customer BGP deployment profiles
New Developments
A review of BGP recent enhancements and features
Future Work
Upcoming BGP features and enhancements
Google December 2011:Advances in BGP 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public
Deployment Profiles
Deployment Profiles New Developments Scaling & Performance Results
Cisco Public
Cisco Public
Enterprise Profile
BGP deployed for large enterprise core networks running DMVPN, L3VPN over MPLS, and L3VPN over IP L3VPN over IP exploding in enterprise environment L2VPN BGP is gaining momentum Typical deployment scale in the range of a 50K+ routes reflected
Cisco Public
New Developments
Deployment Profiles New Developments Scaling & Performance Results
Cisco Public
New Developments
Scale & Performance
Increase scalability for existing hardware, newer RP cards, and new platforms Faster convergence
Features
Support for new functionality in the network
Cisco Public
PE Scaling
PE-CE Optimization VRF-Based Advertise Bits
Cisco Public
Cisco Public
10
Significant delay (up to 15-30 minutes) seen in advertising incremental updates while RR is servicing route refresh requests or converging newly established peers VRF provisioning triggers route refresh request from PE every 10 to 30 minutes at typical tier-1 service providers Persistent BGP VPN issue on existing production networks
Cisco Public
11
Original update group handles new transient updates while refresh update group handles reannouncements Refresh groups used to service newly established peers
End-to-end convergence reduced from 15-30 minutes to 5-20 seconds for typical tier-1 VPN service providers
Cisco Public
12
Keepalive Enhancements
BGP Scale/Performance Enhancement
Issue: Delayed processing of BGP keepalives often results in session flaps for peers configured with aggressive keepalive timers Cascading outages and CPU/transient memory usage
13
Update message cache size throttles update groups during update generation and controls transient memory usage Fast convergence aided by large cache sizes Old cache sizing scheme can t take advantage of expanded memory available on new platforms
Cisco Public
14
Routers with more system memory get bigger cache sizes and thereby queue more update messages VPNv4 iBGP update groups have larger cache size Update groups with large number of peers get larger update cache Faster convergence is the result
Cisco Public
15
Cisco Public
16
PE-CE Optimization
BGP Scale/Performance Enhancement
Issue: Slow convergence when the number CE sessions was scaled on a PE router
17
Issue: Increased memory consumption when the number VRFs was scaled on a PE router
Cisco Public
18
Cisco Public
19
Issue: BGP installing routes in RIB/FIB that are not in the forwarding path wastes CPU and memory
Selectively filter which BGP routes are installed in the RIB Implemented as filter extension to table-map command
Significant CPU and memory savings by avoiding unnecessary installation Testing on ASR platform indicated 300% increase in route reflector client scaling (on order of 1000s)
Cisco Public
20
12.2SR
SRC, SRD
12.2XN
XNC, XND
Component Code
12.2SRE 12.2XNE 15.0x
No No No No No No
Cisco Public
21
Cisco Public
22
PIC Edge
BGP Resiliency/HA Enhancement
Issue: Sub-second convergence is desirable. Presently, routing around failures is not immediate, resulting in forwarding traffic loss at the site of failure
