BGP Multihome

fhoban · ‎03-23-2009

Hi All,

I have two routers mulithomed to one ISP so we have 2 CE's(r1 and r2) with ebgp peerings with 2 x ISP PE routers.Our own two routers r1 and r2 have an ibgp peering.My question is as follows. Recently we had issues on the primary due to insufficient memory resources so I failed over manually( lowered metric and switched over HSRP) on to the backup router ; now all traffic is using backup as the entry/exit point which is fine. We are now also getting a default route of the ISP to R1 and the full table to R2.

One thing I have noticed is that R1 even thought it is now getting a default route from the ISP we still get the full bgp table of R2 through the ibgp peering. Should I have some filtering in place here ?What is the best thing to do and is it any cause for concern ?

Thanks

Giuseppe Larosa · ‎03-23-2009

Hello Francis,

if now the memory usage is again acceptable (you don't receive anymore a full table on the eBGP session) you are fine.

Otherwise you can filter on the iBGP session to avoid loading R1 on the internal session.

if you filter everything you don't need the iBGP session anymore just shutdown it.

track the state of wan interface on R2.

on R2 you could implement HSRP with object tracking to check that the eBGP session is alive (you can check presence/reachability of an ip subnet)

see

http://www.cisco.com/en/US/docs/switches/metro/catalyst3750m/software/release/12.2_35_se/configuration/guide/swhsrp.html#wp1057067

Hope to help

Giuseppe

fhoban · ‎03-23-2009

Hi Guiseppe,

Thanks , Yes I have HSRP/Tracking on R2 Wan outside interface.If I wanted to leave ibgp session in place ( is there a benefit to this now )what is best way to filter to R1 then ?

Giuseppe Larosa · ‎03-23-2009

Hello Francis,

my suggestion is to use object tracking to really detect if the eBGP session is operational or not.

Tracking the WAN interface is fine but doesn't cover all possible cases: config error on provider or problems on ISP router making the BGP session not working but the link is still up.

If you do so the IBGP session loses all utility.

By the way using an iBGP session to send a default route to R1 that is never used can be something you can do otherwise what criteria to use to decide what prefixes to send from R2 to R1 ?

The only suggestion I can give is that if your enterprise is doing some extranet with business partners you may be interested on receiving some specific routes representing the partners' ip networks.

This could be a criteria to use for accepting routes on R1 from the eBGP session itself.

You coud use a feature called ORF that allows R1 to send a prefx list to say what routes it wants to receive instead of filtering inbound a whole table

In this way you coud optimize traffic to partners without overwhelming R1's memory.

Note: unfortunately ORF isn't widely supported I've found documents only for GSR and CRS.

Hope to help

Giuseppe

Eugene Khabarov · ‎03-23-2009

Hello!

You can also filter out long prefixes (for example, longer than /24) with prefix list. Full BGP table should start to consume less memory.

!

ip prefix-list inbound-nets seq 5 permit 0.0.0.0/0 le 24

!

router bgp 65535

neighbor 10.10.10.10 prefix-list inbound-nets in

How many prefixes do you recieving now?

fhoban · ‎03-25-2009

We advertise out 2 x /24 to the internet.

On r2 with full routes now we have 279198 prefixes recieved.

Eugene Khabarov · ‎03-25-2009

francis, could you filter out incoming prefixes as shown above?

how many prefixes do you recieving after that?

Could you post `show ip bgp summary` here?

fhoban · ‎03-26-2009

rtr1#sh ip bgp summary

BGP router identifier 211.x.x.x, local AS number 64XXX

BGP table version is 2077000, main routing table version 2077000

279454 network entries using 28224854 bytes of memory

279455 path entries using 13413840 bytes of memory

48309 BGP path attribute entries using 2899080 bytes of memory

43592 BGP AS-PATH entries using 1183398 bytes of memory

6116 BGP route-map cache entries using 122320 bytes of memory

0 BGP filter-list cache entries using 0 bytes of memory

BGP using 45843492 total bytes of memory

BGP activity 3275008/2995554 prefixes, 8730699/8451242 paths, scan interval 60 s

ecs

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd

194.X.X.X 4 2111 12415559 651734 2077000 0 0 6d22h 1

211.X.X.X 4 64xxx 11281803 11045183 2077000 0 0 6d22h 279452

rtr1#sh ip bgp neighbors 194.x.x.x received-r

BGP table version is 2078044, local router ID is 211.x.x.x

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

*> 0.0.0.0 194.x.x.x 250 2111 i

Giuseppe Larosa · ‎03-26-2009

Hello Francis,

now you receive only a default route on the eBGP session with ISP on R1 but you get the full BGP table from iBGP session.

The suggestion from Eugene is to filter out of R2 on session to R1.

This will reduce the memory usage further on R1.

Now traffic is going through R2.

Hope to help

Giuseppe

fhoban · ‎03-27-2009

Guys thanks for your replies.I will put the filter on as you've suggested. At the moment I am not getting any memory errors in the logs.

Cheers