×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.
This discussion is locked

Ask the Expert: Configuring and Troubleshooting Border Gateway Protocol (BGP)

Unanswered Question
Sep 19th, 2013
User Badges:
  • Gold, 750 points or more

Configuring and Troubleshooting Border Gateway Protocol (BGP)With Sandeep Sharma


Welcome to the Cisco Support Community Ask the Expert conversation.  This  is an opportunity to learn and ask questions about issues encountered while configuring and troubleshooting Border Gateway Protocol (BGP) across various Cisco platforms with expert Sandeep Sharma.


BGP is the most widely deployed routing protocol across service provider and enterprise networks.


For more information, visit the introduction to Border Gateway Protocol at:


www.cisco.com/en/US/tech/tk365/tk80/tsd_technology_support_sub-protocol_home.html.


Sandeep Sharma is a customer support engineer in the High-Touch Technical Services Routing Protocols team based in Bangalore. He provides support to major service providers and enterprise customers for routing and MPLS technologies. He has more than seven years of experience working with large enterprise and service provider networks. He also holds a CCIE certification (#39002) in routing and switching.


Remember to use the rating system to let Sandeep know if you have received an adequate response. 


Because of the volume expected during this event, Sandeep might not be able to answer every question. Remember that you can continue the conversation in the Network Infrastructure community, subcommunity WAN, Routing, and Switching shortly after the event. This event lasts through October 4, 2013. Visit this forum often to view responses to your questions and the questions of other Cisco Support Community members.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.8 (13 ratings)
Loading.
dc-csa-blr Mon, 09/23/2013 - 00:33
User Badges:

Hi Sandeep,



PFA My NW diagram with proposed link.


We are using three ISPs bandwith with eBGP, we have our own IP address and ASN.


Now we are going to start another site with different location with same ASN.



Router A NW IP : 102.21.20.0/22 advertised with Three ISP

Router A (ASN ) 23456



Router B NW IP 102.21.22.0/24  advertised with another ISP in different location with same ASN.

Router B (ASN) 23456



When another ISP b/w goes down then i need my all the traffic going via iBGP (Router A).



My Requirement when link goes down between Router – B to another ISP (Proposed) then my all the traffic working via iBGP.


So what configuration in my both the Router A & B to fulfill my requirement.



Thanks in ADV,

Sandeep Sharma Mon, 09/23/2013 - 05:00
User Badges:
  • Cisco Employee,

Hi,


Below is the response on the basis of my understanding to your query:


For giving preference to exit traffic at site A you can use weight attribute as all the ISP's are connected on the same router.

And for influencing the exit traffic for site B you should use the local preference below is the configuration for router B.



router bgp 23456

neighbor remote-as  23456

neighbor remote-as

neighbor route−map setlocalin in         >>>>>>>>. to apply local preference



ip as−path access−list 7 permit ^$       >>>>>>>>> route learned from the ISP4 will be matched here

route−map setlocalin permit 10

match as−path 7

set local−preference 400

route−map setlocalin permit 20

set local−preference 150


>>>>> you can also use default local preference command in place of using AS-path to simplify and you want to use for whole traffic.


- If you want to infulence the incoming traffic you can use MED attribute.



In case you have any specefic query and not answered here please feel free to ask again.


Thanks & Regards

Sandeep

dc-csa-blr Mon, 09/23/2013 - 05:08
User Badges:

Hi Sandeep,


Thanks for your great help...


Bellow config i have to config in my Router A right ??


I am bit confused If as per your suggested config in Router A , becasue why ISP-4 configuration in Router A becasue it is not directely conneceted with Router A it is connected directely with Router B.



Great help pl clear my dought.

Sandeep Sharma Mon, 09/23/2013 - 05:29
User Badges:
  • Cisco Employee,

Hi ,


This is router B configuration not router A. I also mentioned in above reply aswell


Please feel free to contact in case you have any furhter query


Thanks & Regards

Sandeep

dc-csa-blr Mon, 09/23/2013 - 21:49
User Badges:

Hi Sandeep,


Just for clarification you are mention for router B as given bellow.


router bgp 23456

neighbor remote-as  23456 <----------------



I think " neighbor

Sandeep Sharma Tue, 09/24/2013 - 09:44
User Badges:
  • Cisco Employee,

Hi,


You are correct just a typo, it will be the IBGP peer IP address and for RTRB router peer is RTRA. so this is RTRA-IP .


Thanks & Regards

Sandeep

Mohammed Imran Khan Mon, 09/23/2013 - 05:05
User Badges:
  • Cisco Employee,

Hello Sandeep Sir,


Just wanted to know what is a BGP slow-peer and what ar/is the way to mitigate this issue.


/Imran

Sandeep Sharma Mon, 09/23/2013 - 05:43
User Badges:
  • Cisco Employee,

Hi Imran


BGP Slow peer cases often are reported as "missing update", "slow update", "stopped update" or "session flap due to Hold timer expiry when local BGP is not able to send the updates to neighbor for the time interval of hold time" type issues, rather than being identified as a slow peer issue by the customer.