Current solution targets VPNs and IP edge routers PIC Edge supports 2 cases: link and node failures
Cisco Public
23
Trac
Flow
MPLS
Cloud
CE1
PE2
PE4
CE2
Backup
24
Trac
Flow
MPLS
Cloud
CE1
PE2
PE4
CE2
Backup
25
Trac
Flow
MPLS
Cloud
CE1
PE2
PE4
CE2
Backup
CEF (via BFD or link layer mechanism) detects PE3-CE2 link failure
CEF immediately swaps to repair path label Traffic shunted to PE4 and across PE4-CE2 link
Cisco Public
26
Primary
PE3
Backup
Cisco Public
27
Trac
Flow
PE2
PE4
Backup
Cisco Public
28
Trac
Flow
MPLS
Cloud
CE1
PE2
PE4
CE2
Backup
29
Trac
Flow
10.1.1.0/24
VPN1
Site
#1
RR
PE3
MPLS
Cloud
CE1
PE2
PE4
CE2
Backup
30
Trac
Flow
10.1.1.0/24
VPN1
Site
#1
RR
PE3
MPLS
Cloud
CE1
PE2
Backup
IGP propagates loss of PE3 s /32 host route across the core to remote PEs
Cisco Public
31
Trac
Flow
10.1.1.0/24
VPN1
Site
#1
RR
PE3
MPLS
Cloud
CE1
PE2
Backup
32
Test Setup
Node Failure
Link Failure
No PIC Edge, No BFD BFD Only PIC Edge Only PIC Edge, BFD
Duration of forwarding outage for all streams at tier-1 service provider on C10K
Cisco Public
33
Issue: Slow peers in update groups block convergence of other update group members by filling message queues/ transmitting slowly Persistent network issue affecting all BGP routers
Detection
BGP update timestamps Peer s TCP connection characteristics
Cisco Public
34
Protection
Move slower peers out of update group Separate slow update group with matching policies created Any slow members are moved to slow update group Detection can be automatic or manual with CLI command
Automatic recovery
Slow peers are periodically checked for recovery Recovered peers rejoin the main update group Isolation of slow peers unblocks faster peers and lets them converge as fast as possible
Cisco Public
35
VRF-Based Dampening
BGP Resiliency/HA Enhancement
BGP route dampening is now configurable per-VRF instead of for whole VPN table Allows service provider to configure dampening parameters on an individual customer basis Gives operators more flexible control of unstable customer routes in service provider network
Cisco Public
36
BGP NSR
BGP Resiliency/HA Enhancement
Improved scaling to 4000 Ebgp pe-ce peers and 2 million VPN routes
Enable IBGP support for NSR as well
Route updates during switchover are announced to NSR capable CE peers without any delays
Prevents data black-holes during switchover as in the case of GR peers
Cisco Public
37
Cisco Public
38
12.2(33) SB No No No 33SB6
12.2SR
SRC, SRD
12.2XN
XNC, XND
Component Code
12.2SRE 12.2XNE 15.0x
No 31SB16 No 31SB16
No No No No
Cisco Public
39
BGP Features
4-Byte AS Support Automated Route Target Filtering BGP L3VPN Over MGRE Dynamic Neighbor Discovery BGP L2VPN Autodiscovery
Cisco Public
40
Cisco Public
41
Cisco Public
42
4-Byte AS Support
BGP Feature
2B ASN pool being exhausted RIR s allocating 4B ASNs by default IOS BGP extended to support RFC 4893
4B ASN capability negotiated when opening session Support for mixed 2B/4B AS deployments
Cisco Public
43
Cisco Public
44
Derive RT filtering information from VPN RT import lists automatically Exchange filtering info via RT filter AF or extended community ORF Translate filter info received from neighbors into outbound filtering policies Generate incremental updates for received RT update queries Incremental deployment possible/desirable
Cisco Public
45
RT-Constraint:! NLRI={VRF-Green, VRF-Purple, VRF-Blue}! RT-Constraint:! NLRI= {VRF-Red, VRF-Green}! RT-Constraint:! NLRI= {VRF-Purple, VRF-Blue}!
