Re: BGP Convergence

Cobhamuser1 · ‎03-02-2020

How can I speed up the BGP failover between my primary and secondary links

I have two connections to a site, the primary and a failover link

The setup is

Ebgp over the primary, ethernet connection

Local site has a router talking iBGP to a firewall, advertising routes

Firewall also connects to second router eBGP

If I drop the interface, the convergence time goes to > 3 minutes (I am assuming this is the holddown timer)

Last read 00:00:42, last write 00:00:27, hold time is 180, keepalive interval is 60 seconds
Neighbor sessions:

Is there a way I can over come this issue?

Francesco Molino · ‎03-02-2020

Hi

The 2 links you're talking about are eBGP ones?
You can tweak timers but it has to be done on both sides because holdtime is negotiated on BGP open messages.
Hold time is 3 times the keepalive. You can set your keepalive to 5 and then holdtime to 17 in order to make sure the 3rd keepalive could be received and drop down if not.
The command to set these timers is:
timers bgp 5 17
If you want to change it for this specific peer, then the command is:
neighbor x.x.x.x timers 5 17

The BGP is built using physical interface IP or a loopback IP?

You also have mechanism like BFD to detect and failover quickly. You have the advertisement-interval to force updates quicker. On eBGP, by default it's 30s.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Cobhamuser1 · ‎03-03-2020

Here is some more information

I have a VPLS, single IP range, multiple sites on it, each with their own BGP AS

I have two central locations on the VPLS, each with a head end router, which is terminating Flex VPN backup connections from some of those local sites

I could change all the timers but it will cause drops on the BGP until I have it resolved at all sites

If I implement BFD, how aggressive is it? I don't want it dropping the BGP, when there isn't really a problem

Cristian Matei · ‎03-03-2020

Hi,

BFD was designed to provide sub-second failure detection, while at the same time not loading the CPU or the process itself (like BGP, OSPF, etc). BFD can also be used as an umbrella, allowing multiple protocols on the same platform converge at the same time, which is what you want in order to avoid issues dues to time of convergence and inter-protocol dependencies.

If you change BGP timers, yes you would need to restart the peering for it to take effect; you can change the timers on one side only (as they get negotiated to the lowest value), for consistency you would do it on both sides. If you use BFD, you don't need to restart the BGP peering.

In the end:

- if you need sub-second convergence, use BFD

- if you have a lot of BGP peers, for which you want very fast convergence (5-10), use BFD, as many keepalives could put some load on the router (it depends on the router model and the number of peers)

- in all other cases, use the technology you know and feel comfortable with, as in case something goes wrong, you need to be able to investigate and troubleshoot

Regards,

Cristian Matei.

Francesco Molino · ‎03-03-2020

Cristian already replied.
Without tearing down the bgp session, bfd would be the better way to go with.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question