11-27-2021 02:54 AM - edited 11-27-2021 02:54 AM
Hello,
I am trying to set up a mechanism that allows me to drop a BGP session quickly in order to avoid a black hole on the detection time of BGP down (timers).
I am using IP SLA to test if my ISP router is still UP. The problem is that if the traffic is high, the ping may be lost and my BGP session will fall through the fall-over...
ip sla 1 icmp-echo 1.2.3.4 source-interface GigabitEthernet0/0 frequency 5 ip sla schedule 1 life forever start-time now ! track 1 ip sla 1 reachability ! ! router bgp XXXX neighbor 1.2.3.4 remote-as 6939 neighbor 1.2.3.4 description Connected via GigabitEthernet0/0 neighbor 1.2.3.4 fall-over route-map BGP-TRACK ! ! ip route 1.2.3.4 255.255.255.255 GigabitEthernet0/0 track 1 ! ! ip prefix-list BGP-TRACK seq 5 permit 1.2.3.4/32 ! ! route-map BGP-TRACK permit 10 match ip address prefix-list BGP-TRACK !
Is my configuration correct ?
What do you recommend as a configuration when BFD is not possible ?
Thanks
11-27-2021 05:26 AM
Hello,
you could add a delay to your track, that way, the failover would not occur right away:
track 1 ip sla 1 reachability
--> delay up 10 down 10
Or, rather than ICMP, you could use UDP echos:
ip sla 1
udp-echo 1.2.3.4 3456
threshold 10
timeout 100
frequency 3
ip sla schedule 1 life forever start-time now
ip sla responder
Another possibility is to implement a QoS policy that prioritizes the ICMP traffic between the two hosts.
11-27-2021 05:42 AM - edited 11-27-2021 05:44 AM
Hello
BGP isn’t really designed to failover fast due to it being a external routing protocol and the given the amount of prefixes it can carry
However saying that it does have its own fast failover features that can be useful and also a generic failover for all routing process called BFD and PIC with the latter I would say most elegant of the two depending on your topology setup.
11-27-2021 06:59 AM
Yes i can try udp-echo but i can't really figure out which of the two is better in this situation between udp and icmp echo...
>Another possibility is to implement a QoS policy that prioritizes the ICMP traffic between the two hosts.
An idea to exploit. But I don't know how to do this function...
I have two ISP, if one is faulty I must be able to cut the BGP session so as not to end up with a black hole.
This is why IP SLA allows me to do a reachability test. When the ping is OK, I leave a timer of one minute so that the full view can be completed on the router and then I send the 0.0.0.0 to the other routers !
11-27-2021 09:14 AM - edited 11-27-2021 09:14 AM
Hello
Are you load sharing?
TBH if you are aware one of your isp connections are faulty then wouldn't it be better to not to use that connection until it is fixed and relocate all your egress/ingress traffic over the good ISP connection?
11-27-2021 11:29 PM
Hello,
UDP is a bit more reliable, however, prioritizing ICMP traffic seems a better option. What model are your routers, which IOS versions are they running ? Post the configs of both routers...
11-27-2021 09:45 AM
I have two ISP :
ISP1 connected to the R1
ISP2 connected to the R2
R1 and R2 are in full-mesh.
11-27-2021 09:08 PM - edited 11-28-2021 01:45 AM
Hello
If BFD and PIC isnt applicable then fall-back with ipsla tracking would be an alternative and your configuration looks fine
Edited-
you may just need to make sure your tracked host isn’t reachable from isp2 when isp1 is unavailable otherwise failover may not return as /when isp1 becomes available again;
Ip local policy route-map ipsla
access-list 100 permit icmp host (source-ip) (isp tracked ip) exho
route-mapi ipsla
match ip address 100
set ip next-hop (isp1)
set interface null0
11-27-2021 05:52 PM
follow
11-28-2021 12:11 AM
Hi,
If your ISP does not support BFD and matching BGP Timer between your ISP and your routers does not suit you then the logic you attached seems to be correct.
