Hello,
I thought, i understand SSO/NSR/NSF and how to use it, but as soon as I tried to configure BGP for NSR with SSO feature, nothing worked as expected. Please explain to me, what's wrong with this configuration.
I'm going to configure NSR BGP Session on SSO plattform with NSF aware peer (I tried also with NSF unaware peer, it didn't changed anything). Configuration was tested on Cat6807 VSS / 9600 SV and 9500 SV platforms in SSO mode
CAT9600#sh ver | in XE Software|Model Number
Cisco IOS XE Software, Version 17.03.05
Model Number : C9606R
Model Number : C9606R | CAT9600#sh redundancy
Hardware Mode = Duplex
Configured Redundancy Mode = sso
Operating Redundancy Mode = sso
Active Location = Switch 2
Current Software state = ACTIVE
Standby Location = Switch 1
Current Software state = STANDBY HOT | CAT9600#show license summary
network-advantage (C9600-NW-A) 2 IN USE
dna-advantage (C9600-DNA-A) 2 IN USE |
CAT6807-2T#sh ver | in bin|6807
System image file is "bootdisk:s2t54-adventerprisek9-mz.SPA.155-1.SY8.bin"
cisco C6807-XL (M8572) processor (revision ) with 1785856K/262144K bytes of memory. | CAT6807-2T#sh redunda
Hardware Mode = Duplex
Configured Redundancy Mode = sso
Operating Redundancy Mode = sso
Active Location = slot 1/3
Current Software state = ACTIVE
Standby Location = slot 2/3
Current Software state = STANDBY HOT | CAT6807-2T#show license
Index 1 Feature: MACSec_Encryption
Index 2 Feature: CTS
Index 3 Feature: TEST_FEATURE_1
Period left: 4 weeks 2 days
License Type: Evaluation
License State: Active, Not in Use, EULA not accepted
License Count: Non-Counted
License Priority: None
Index 4 Feature: TEST_FEATURE_2
Period left: 1 hour 0 minute
License Type: Evaluation
License State: Active, Not in Use, EULA not accepted
License Count: Non-Counted
License Priority: None |
CAT9500#sh ver | in XE Software|Model Number
Cisco IOS XE Software, Version 17.03.05
Model Number : C9500-24Y4C
Model Number : C9500-24Y4C | CAT9500#sh redundancy
Hardware Mode = Duplex
Configured Redundancy Mode = sso
Operating Redundancy Mode = sso
Active Location = slot 1
Current Software state = ACTIVE
Standby Location = slot 2
Current Software state = STANDBY HOT | CAT9500#sh lice sum
network-advantage (C9500 Network Advantage) 2 IN USE
dna-advantage (C9500 24Y4C DNA Advantage) 2 IN USE |
I tried to configure NSR with NSF aware and unaware peer, here are the most important session parameter
| CAT6807-2T#sh ip bgp vpnv4 all neighbors 11.0.0.1 (GR on peer disabled) | CAT6807-2T#sh ip bgp vpnv4 all neighbors 11.0.0.1 (GR on peer enabled) |
BGP neighbor is 11.0.0.1, remote AS 65020, internal link
Description: to Core-RR
BGP state = Established, up for 00:31:45
Neighbor capabilities:
Route refresh: advertised and received(new)
Four-octets ASN Capability: advertised and received
Address family VPNv4 Unicast: advertised and received
Graceful Restart Capability: received
Remote Restart timer is 120 seconds
Address families advertised by peer:
VPNv4 Unicast (was not preserved
Enhanced Refresh Capability: advertised and received
Multisession Capability:
Stateful switchover support enabled: NO for session 1
For address family: VPNv4 Unicast
Index 1, Advertise bit 0
1 update-group member
Address tracking is enabled, the RIB does have a route to 11.0.0.1
Connections established 1; dropped 0
Transport(tcp) path-mtu-discovery is enabled
Graceful-Restart is disabled
SSO is disabled
Connection state is ESTAB, I/O status: 1, unread input bytes: 0
Event Timers (current time is 0x12F1A33D0):
Timer Starts Wakeups Next
Retrans 38 0 0x0
TimeWait 0 0 0x0
AckHold 37 36 0x0
SendWnd 0 0 0x0
KeepAlive 0 0 0x0
GiveUp 0 0 0x0
PmtuAger 4 3 0x12F21BF14
DeadWait 0 0 0x0 | BGP neighbor is 11.0.0.1, remote AS 65020, internal link
Description: to Core-RR
BGP state = Established, up for 00:00:58
Neighbor capabilities:
Route refresh: advertised and received(new)
Four-octets ASN Capability: advertised and received
Address family VPNv4 Unicast: advertised and received
Graceful Restart Capability: advertised and received
Remote Restart timer is 120 seconds
Address families advertised by peer:
VPNv4 Unicast (was not preserved
Enhanced Refresh Capability: advertised and received
Multisession Capability:
Stateful switchover support enabled: NO for session 1 For address family: VPNv4 Unicast
Index 3, Advertise bit 0
3 update-group member
Address tracking is enabled, the RIB does have a route to 11.0.0.1
Connections established 3; dropped 2
Transport(tcp) path-mtu-discovery is enabled
Graceful-Restart is enabled, restart-time 120 seconds, stalepath-time 360 seconds
SSO is disabled
Connection state is ESTAB, I/O status: 1, unread input bytes: 0
Event Timers (current time is 0x12F208618):
Timer Starts Wakeups Next
Retrans 5 0 0x0
TimeWait 0 0 0x0
AckHold 4 3 0x0
SendWnd 0 0 0x0
KeepAlive 0 0 0x0
GiveUp 0 0 0x0
PmtuAger 1 0 0x12F28C7B0
DeadWait 0 0 0x0 |
BGP Configuration is very simple:
CAT6807-2T#show run | sec er bgp
router bgp 65020
!
template peer-session IBGP-CORE-RR
remote-as 65020
transport path-mtu-discovery
update-source Loopback0
ha-mode graceful-restart disable (optional NSF unaware session)
exit-peer-session
!
bgp router-id 11.0.0.8
bgp log-neighbor-changes
bgp graceful-restart
no bgp default ipv4-unicast
neighbor 11.0.0.1 inherit peer-session IBGP-CORE-RR
neighbor 11.0.0.1 description Core-RR
!
address-family ipv4
exit-address-family
!
address-family vpnv4
bgp nexthop trigger delay 8
neighbor 11.0.0.1 activate
neighbor 11.0.0.1 send-community both
exit-address-family
Each and every guide for my platforms and versions (for example this one for IOS-XE 17) says, that I can configure "ha-mode sso" for neighbors in direct or in peer template or global bgp preference "bgp ha-mode sso [prefer] ", but in my case none from 3 test platforms knows those commands. It's not like it doesn't work, they are just unknown - what do I do wrong?
here one example more - sso option is unavailable, also it's not a hidden command:
(config-router-stmp)#ha-mode ?
graceful-restart graceful-restart for this peer