Improves PE and RR scaling and performance by sending only relevant VPN routes
Cisco Public
46
Cisco Public
47
Tunnel endpoints created/destroyed dynamically No RIV, no static default route, no recursive lookup, simple config
Google December 2011:Advances in BGP 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public
48
BGP passively listens to configured address range for incoming sessions BGP neighbor dynamically created
Remote address is source of TCP connection Config template associated with listen range is applied
Provisioning
No manual config necessary on hub for new clients Significant reduction in config overhead
Cisco Public
49
Allows auto-discovery of LDP L2VPNs Existing support for inter-AS option A/C New support for inter-AS option B
Cisco Public
50
Route Refresh modified to send Refresh Start-ofRIB and Refresh End-of-RIB Force cleanup of stale routes in ADJ-RIB-IN after receiving Refresh End-of-RIB
Provided timer support in case Refresh End-of-Rib is not received Provided timer support to generate Refresh EOR
Cisco Public
51
Check outbound policies against ADJ-RIB-OUT CLI to configure and run consistency checker Force Route Refresh to fix issues or notify operator Ability to detect stale nexthops or labels
Cisco Public
52
BGP MVPNs
BGP Feature
Next release to provide an Inter-AS support Support for SAFI 129 (VPN equivalent of SAFI 2) Helps avoid PIM soft state refresh in the provider network Allows MVPN to scale by using standard BGP based VPN filtering mechanism
Cisco Public
53
Support to announce path validation state to IBGP neighbors using a well known path validation state extended community Modified route policies to incorporate path validation states
Cisco Public
54
Able to gracefully shutdown BGP neighbors Provided a cli knob to configure local pref, attach provider specific community
Idea is to de-preference routes with lower local preference or a wellknown, provider specific community CLI knob as an extension to an existing neighbor shutdown command
Mechanism to gracefully shutdown the peer without impacting (minimizing impact on) traffic
Cisco Public
55
Does E-bgp route reflection without adding its own AS to the ASPath Support for IPv4 and IPv6 afi Allow customized bestpaths for RS Clients
Policy dictates which path gets to be announced to RS clients
Allows Internet Exchange points to scale its E-BGP peering by avoiding full mesh
Cisco Public
56
12.2XN
XNC, XND
Component Code
S Train T Train
Yes No No No No No No No No No No
12.2(33)SRE XE3.1/15.0(1)S XE3.2/15.1(1)S XE3.1/15.0(1)S XE3.4/15.1(3)S XE3.4/15.1(3)S XE3.3/15.1(2)S XE3.6/15.2(2)S XE3.5/15.2(1)S XE3.6/15.2(2)S XE3.3/15.1(2)S
15.0(1)M 15.1(2)T 15.2T Yes Yes 15.2(3)T 15.2(3)T 15.2(3)T 15.2(4)M 15.3(1)T 15.2(3)T
Dynamic Neighbors Automated Route Target Filtering BGP L3VPN over MGRE BGP L2VPN AD IAS Option B BGP Enhance Route Refresh BGP Route Consistency Checker BGP MVPNs BGP Origin Validation BGP Graceful Shutdown BGP Route Server
Cisco Public
57
Cisco Public
58
Convergence (Sec) 12.2 (31)SB14/G2 Convergence (Sec) 12.2 (31)SB16/G2 Convergence (Sec) 12.2 SRE/G2 Convergence (Sec) 12.0 12.0(33)S2 (33)S2/PRP2
59
IPv4 Routes VPNv4 Routes IPv6 Routes VPNv6 Routes BGP Sessions
*Tested with BGP Selective RIB Download feature for IPv4 for dedicated RR. This feature will be
implemented for IPv6 address family in future releases.
Cisco Public
60
RR Software Recommendations
7200 NPE G1/G2
12.2(31)SB18 12.2(33)SRE
ASR1K
12.2(33)XNC 12.2(33)XND 12.2(33)XNE
Cisco Public
61
Cisco Public
62
ASR1K PE Scalability
Uni-dimensional Scale
RP1/ESP10
VRF 1K 1M (RP1 4GB) 1M 4K/8K/32K 1K/3K/4K/1K 4K 1K 1K 1K 1K 1K 15K 1K (max 200 VP mode) 8K 4K/256 4K/50K 8Mpps/10Gbps 1500
Cisco Public
RP2/ESP20
4K 1M (RP2 8GB) 4M (RP2 16GB) 1M 4K/8K/64K 1K/3K/4K/1K 8K 1K 1K 4K 2K 1K 15K 1K (max 200 VP mode) 16K 4K/256 4K/100K 10Mpps/20Gbps 5500
63
VPNv4 routes (use per VRF label allocation, assume 20% local routes and 80% routes learned from remote PEs) MPLS label space VLAN (per port/per SPA/per system) ATM PVC (per port/per SPA/per system/with OAM enabled) eBGP PE-CE sessions OSPF PE-CE sessions EIGRP PE-CE sessions RIP PE-CE sessions Link/Targeted LDP sessions Number of Traffic Engineering Tunnel Head Number of Traffic Engineering Tunnel Midpoint ATM CRoMPLS AC/PW (VC/VP mode) EoMPLS AC/PW Unique QOS service policy/class maps per service policy ACL/ACE Non-drop rate (with uRPF, security ACL and ingress policing on VLAN subinterfaces) FIB download/Convergence speed (prefixes/second)
Google December 2011:Advances in BGP 2010 Cisco and/or its affiliates. All rights reserved.