Here's what I set up (for your reference, I have attached the response times):
R1(Gi1)<------>R2(Gi2)
track 1 ip sla 1 reachability
!
router bgp 1
bgp log-neighbor-changes
neighbor 1.2.1.2 remote-as 2
neighbor 1.2.1.2 description Connected via gi1
neighbor 1.2.1.2 fall-over route-map BGP-TRACK
!
ip prefix-list BGP-TRACK seq 5 permit 1.2.1.2/32
ip sla 1
icmp-echo 1.2.1.2 source-interface GigabitEthernet1
threshold 10
timeout 1000
frequency 3
ip sla schedule 1 start-time now
!
ip route 1.2.1.2 255.255.255.255 GigabitEthernet1
BGP peer is down
*Aug 30 19:43:13.783: %TRACK-6-STATE: 1 ip sla 1 reachability Up -> Down
*Aug 30 19:43:13.785: %BGP-5-NBR_RESET: Neighbor 1.2.1.2 reset (Route to peer lost)
*Aug 30 19:43:13.785: BGP: ses global 1.2.1.2 (0x7FCF8E3EC2D0:1) Reset (Route to peer lost).
*Aug 30 19:43:13.785: BGP: nbr_topo global 1.2.1.2 IPv4 Unicast:base (0x7FCF8E3EC2D0:1) NSF delete stale NSF not active
*Aug 30 19:43:13.785: BGP: nbr_topo global 1.2.1.2 IPv4 Unicast:base (0x7FCF8E3EC2D0:1) NSF no stale paths state is NSF not active
*Aug 30 19:43:13.785: BGP: nbr_topo global 1.2.1.2 IPv4 Unicast:base (0x7FCF8E3EC2D0:1) Resetting ALL counters.
*Aug 30 19:43:13.786: BGP: 1.2.1.2 closing
*Aug 30 19:43:13.786: BGP: ses global 1.2.1.2 (0x7FCF8E3EC2D0:1) Session close and reset neighbor 1.2.1.2 topostate
*Aug 30 19:43:13.786: BGP: nbr_topo global 1.2.1.2 IPv4 Unicast:base (0x7FCF8E3EC2D0:1) Resetting ALL counters.
*Aug 30 19:43:13.786: BGP: 1.2.1.2 went from Established to Idle
*Aug 30 19:43:13.787: %BGP-5-ADJCHANGE: neighbor 1.2.1.2 Down Route to peer lost
*Aug 30 19:43:13.787: %BGP_SESSION-5-ADJCHANGE: neighbor 1.2.1.2 IPv4 Unicast topology base removed from session Route to peer lost
*Aug 30 19:43:13.787: BGP: ses global 1.2.1.2 (0x7FCF8E3EC2D0:1) Removed topology IPv4 Unicast:base
*Aug 30 19:43:13.787: BGP: ses global 1.2.1.2 (0x7FCF8E3EC2D0:1) Removed last topology
*Aug 30 19:43:13.787: BGP: nbr global 1.2.1.2 Active open failed - route to peer is invalid
*Aug 30 19:43:13.787: BGP: nbr global 1.2.1.2 Active open failed - route to peer is invalid
BGP peer is up
*Aug 30 19:43:33.785: %TRACK-6-STATE: 1 ip sla 1 reachability Down -> Up
*Aug 30 19:43:33.787: BGP: nbr global 1.2.1.2 Open active delayed 1024ms (0ms max, 60% jitter)
*Aug 30 19:43:34.382: BGP: 1.2.1.2 active went from Idle to Active
*Aug 30 19:43:34.383: BGP: 1.2.1.2 open active, local address 1.2.1.1
*Aug 30 19:43:34.386: BGP: ses global 1.2.1.2 (0x7FCF8E3EC2D0:0) act Adding topology IPv4 Unicast:base
*Aug 30 19:43:34.386: BGP: ses global 1.2.1.2 (0x7FCF8E3EC2D0:0) act Send OPEN
*Aug 30 19:43:34.387: BGP: ses global 1.2.1.2 (0x7FCF8E3EC2D0:0) act Building Enhanced Refresh capability
*
*
*
*Aug 30 19:43:41.563: BGP: ses global 1.2.1.2 (0x7FCF3507DCB8:1) Up
*Aug 30 19:43:41.563: %BGP-5-ADJCHANGE: neighbor 1.2.1.2 Up
11-28-2021 12:52 AM
@Georg Pauwen: I am using ASR 1000 with IOS adventerprisek9.03.16.10.S.155-3.S10-ext.b
@paul driver: Yes no support of BFD, for me I only have the fall-back that can help me...
@pman: Yes that's right ! The fall-over with IP SLA works my problem is that when a ping will not pass the BGP session will down while the peer is not dead !
My question is how to tuning the icmp of IP SLA to avoid a false positive...
11-28-2021 01:42 AM
Hello
I have edited my last post-
11-29-2021 04:16 AM
@paul driver: What is exho on access-list 100 ?
11-29-2021 06:40 AM
Hello
Typo it should read echo
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: