Faster convergence of BGP

sebastien3 · ‎05-18-2021

Hello,

I have two routers each with a full-view :

R1 connected to AS174 => local preference 200

R2 connected to AS6939 => local preference 90

R1 and R2 are connected with iBGP.

router bgp YYYYY
 bgp router-id A.B.C.D
 no bgp enforce-first-as
 bgp log-neighbor-changes
 bgp graceful-restart restart-time 120
 bgp graceful-restart stalepath-time 360
 bgp graceful-restart

hold time is 90, keepalive interval is 30 seconds

If the connection with the AS174 flap, the convergence time to switch the traffic to AS6939 is not instantaneous but lasts more than a minute...

Is it possible to speed up the routing to AS6939?

balaji.bandi · ‎05-18-2021

Do you have BFD configured ?

check below threads to tweak as per the requirement :

https://community.cisco.com/t5/routing/speeding-up-bgp-convergence/m-p/1439865

https://community.cisco.com/t5/routing/bgp-convergence-time-improvement/m-p/2346625

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

sebastien3 · ‎05-18-2021

I have not configured BFD on my routers.

To use BFP, you have to activate it on both routers (R1 and also on AS174 ??) ?

Giuseppe Larosa · ‎05-18-2021

Hello @sebastien3 ,

yes BFD needs to be configured on both peers to be able to take advantage of it.

However, there is more behind the scenes with BGP

>>

hold time is 90, keepalive interval is 30 seconds

If the connection with the AS174 flap, the convergence time to switch the traffic to AS6939 is not instantaneous but lasts more than a minute...

If the issue was simply related to detection of eBGP session failure and in worst case on BGP hold timer expiration your convergence time would be greater then 90 seconds.

How can BGP handle so many prefixes ?

Actually BGP uses a scheduled process called BGP scan or scanner that for standard address family IPv4 unicast and the scan interval is 60 seconds.

The BGP scanner process will check the health of BGP next-hop of each prefix every 60 seconds.

In my opinion what you see is more related to BGP scanner activity then to the speed of detection of eBGP failure that is likely immediate.

see for example

https://www.ajsnetworking.com/bgp-processes-in-the-cisco-ios/

and

https://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/107615-highcpu-bgp.html

Be aware that reducing the BGP scan interval is likely to increase the CPU usage on your routers.

You would need Prefix Indipendent Convergence PIC that is a more modern concept

see

https://www.globalknowledge.com/us-en/resources/resource-library/articles/how-to-use-bgp-prefix-independent-convergence/#gref

If your routers do not support PIC I would suggest to stay with current timers one minute to switch to alternate paths from other upstream ISP may be good enough. The number of prefixes is huge in the order of 880,000 for a full table.

You can try to reduce the BGP scan interval to 30 seconds and to see if the BGP convergence is improved.

However, a big warning about this as explained in second link above.

Hope to help

Giuseppe

paul driver · ‎05-18-2021

Hello
When GR peers are notified of a restart they will wait for that restart to come back up however it shouldn't begin tearing down any bgp sessions and declaring them dead, and once reestablished it wont need to go through entire bgp convergence, choosing best paths, updating rib/cef tables etc which can take time depending on the size of the bgp table it needs to perform it validation against.

So graceful restart isnt suppose to failover and converge quickly, its designed so capable peers (mainly devices with dual route processing) can failover "gracefully" from primary to secondary units with very little impact to traffic.

A good failover feature for fast convergence (if your rtrs support it) that isn't reliant on how large the bgp table is or how fast an alternative best path can be evaluated would be BGP PIC.(prefix independent convergence)

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

sebastien3 · ‎05-20-2021

Hello all,

It will not be possible for me to activate BFD on eBGP (AS174 / AS6939 do not want).

Do you advise me to enable BFP on the interfaces of my iBGP between my BGP routers of the internal AS ?? I am using CISCO ASR1001-1002-1004.

@Giuseppe Larosa

In my opinion what you see is more related to BGP scanner activity then to the speed of detection of eBGP failure that is likely immediate.

ASR1004#show processes cpu | include BGP
 122      104003    15318781          6  0.00%  0.00%  0.00%   0 BGP Scheduler
 183     2398213    63160359         37  0.00%  0.01%  0.01%   0 BGP I/O
 338           0           1          0  0.00%  0.00%  0.00%   0 BGP HA SSO
 362   222515343     4769779      46651  0.00%  2.36%  2.17%   0 BGP Scanner
 374           0           1          0  0.00%  0.00%  0.00%   0 XC BGP SIG RIB H
 406           0         182          0  0.00%  0.00%  0.00%   0 BGP Consistency
 471     3595687       75883      47384  0.00%  0.00%  0.16%   0 BGP Event
 596           0           1          0  0.00%  0.00%  0.00%   0 BGP VA
 597     9354239    23176776        403  0.00%  0.02%  0.01%   0 BGP Task
 598           0           1          0  0.00%  0.00%  0.00%   0 BGP BMP Server
 603    17272469    83378325        207  0.07%  0.56%  0.60%   0 BGP Router

I am unable to display/find the scan time value in sh ip bgp neighbors. How to check it ?

What can I change to lower the BGP SCAN timer ??

Thanks !

Giuseppe Larosa · ‎05-22-2021

Hello @sebastien3 ,

if your upstream providers do not want to enable BFD this is not possible on the two eBGP sessions.

>> Do you advise me to enable BFP on the interfaces of my iBGP between my BGP routers of the internal AS ?? I am using CISCO ASR1001-1002-1004.

BFD can be useful for directly connected BGP neighbors but iBGP sessions are usually terminated on loopbacks advertised by the IGP protocol in use (OSPF or IS-IS or EIGRP). BFD can be used to provide fast detection also with IGP protocols.

>>

I am unable to display/find the scan time value in sh ip bgp neighbors. How to check it ?

What can I change to lower the BGP SCAN timer ??

The default value for address family IPv4 unicast is 60 seconds

To change it the command may be

under router bgp context:

bgp scan-time <seconds>

see first link I had provided in my previous post in this thread

https://www.ajsnetworking.com/bgp-processes-in-the-cisco-ios/

You have IOS XE, but hopefully the command is the same.

To be noted the BGP scanner time interval is not an attribute of BGP neighbors but rather an attribute of BGP router process.

Hope to help

Giuseppe