4.6M (-600k)
64
Backup Slides
Cisco Public
65
Agenda
q XR BGP Feature Set - Current releases q XR BGP new Features deep-dive - Multi-instance/Multi-AS, RT-Constrain, Add-path, PIC, 3107 Labeled architecture, Attribute Error handling. q XR BGP Roadmap and Q& A
Presentation_ID
Cisco Confidential
66
Presentation_ID
Cisco Confidential
67
Presentation_ID
68
Deployment Knobs
1. BFD for directly connected iBGP peers 2. BGP BFD for IPv6 Sessions 3. IPv6 eBGP Multipath Support 4. Per VRF MDT Source Selection Capability 5. Ability to configure sub-second MRAI timer 6. BGP Local-as dual-as knob 7. MVPN w/ CsC 8. BGP NBR Adj change msg enhancement to show more info 9. 6PE per VRF/per-CE label allocation (3.9.2)
Internal
1. Async Socket APIs to improve BGP-TCP interaction 2. Import/Label thread optimizations 3. Control plane batching 4. Ltrace optimization 5. BGP MIB Perf improvements (Caching / Batching) 6. BGP MIB traps batching 7. Moved BGP MIB implementation to RFC 4273 from draft 8. Added support for additional afi/safi 9. RPL optimization in case policy name is different but content is the same
69
Presentation_ID
Cisco Confidential
Deployment Knobs
1. IOS message when OPEN with unsupported hold-timer value received 2. ORF optimization for updategroup allocation 3. Next-hop self knob on RR 4. eBGP NH unchanged knob 5. BGP remove-private-as enhancement 6. Support for prefix-set or route-policy names with colons in it 7. XML support for show rpl 8. IGP metric change propagation timer knob 9. 6PE iBGP PE-CE Support 10. 6PE per VRF/per CE label 11. Allow-as-in and as-override knobs for default VRF sessions (4.0.2)
Cisco Confidential
Internal
1. Show command enhancement for RIB install stats/flags 2. Commit replace optimization 3. BGP attribute ID allocation change 4. Support for 4-byte-AS in the Cisco
70
Presentation_ID
Cisco Confidential
71
Update-generation Optimizations
Incremental Update-generation with RT Constrain
Only send relevant updates in response to a route refresh request instead of the entire bgp table
Parallel update-generation
Ensures that bgp convergence is not affected on account of servicing route-refresh requests. Prioritizes prefix updates over the refresh so that we do not see head of the line blocking.
Optimized CE update-generation
Scoped walk of the CE VRF table, instead of a entire VPN walk used to generate updates. Distinct PE/CE advertise bits in use
Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential
72
Presentation_ID
Cisco Confidential
73
74
Presentation_ID
Cisco Confidential
75
Why Multi-Instance/Multi-AS?
It provides a mechanism to consolidate the services provided by multiple routers using a common routing infrastructure into a single IOS-XR router It provides a mechanism to achieve AF isolation by configuring the different AFs in different BGP instances It provides a means to achieve higher session scale by distributing the overall peering sessions between multiple instances It provides a mechanism to achieve higher prefix scale (especially on a RR) by having different instances carrying different BGP tables IOS-XR CRS Multi-chassis systems can be used optimally by placing the different BGP instances on different RP/DRPs
Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential
76
Deployment Route-reflector
Rack1 RP L C L C RP Rack2 L C L C RP Rack3 DRP
BGP (VPNv6) BGP (VPN) BGP (IPv4) BGP (IPv6)
Rack4 L C RP L C L C
Presentation_ID
Cisco Confidential
77
Deployment AF Isolation
Rack1 RP L C L C RP Rack2 L C L C RP Rack3 L C L C RP Rack4 L C L C
BGP (VPNv4)
BGP (VPNv6)
BGP (IPv4)
BGP (IPv6)
Presentation_ID
Cisco Confidential
78
Presentation_ID
Cisco Confidential
79
RR PE-CE sessions
PE-CE sessions
PE-CE sessions
Presentation_ID
Cisco Confidential
80
Configuration Example
Instance
VPN:
router
bgp
1
instance
internet
bgp
router-id
10.0.0.1
address-family
ipv4
unicast
neighbor
10.0.101.1
remote-as
100
address-family
ipv4
unicast
route-policy
inbound
in
route-policy
outbound
out
!
