Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1241
Views
0
Helpful
7
Replies

BGP Peer Looped Network

Go to solution
daniel_heimburg
Level 1
Level 1

‎11-16-2015 01:48 AM - edited ‎03-05-2019 02:45 AM

Hello all,

Recently we had a short outage because one of our two bgp-peers (the one with best path) accidentally looped their network. Our network setup is as following; Two routers, one eBGP peer on each and iBGP in-between the routers.

What can I do to automatically prevent these type of issues? I was thinking of maybe an "ip sla" setup but I suspect there is a better method. Also the way I thought about "ip sla" was to setup a icmp-ping to an external ip, this would detect a loop but will also require the external ip to be 100% available which is not optimal.

Happy for any suggestions. Thanks!

Updated "loop" scenario;

What I mean is that one of the ISP's that I had a BGP session with had a network issue inside their network where packets where looped between two of their routers. This caused incoming and outgoing traffic to me get stuck in this router loop.

Since I have another BGP peer with another ISP I could easly just have shut down the troubled ISP's BGP peer and have everything up and running. However I would like something like this to happen automatically..

I hope this explaination makes sense :)

Regards

Daniel

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Masoud Pourshabanian
VIP Alumni
VIP Alumni
In response to daniel_heimburg

‎11-17-2015 05:01 AM

Hello,

Ip SLA is an option, but configuration is a little tricky. You need to use fall-over feature.

If direct route to you neighbor is removed from routing table, fall-over take the session down.

you need to monitor an IP( any IP on the internet) and then add corresponding IP SLA at the end of the dirrect route the neighbor. Problem here is you might not have direct route to the neighbor because you have just set the link IP as your neighbor IP address. Do you have any static route to your BGP neighbor IP address?

configuration is like this(just handwriting). But for complete configuration please check the website.

IP SLA 1

   icmp-echo 8.8.8.8. source interface (your router interface)

tracker 1 rtr 1

IP route [ your neighbor IP address]    nexthop     rtr1[ which]

router bgp 100

neighbor 172.16.1.1 remote-as 200

neighbor 172.16.1.1 fall over

if pinging of 8.8.8.8 is failed due to problem in your ISP, route to your neighbor will be removed and peer session will go down

You need to configure your IP SLA with higher treshhold because IP SLA can be a problem if you have temporary delay.

Please take a look at the link in my previous comment.

Masoud

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎11-16-2015 11:04 AM

Daniel

What do you mean by looped the network ?

IP SLA is usually run when you aren't using a dynamic routing protocol.

Can you explain in more detail.

Jon

0 Helpful

Go to solution
paul driver
VIP
VIP

‎11-16-2015 01:40 PM

Hello

I agree with John more information is required to establish your meaning of "Looped network"

One thing what comes to mind given your brief description of you topology would be a black hole scenario in that your ibgp peers are not diectly connected and use an IGP router to connect each other thus when the ebgp peer is lost the igp routing protocol doesn’t have all the information to route between the bgp traffic.

But all this speculation at this point in time

res

Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Go to solution
Masoud Pourshabanian
VIP Alumni
VIP Alumni

‎11-16-2015 04:14 PM

Hello,

You mean you were receiving routes from the main ISP, but the network of that ISP had issue so you were not able to go out because BGP session with that ISP existed?

If it happens quite often, you should replace your ISP. Using IP SLA to shut down the peer is a little tricky.

Take a look at the link below.

http://blog.ipspace.net/2011/09/shut-down-bgp-session-based-on-tracked.html

Hope it helps,

Masoud

0 Helpful

Go to solution
daniel_heimburg
Level 1
Level 1
In response to Masoud Pourshabanian

‎11-16-2015 11:33 PM

Yes, what I mean is that one of the ISP's that I had a BGP session with had a network issue inside their network where packets where looped between two of their routers. This caused incoming and outgoing traffic to me get stuck in this router loop.

Since I have another BGP peer with another ISP I could easly just have shut down the troubled ISP's BGP peer and have everything up and running. However I would like something like this to happen automatically..

Is there any way?

0 Helpful

Go to solution
Masoud Pourshabanian
VIP Alumni
VIP Alumni
In response to daniel_heimburg

‎11-17-2015 05:01 AM

Hello,

Ip SLA is an option, but configuration is a little tricky. You need to use fall-over feature.

If direct route to you neighbor is removed from routing table, fall-over take the session down.

you need to monitor an IP( any IP on the internet) and then add corresponding IP SLA at the end of the dirrect route the neighbor. Problem here is you might not have direct route to the neighbor because you have just set the link IP as your neighbor IP address. Do you have any static route to your BGP neighbor IP address?

configuration is like this(just handwriting). But for complete configuration please check the website.

IP SLA 1

   icmp-echo 8.8.8.8. source interface (your router interface)

tracker 1 rtr 1

IP route [ your neighbor IP address]    nexthop     rtr1[ which]

router bgp 100

neighbor 172.16.1.1 remote-as 200

neighbor 172.16.1.1 fall over

if pinging of 8.8.8.8 is failed due to problem in your ISP, route to your neighbor will be removed and peer session will go down

You need to configure your IP SLA with higher treshhold because IP SLA can be a problem if you have temporary delay.

Please take a look at the link in my previous comment.

Masoud

0 Helpful

Go to solution
daniel_heimburg
Level 1
Level 1
In response to Masoud Pourshabanian

‎11-17-2015 06:18 AM

Thanks, this was the information I was looking for.

Is this a general good practices for handling issues like this? Or is there any other way? If I where to enable this on my both eBGP peers and google's dns went down I could see a huge issue... ;)

0 Helpful

Go to solution
Masoud Pourshabanian
VIP Alumni
VIP Alumni
In response to daniel_heimburg

‎11-17-2015 09:02 AM

I depends how often it happens for you. It is not very common. Your ISP should be more stable. If it happens quite often, it is the last resort because as you said IP SLA can be problem too. I am not sure with IP SLA you can check several nodes and decide by "AND" or "OR" of the result . Some poeple also do it with monitoring softwares. Those softwares are able to monitor some nodes on the internet and issue commands on you router to take the BGP sessions down .

Look at the link below. It is done by EEM.

https://www.reddit.com/r/networking/comments/3rs5qi/a_small_example_of_eem_with_slas_and_bgp_failover/

Masoud

0 Helpful
Customers Also Viewed These Support Documents