cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3165
Views
5
Helpful
4
Replies

Converging faster without BFD

John Blakley
VIP Alumni
VIP Alumni

All,

I wanted to get some other thoughts on this. I have a location that has 2 routers peering with ISP using ebgp. The convergence time is okay. I lose about 5 packets before the other router picks up. The concern that I have is that we're moving to SAP and I'm not sure what the sensitivity levels on dropped packets is from the perspective of the client. I'd like to try to get this down even faster, so here's what I've done:

Changed the default timers with the ISP to 7 and holdtime of 21

Created a route-map matching on the ISPs subnet (/30) and matching on the source-protocol as connected. I enabled this on the neighbor for fall-over. (I'm not sure this is 100% necessary though because of the default fast-external-fallover.

The problem is that this is an ethernet circuit. I run hsrp on the inside with bgp peering between these 2 routers. I have to track the interface that peers with the provider by using an sla echo. Otherwise, if the circuit goes down I'd never see it go down because it's connected into a switch. (Do providers do something special to trigger a line-protocol down when their circuit goes down?) I believe there's fiber going into their switch and I've got an ethernet handoff. My thought is that I won't see the circuit go down as a line-protocol which is why I need SLAs.

Anyway, is there a way to get bgp to failover faster than what I'm seeing now? I've not modified the scan time, but I'm not sure this would be necessary either. It seems like the failovers happening after hsrp converges.

I don't have bfd support on the version of ios I have. Wouldn't the ISP need to run BFD also if I did?

Thanks,

John

HTH, John *** Please rate all useful posts ***
4 Replies 4

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello John,

>>

Wouldn't the ISP need to run BFD also if I did?

yes

>>

Do providers do something special to trigger a line-protocol down when their circuit goes down?

for L2 transport services they can  do it but not for internet L3 access

I agree you are doing as much as possible to improve convergence in any case SAP sessions should be based on TCP sessions that support some losses.

You could try to use BGP timers 1 and 4 seconds respectively (CAUTION depending also on your boxes)

>>

Created a route-map matching on the ISPs subnet (/30) and matching on the source-protocol as connected. I enabled this on the neighbor for fall-over. (I'm not sure this is 100% necessary though because of the default fast-external-fallover.

it's not clear to me what you did here. I guess you have associated a route-map to the BGP session however if the link never dies at OSI Layer1 and Layer2, it is not effective and yes for eBGP now fast-external-fallover is default.

Hope to help

Giuseppe

Thanks Giuseppe.

The route map that I created was like the following:

ip prefix-list Fallover permit 192.168.1.0/30

route-map Fallover permit

match ip address prefix-list Fallover

match source-protocol connected

router bgp 1

neighbor 192.168.1.2 fall-over route-map Fallover

The understanding is that when the circuit were to go down, the connected route wouldn't be in the table any longer. I don't think it's necessary though because bgp has the fast-external-fallover enabled for ebgp neighbors by default. I guess I'll see how well it goes tomorrow. The failover test is going to happen while test users are in and moving around in SAP.

Edit:

You know after thinking about it, the above route-map makes no sense anyway. Since it's L3, the interface still wouldn't go down because it's connected to a switch. The above would make more sense for an L2 connection.

Thanks!

HTH, John *** Please rate all useful posts ***

Hi John,

You could create a dummy static route (or a static for your WAN with the ISP). This route would be tracked with a sla which ping the WAN IP of the ISP.

This route could be used to the fall over route map of the BGP.

So, you can configure a sort timeout to the sla in order to imporve the BGP convergence.

HTH

Vasilis

ruckokiril
Level 1
Level 1
Hopefully this may help someone else after 2 years from original question :)
 
Idea A (WAN protection)
1. All routes from a site should be initially advertised into PE with longer AS path.
2. IP SLA of CE [CE_1] shall track the reachability of IP address configured on WAN facing interface of another CE [CE_2]
3. Upon IP SLA going down the routes should begin advertised into PE with shorter AS path
4. PE-CE subnet should be advertised from PE (static/connected) to override SoO
 
Idea B (LAN protection)
1. IP SLA shall track reachability of IP address configured on PE [PE_1].
2. Upon IP SLA going down IP should worsen the weight of HSRP 
 
Fast failover with no BFD
 
Example config to support Idea A:
 
hostname CE_1
!
ip sla 1
icmp-echo ${CE_2_WAN_IP_ADDRESS} source-interface ${WAN_INTERFACE}
threshold 100
timeout 150
frequency 1
ip sla schedule 1 life forever start-time now
!
track 1 ip sla 1
!
event manager applet TRACK_DOWN
event track 1 state down
action 10.0 cli command "enable"
action 20.0 cli command "configure terminal"
action 30.0 cli command "route-map BGP_OUT permit 20"
action 40.0 cli command "no set as-path prepend 65000 65000"
action 41.0 syslog msg "**** DOWN DOWN DOWN DOWN ****"
!
event manager applet TRACK_UP
event track 1 state up
action 10.0 cli command "enable"
action 20.0 cli command "configure terminal"
action 30.0 cli command "route-map BGP_OUT permit 20"
action 40.0 cli command "set as-path prepend 65000 65000"
action 41.0 syslog msg "**** UP UP UP UP ****"
 
Review Cisco Networking for a $25 gift card