!
!
!
Instance Internet: router
bgp
2
instance
vpn
bgp
router-id
20.0.0.1
address-family
vpnv4
unicast
neighbor
20.0.101.1
remote-as
200
address-family
vpnv4
unicast
route-policy
inbound
in
route-policy
outbound
out
!
!
!
!
Presentation_ID
Cisco Confidential
81
Peering Example
RR1 (Active) 20.0.0.1 BGP VPNv4 PE1 BGP VPNv4
10.0.0.1
20.0.0.2
BGP IPv4
30.0.0.1
Multi-instance PE1 peering with a multi-instance RR1 and a regular BGP on RR2 Each BGP instance on PE1 has a peering with the corresponding instance of BGP on RR1 Separate loopbacks needed on RR2 due to use of multi-instance BGP
Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential
82
Subtitle
Presentation_ID
Cisco Confidential
83
Presentation_ID
Cisco Confidential
84
RR collects the RT membership information from its clients and advertises that set to the neighbouring RRs RR receives and stores only the routes for all the RTs that PEs in its region are interested in
RRs store and process less routes improved scale & stability
Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential
85
Advantages
Reduce load on PE (not having to receive all network PE routes and filter) PE Reduce load on RR (not having to receive and store all network routes) Improved stability due to reduced load on RR and PE
rt membership NLRI
RR
plane1
PE PE PE PE
Region1 RR
plane2
RR PE PE PE PE PE PE
plane1
Region2 RR
plane2
Presentation_ID
Cisco Confidential
86
Presentation_ID
Cisco Confidential
87
Migration path
RT constrain requires PE to send RT membership information to the RR using NLRIs
New code required on PE to do this
RR creates a RT filter list based upon the RT membership information received from PE. It propagates this list to other RRs in the IBGP mesh
New code required on RR to do this
SA915 Confidential
Cisco Confidential
88
Limitations
Vanilla RT constrain doesnt support PEs that are not upgraded, a.k.a, legacy PEs
Legacy PEs cannot signal RT membership information to the RR automatically Thus Legacy PE will have to receive and filter routes from ALL other RTs even though it is not interested in them
Even if one PE doesnt get upgraded, the corresponding RR has to store ALL routes for the entire network (or plane) Thus benefit seen on RR only if ALL PEs in the cluster are upgraded 4.1 XR implements legacy PE support in addition to RFC 4684 which does not require all PEs to be upgraded
Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential
89
Upgraded PEs advertise RT constrain NLRIs RR processes both advertisement mechanisms of RT membership information(from legacy and upgraded PEs)
Requires new code on the RRs to build RT filter list from both advertisement mechanisms
RRs translate the legacy PE RT membership information to equivalent RT constrain NLRIs to propagate to other RRs
Presentation_ID
Cisco Confidential
90
Legacy PE support
Upgraded PEs (propagates RT membership information using rt-filter SAFI. Receive
reduced set of routes from RRs after RT filtering)
RR doesnt propagate Legacy PE VPN routes to iBGP peers RR sends equivalent converted RT SAFI NLRI
Legacy PEs (propagates RT membership using VPN routes with a special community.
Receive reduced set of routes from RRs) after filtering
RR PE PE PE PE PE PE
Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential
plane1
Region1 RR
plane2
91
92
PE1
Each PE generates special routes attaching Import RTs for each VPN configured. The RD is configured to be the same value across all legacy PEs The RR Identifies A/B by the reserved CV that has been attached Based upon the commonality of A/ Bs the RR creates a set of filters to be applied to each session that an A/B was received on.
