cancel
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
1446
Views
0
Helpful
4
Replies

BGP SSO with NSR

Thomas Schmitt
Level 1
Level 1

Hello,

I thought, i understand SSO/NSR/NSF and how to use it, but as soon as I tried to configure BGP for NSR with SSO feature, nothing worked as expected. Please explain to me, what's wrong with this configuration.

I'm going to configure NSR BGP Session on SSO plattform with NSF aware peer (I tried also with NSF unaware peer, it didn't changed anything). Configuration was tested on Cat6807 VSS / 9600 SV and 9500 SV platforms in SSO mode

CAT9600#sh ver | in XE Software|Model Number
Cisco IOS XE Software, Version 17.03.05
Model Number : C9606R
Model Number : C9606R
CAT9600#sh redundancy
Hardware Mode = Duplex
Configured Redundancy Mode = sso
Operating Redundancy Mode = sso
Active Location = Switch 2
Current Software state = ACTIVE
Standby Location = Switch 1
Current Software state = STANDBY HOT
CAT9600#show license summary
network-advantage (C9600-NW-A) 2 IN USE
dna-advantage (C9600-DNA-A) 2 IN USE

CAT6807-2T#sh ver | in bin|6807
System image file is "bootdisk:s2t54-adventerprisek9-mz.SPA.155-1.SY8.bin"
cisco C6807-XL (M8572) processor (revision ) with 1785856K/262144K bytes of memory.

 

CAT6807-2T#sh redunda
Hardware Mode = Duplex
Configured Redundancy Mode = sso
Operating Redundancy Mode = sso
Active Location = slot 1/3
Current Software state = ACTIVE
Standby Location = slot 2/3
Current Software state = STANDBY HOT
CAT6807-2T#show license
Index 1 Feature: MACSec_Encryption
Index 2 Feature: CTS
Index 3 Feature: TEST_FEATURE_1
Period left: 4 weeks 2 days
License Type: Evaluation
License State: Active, Not in Use, EULA not accepted
License Count: Non-Counted
License Priority: None
Index 4 Feature: TEST_FEATURE_2
Period left: 1 hour 0 minute
License Type: Evaluation
License State: Active, Not in Use, EULA not accepted
License Count: Non-Counted
License Priority: None
CAT9500#sh ver | in XE Software|Model Number
Cisco IOS XE Software, Version 17.03.05
Model Number : C9500-24Y4C
Model Number : C9500-24Y4C
CAT9500#sh redundancy
Hardware Mode = Duplex
Configured Redundancy Mode = sso
Operating Redundancy Mode = sso
Active Location = slot 1
Current Software state = ACTIVE
Standby Location = slot 2
Current Software state = STANDBY HOT
CAT9500#sh lice sum
network-advantage (C9500 Network Advantage) 2 IN USE
dna-advantage (C9500 24Y4C DNA Advantage) 2 IN USE

 I tried to configure NSR with NSF aware and unaware peer, here are the most important session parameter

CAT6807-2T#sh ip bgp vpnv4 all neighbors 11.0.0.1 (GR on peer disabled)CAT6807-2T#sh ip bgp vpnv4 all neighbors 11.0.0.1 (GR on peer enabled)
BGP neighbor is 11.0.0.1, remote AS 65020, internal link
Description: to Core-RR
BGP state = Established, up for 00:31:45
Neighbor capabilities:
Route refresh: advertised and received(new)
Four-octets ASN Capability: advertised and received
Address family VPNv4 Unicast: advertised and received
Graceful Restart Capability: received
Remote Restart timer is 120 seconds
Address families advertised by peer:
VPNv4 Unicast (was not preserved
Enhanced Refresh Capability: advertised and received
Multisession Capability:
Stateful switchover support enabled: NO for session 1

For address family: VPNv4 Unicast
Index 1, Advertise bit 0
1 update-group member
Address tracking is enabled, the RIB does have a route to 11.0.0.1
Connections established 1; dropped 0
Transport(tcp) path-mtu-discovery is enabled
Graceful-Restart is disabled
SSO is disabled
Connection state is ESTAB, I/O status: 1, unread input bytes: 0
Event Timers (current time is 0x12F1A33D0):
Timer Starts Wakeups Next
Retrans 38 0 0x0
TimeWait 0 0 0x0
AckHold 37 36 0x0
SendWnd 0 0 0x0
KeepAlive 0 0 0x0
GiveUp 0 0 0x0
PmtuAger 4 3 0x12F21BF14
DeadWait 0 0 0x0