RR
PE2
VPNA RT 1,1 VPNB RT 2,2 A/B:RD 1,2,3 CV-C VPNC RT 3,3 PE3
Presentation_ID
Cisco Confidential
93
Presentation_ID
Cisco Confidential
94
Add-path in XR
Add-path:IETF add-path draft: draft-ietf-idr-addpaths-02 Goal: to improve path diversity in BGP topologies
Assumption: multiple paths to the same prefix are generally available at the edge of the network Multiple analyses show they do
RR1 PE3
Z/p PE1 Z/p PE2
Application
Fast Connectivity Restoration / PIC Load balancing Eliminate route oscillation Churn reduction
PE2
Z/p PE2 Z/p PE1
Z/p
PE1
backup-path-RR
Presentation_ID
Cisco Confidential
95
Thus ingress routers most often know about one exit point only When that exit point fails, traffic loss proportional to control plane convergence
Local repair techniques cant get triggered
Not knowing about more exit points also means the ingress routers cant do load balancing Not having path diversity has other issues as well:
Route oscillation: a protocol bug
Presentation_ID
Cisco Confidential
96
PE2 Z/p
PE3
3
PE1
Z/p, Locpref 100
Best-edge
Best-external draft-ietf-idr-best-external-00.txt
Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential
97
Capability negotiation for add-path support per [AFI, SAFI] along with a send/receive flag for each
Ingress routers most often need the support for only receiving multiple paths Implementing the receive part is quite straightforward
Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential
98
Applications
Fast convergence / connectivity restoration As the ingress routers have visibility to more paths, they can switch to the backup paths faster once the primary path goes away. Requires backup paths to be sent. Load balancing As the ingress routers have visibility to more paths, they can do ECMP on multiple paths. Requires either backup paths or all paths to be sent. Churn reduction since alternate paths are available, withdraws can be suppressed (implicit update). Route oscillation see RFC 3345 for scenarios. Requires group best paths (in some cases all paths) to be sent.
Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential
99
Update generation
Adj-RIB-Out is per-prefix today since only best path is sent Needs change to advertise multiple paths
Update reception
Control plane: process multiple instances of prefix, select second-best
Presentation_ID
Cisco Confidential
100
Select best Remove all paths whose next-hop == bests (including best) Run bestpath selection again on the remaining paths to select backup
Presentation_ID
Cisco Confidential
101
CLI
Global command, per address family, to turn on addpath in BGP
It can optionally accept a route policy where the policy matches on prefixes and sets one of the following: Select and send backup paths (& how many) Select and send group-best paths Send all paths
router bgp 7018 address-family vpnv4 unicast additional-paths install backup additional-paths advertise additional-paths receive additional-paths selection route-policy xx
Presentation_ID
Cisco Confidential
102
Presentation_ID
Cisco Confidential
103
Cost
Memory overhead
Additional memory overhead on the receiving PE due to additional paths Additional memory overhead of maintaining per path AdjRib-Out information
104
BGP PIC-Edge
Subtitle
Presentation_ID
Cisco Confidential
105
Feature Overview
Internet Service Providers provide a strict SLAs to their Financial and Business VPN customers where they need to offer a sub-second convergence in the case of Core/ Edge Link or node failures in their network Prefix Independent Convergence (PIC) has been supported in IOS-XR for a while for CORE link failures as well as edge node failures BGP Best-External project provides support for advertisement of Best-External path to the iBGP/RR peers when a locally selected bestpath is from an internal peer BGP PIC Unipath projects provides a capability to install a backup path into the forwarding table to provide prefix independent convergence in case of the PE-CE link failure
NAG 09 Cisco Confidential 2009 Cisco Systems, Inc. All rights reserved.
106
IP/OSPF/ MPLS/TE-FRR
107
RR PE1 PE3
RD1:1/8 via PE1, LOCPREF=200 1/8
CE
RD2:1/8 via PE2, LOCPREF=100 1/8
Create primary-backup topology (primary = PE1-CE link, backup = PE2-CE link). q Make PE1 exit point more preferable and PE2 exit point less preferable (e.g. LOCAL_PREF configuration) q Makes PE2 select IBGP path as best But PE2s EBGP path should be advertised to increase path diversity and achieve much faster failover to the backup path.
PE2
..
CEs
Note: Add-path may still be a requirement to pass bestexternal paths through the route reflectors to ingress PEs. (e.g. non-unique RD VPN design, non-VPN prefixes).
NAG 09 Cisco Confidential 2009 Cisco Systems, Inc. All rights reserved.
108
CE
RD2:1/8 via PE2, LOCPREF=100 1/8
PE2
..
CEs
NAG 09
Cisco Confidential
109
q
RR PE1 PE3
RD1:1/8 via PE1, LOCPREF=200 RD2:1/8 via PE2, LOCPREF=100 1/8
CE
1/8
PE2
..
CEs
NAG 09
Cisco Confidential
110
PE1
IP 1/8 CE Label L1 (allocated for 1/8) CE
RR PE1 PE3
RD1:1/8 via PE1, LOCPREF=200 1/8
q
CE
PE2
IP 1/8 PE1, push [L1], [PE1 IGP label] Label L2 (allocated for 1/8) CE
1/8
PE2
..
q
CEs
PE3
IP 1/8 PE1, push [L1], [PE1 IGP label]
NAG 09
Cisco Confidential
111
FIB detects CE failure FIB will modify the BGP loadinfo to now point to the backup path (PE2) Traffic is restored once the loadinfo touch-up is done Since PE2 has pre-programmed the label pointing to CE, traffic will be forwarded to the CE. BGP prefix independent convergence
q CE
1/8
PE2
..
CEs
PE1 IP 1/8 CE (active) PE2, push [L2], [PE2 IGP label] (backup) Label L1 (allocated for 1/8) CE (active) PE2, push [L2], [PE2 IGP label] (backup)
NAG 09
Cisco Confidential
112
FIB detects PE1 failure upon IGP convergence FIB will modify the BGP loadinfo to now point to the backup path (PE2) Traffic is restored once the loadinfo touch-up is done Since PE2 has pre-programmed the label pointing to CE, traffic will be forwarded to the CE. BGP prefix independent convergence
q CE
1/8
PE2
..
q CEs q
PE3 IP 1/8 PE1, push [L1], [PE1 IGP label] (active) PE2, push [L2], [PE2 IGP label] (backup)
NAG 09
Cisco Confidential
113
Configuration
Global (per-AF) and Per-VRF knob to turn on bestexternal advertisement
router bgp 7018 address-family vpnv4 unicast advertise best-external vrf cust_1 address-family ipv4 unicast advertise-best-external [disable]
router bgp 7018 address-family vpnv4 unicast additional-paths install backup vrf cust_1 address-family ipv4 unicast additional-paths install backup [disable]
NAG 09
Cisco Confidential
114
3107 (BGP Labeled Unicast) Architecture & AIGP Attribute IOS-XR (3.8.0 / 4.0.0)
Presentation_ID
Cisco Confidential
115
P3 CE9 PE7
PE1
CE0
P5
P6 PE8
IGP+LDP IGP+LDP
P4
IGP+LDP
PE2
Presentation_ID
Cisco Confidential
116
ISP Core
IGP runs in the core May be segmented into different areas IGP+LDP provides reachability to PEs in the network May span one or more AS under the same administration Problem: When PE scale increases, IGP database size increases Problem: Convergence is affected
Presentation_ID
Cisco Confidential
117
BGP 3107
BGP 3107 to carry PE reachability BGP IPv4-label address-family sessions between PE and P routers IGP+LDP still runs within areas but does not carry PE reachability across areas Remote PE loopback is a BGP ipv4 labeled route in RIB Nexthop for BGP service prefix (L3VPN, L2VPN) is a BGP 3107 route
Presentation_ID
Cisco Confidential
118
P3
PE1
CE0
P6 P4 PE8 PE2
Presentation_ID
Cisco Confidential
119
Presentation_ID
Cisco Confidential
120
AIGP
IGPs run within a single administrative domain and select the best path between two nodes based on total distance/ metric. When a single administration runs multiple BGP networks, it can be desirable for BGP to select best path based on endto-end metric AIGP: new BGP attribute that carries the accumulated metric for an end-to-end path
Usage:
Originate the AIGP attribute for routes local to the AS Accumulation: For a received route with an AIGP metric, add the metric of the route to the nexthop to the existing value before advertising if the router sets itself as nexthop Decision process: Compare the AIGP metric of paths after local-preference comparison step
Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential
121
RR PE7 P5
IGP+LDP
P3
P6 PE8
P4
PE2
Presentation_ID
Cisco Confidential
122
IPv4
-uni
RR
(ebg p)
PE1 PE3
IGP+LDP
IPv4 -uni (ebg p) Prim ary
CE4
IGP+LDP
CE0
PE2
123
Presentation_ID
Cisco Confidential