BGP neighbor is 11.0.0.1, remote AS 65020, internal link
Description: to Core-RR
BGP state = Established, up for 00:00:58
Neighbor capabilities:
Route refresh: advertised and received(new)
Four-octets ASN Capability: advertised and received
Address family VPNv4 Unicast: advertised and received
Graceful Restart Capability: advertised and received
Remote Restart timer is 120 seconds
Address families advertised by peer:
VPNv4 Unicast (was not preserved
Enhanced Refresh Capability: advertised and received
Multisession Capability:
Stateful switchover support enabled: NO for session 1

For address family: VPNv4 Unicast
Index 3, Advertise bit 0
3 update-group member
Address tracking is enabled, the RIB does have a route to 11.0.0.1
Connections established 3; dropped 2
Transport(tcp) path-mtu-discovery is enabled
Graceful-Restart is enabled, restart-time 120 seconds, stalepath-time 360 seconds
SSO is disabled
Connection state is ESTAB, I/O status: 1, unread input bytes: 0
Event Timers (current time is 0x12F208618):
Timer Starts Wakeups Next
Retrans 5 0 0x0
TimeWait 0 0 0x0
AckHold 4 3 0x0
SendWnd 0 0 0x0
KeepAlive 0 0 0x0
GiveUp 0 0 0x0
PmtuAger 1 0 0x12F28C7B0
DeadWait 0 0 0x0

BGP Configuration is very simple:

CAT6807-2T#show run | sec er bgp
router bgp 65020
!
template peer-session IBGP-CORE-RR
remote-as 65020
transport path-mtu-discovery
update-source Loopback0
ha-mode graceful-restart disable (optional NSF unaware session)
exit-peer-session
!
bgp router-id 11.0.0.8
bgp log-neighbor-changes
bgp graceful-restart
no bgp default ipv4-unicast
neighbor 11.0.0.1 inherit peer-session IBGP-CORE-RR
neighbor 11.0.0.1 description Core-RR
!
address-family ipv4
exit-address-family
!
address-family vpnv4
bgp nexthop trigger delay 8
neighbor 11.0.0.1 activate
neighbor 11.0.0.1 send-community both
exit-address-family

Each and every guide for my platforms and versions (for example this one for IOS-XE 17) says, that I can configure "ha-mode sso" for neighbors in direct or in peer template or global bgp preference "bgp ha-mode sso [prefer] ", but in my case none from 3 test platforms knows those commands. It's not like it doesn't work, they are just unknown - what do I do wrong?

here one example more - sso option is unavailable, also it's not a hidden command:

(config-router-stmp)#ha-mode ?
graceful-restart graceful-restart for this peer
1 Accepted Solution

Accepted Solutions

Thomas Schmitt
Level 1
Level 1

If someone is still looking for the right answer - I checked feature navigator; bgp ha-mode sso is not available on cat6800 or cat9500/9600

You can find in every Catalyst VSS/SV documentation NSR support, but it doesnā€™t specify supported protocols and IOS-XE documentation for BGP NSR isnā€™t for catalyst switches. At the same time you will find thousands of NSR related documents for catalyst 6K/9K, so itā€™s pretty easy to get confused 

View solution in original post

4 Replies 4

Thomas Schmitt
Level 1
Level 1

Does nobody use NSR for BGP sessions?

In this case, what features would you use in 3 Layer Enterprise Network Design (Switched access, 2x stand alone with FHR or VSS/SV in distribution layer and 2x stand alone core switches. OSPF runs between all distribution and core switches, MPLS L3 VPN  Service with MP-BGP between all distribution switches).
3layer.png
How would you implement redundancy in this network?

NSF/NSR need before config routing between two L3 device, need device have two RP, two RP meaning two control plane. 
in C6000 need two SUP.

Sure,  I posted also

show redundant

output in my initial post. In case you talk about L3 routing between Distribution and core layer, then 

  • For NSR only one site require Redundant RP
  • for NSF one site requires redundant RP and the other site may also support NSF, but minimal requirement is NSF awareness 

so, what is your advice, how would you implement redundancy?

Thomas Schmitt
Level 1
Level 1

If someone is still looking for the right answer - I checked feature navigator; bgp ha-mode sso is not available on cat6800 or cat9500/9600

You can find in every Catalyst VSS/SV documentation NSR support, but it doesnā€™t specify supported protocols and IOS-XE documentation for BGP NSR isnā€™t for catalyst switches. At the same time you will find thousands of NSR related documents for catalyst 6K/9K, so itā€™s pretty easy to get confused 

Review Cisco Networking for a $25 gift card