124
Overview
Attribute filtering
Unwanted optional transitive attribute such as ATTR_SET, CONFED segment in AS4_PATH causing outage in some equipments. Prevent unwanted/unknown BGP attributes from hitting the legacy equipments. Block specific attributes Block a range of non-mandatory attributes
Error-handling
draft-ietf-idr-optional-transitive-04.txt Punishment should not exceed the crime Gracefully fix or ignore non-severe errors Avoid session resets for most cases
Presentation_ID
Cisco Confidential
125
Architecture
Malformed BGP Updates
Invalid Attribute Contents Wrong Attribute Length
Transitive Attributes
Unknown Attributes Unwanted Attributes
Attribute Filtering
Error-handling
NLRI processing
Presentation_ID
Cisco Confidential
126
Attribute filtering
First level of inbound filtering Filtering is configured as a range of attribute codes and a corresponding action to take Actions
Discard the attribute Treat-as-withdraw
Presentation_ID
Cisco Confidential
127
Error-handling
Comes into play after attribute-filtering is applied When we detect one or more malformed attributes or NLRIs or other fields in the Update message Steps
Classification of errors Actions to be taken Logging
Presentation_ID
Cisco Confidential
128
Error-handling details
Classification of errors
Minor: invalid flags, zero length, duplicates, optional-transitive attributes Medium: Non-optional-transitive attributes, inconsistent attribute length Major: Invalid or 0 length nexthop Critical: NLRI parsing, inconsistent message / total attributes length
Actions taken
Local repair Discard attribute Treat-as-withdraw Reset session Discard Update message
Presentation_ID
Cisco Confidential
129
IOS-XR implementation
Error-handling Router level configuration knob Separately for EBGP and IBGP Separately for basic and extended degrees of error-handling Neighbor level configuration knob Last resort hidden knob to avoid session reset at all costs (by simply malformed Update message) Logging Last few malformed messages are stored Attribute-filtering Neighbor level configuration knob Specify a range of attribute codes (except ORIGIN, AS_PATH, MP_REACH, MP_UNREACH) Two possible actions: discard-attribute; treat-as-withdraw Logging Optionally store the last few messages that matched any filter NEXT_HOP, discarding
Presentation_ID
Cisco Confidential
130
Roadmap
Presentation_ID
Cisco Confidential
131
Presentation_ID
Cisco Confidential
132
Q and A
Presentation_ID
Cisco Confidential
133
Presentation_ID
Cisco Confidential
134
Future Work
BGP E-VPN BGP Error handling
Accumulated IGP Connect Apps and Instrumentation for Route Servers Vrf to Global import Enhanced GR BGP RT Filtering for Legacy Routers BGP Based Auto-discovery for SAF and other services (iBGP) BGP Advisory Message/Soft-notify BGP Flow-Spec (RFC5575) BGP Monitoring Protocol BGP Virtual Aggregation
Note: Expected availability dates are tentative
Cisco Public
135
Summary
Scale and performance has been enhanced
New RPs, platforms Existing platforms
136
Tested with peer groups (1K RR clients per peer group) ASR1K RP2 converges about twice as fast as 7200 NPE-G2 based on RR customer profile testing CPU utilization below 5% after convergence Link to Isocore report: http://www.cisco.com/en/US/prod/collateral/routers/ps9343/ITD13029-ASR1000-RP2Validationv1_1.pdf
Google December 2011:Advances in BGP 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public
138
Static protection
[no] neighbor slow-peer split-update-group static
Dynamic detection
[no] bgp slow-peer detection [threshold <seconds>] [no] neighbor slow-peer detection [threshold <seconds>]
Dynamic protection
[no] bgp slow-peer split-update-group dynamic [permanent] [no] neighbor slow-peer split-update-group dynamic [permanent]
Cisco Public
139