You can confirm that a case is due to a slow peer by issuing


    show ip bgp all summary


and watching the routing table versions associated with various neighbors. The problem neighbor's version will typically increase slowly, if at all, and frequently, but not always, have a large outQ of unsent BGP messages.


The command


    show ip bgp all update-group


    show ip bgp update-group


Will show you which neighbors are in which update-group. A slow peer only impacts neighbors in the same update-group. If there is more than one update-group, you can check and make sure that the impacted neighbors are indeed in the same update-group as the slow peer.


If a * is marked in front of the neighbor then that shows that updates are being sent to the neighbor. If the * mark is not removed for a period of a minute then it must be a slow peer.


One way to find the slow peer is issue


    show ip bgp neighbor


    show ip bgp neighbor


Look for "Keepalives are temporarily in throttle due to closed TCP window" or TCP receive Window Size is very low or Zero. Repeat this for all the neighbors in the update group. If a neighbor displays above message then it might be a probable slow peer. Coupls of reasons for slow peer might be


    There is packet loss and/or high traffic on the link to the peer and the throughput of the BGP TCP connection is very low.

    The peer is heavily loaded in terms of its CPU and cannot service the TCP connection at the required frequency.



You can try few wokraround to fix the slo peer issues like :


- If IOS version doesn't support the Slow peer detection & protection feature then identify the slow peer from the steps listed above and move the slow peer to different update-group group by configuring dummy policy or by changing "advertisement-interval" interval different than the rest of the neighbors "neighbor advertisement-interval



How to mitigate the slow peer:

============================


- While fully resolving a slow peer situation requires addressing the issue which is causing it to be slow, such as packet loss between the RR and the peer, or an overloaded CPU on the slow peer, you can mitigate the problem my moving the individual peer into its own update group, so that its slowness does not impact other peers.


- More recent Cisco IOS releases contain automatic slow peer mitigation features which can be turned on.


- for Older releases which do not contain these features. To mitigate a slow peer on these older releases, you need to change the configuration so that the slow peer is forced into its own update-group. you can do this by configuring a dummy route-map and apply it to just the one peer. You may need to remove the peer from a peer-group or other shared configuration in order to do this.


Moving a neighbor into its own update-group causes the router to engage in additional processing, which will increase CPU utilization and memory consumption.



Hope this answers your query, In case you have anny further query please feel free to post.


Thanks & Regards

Sandeep

Mohammed Imran Khan Mon, 09/23/2013 - 06:49
User Badges:
  • Cisco Employee,

Thanks Sandeep! That was a clear and lucid explanation. It was helpful!!!


/Imran

fromsanjeev Tue, 09/24/2013 - 14:44
User Badges:

HI Sandeep,

Thanks for open up this discussion on BGP actually I’m looking for a BGP solution, my query as below   


If we have 2 WAN routers and a single MPLS connectivity running BGP AS 200, then how we can use our both WAN routers to get hardware redundancy, as service provider is not ready to give duel BGP peer on single link. 


Attaching diagram for more clarity

Thanks/SANJEEV

Sandeep Sharma Thu, 09/26/2013 - 06:30
User Badges:
  • Cisco Employee,

Hi Sanjeev,


With reference to you query it is not recommended to use BGP in this setup because as a best practice BGP is a viable solution when used in dual home scenario so here you can configure IGP with your service provider. Or if you wanted to run BGP you have to ask for 2 eBGP peering with provider.


However if you are keen to run BGP with in the specified conditions you can try a workaround of running eBGP peering on HSRP/VRRP virtual IP but it will cause the delay and only the session initiated by provider router will establish the BGP. You can minimize the delay upto some extent by changing the HSRP and BGP timers.

But apart from delays there will be one problem that your eBGP session from the standby router will be in active state and keep on probing and I think would not be acceptable. This is not a recommended solution and just a workaround.


Hope it answers your query.


Thanks & Regards

Sandeep

fromsanjeev Mon, 09/30/2013 - 09:31
User Badges:

Hi Sandeep,

Simulated in lab, results are same as you mentioned, thanks for your inputs.


/SANJEEV

josh94950 Thu, 09/26/2013 - 20:45
User Badges:

Hi,


We have a VSS domain, with 2 BGP upstream connections (to the same AS), one on each domain-switch...
In BGP we set maximum-paths 2 I'd like to know if there is a way to load-balance over both links outgoing traffic.
I do see both bgp routes in the routing table but VSS is prefering the link on the active switch (as expected I guess), is there a way to overide this behaviour and send traffic over the vsl-link to the other link?  (don't feel for manipulating bgp attributes for half of the routes).

Tnx

Josh.

Sandeep Sharma Sun, 09/29/2013 - 18:54
User Badges:
  • Cisco Employee,

Hi Josh,


First of all in order to utilize both L3 links, you need to make sure that devices are dual-homed to both VSS chassis with Multi-Chassis EtherChannel (MEC), otherwise traffic will only be sent out from the local chassis which is an expected behavior of VSS.


I have seen the similar issue earlier where customer has the single connectivity between LAN and VSS core and soon as he connected to both VSS switches it started load balancing.


If in your case you already have the dual-homed (between VSS core and LAN).Please share the below captures


- show ip bgp    (from vss) and specify any route

- show ip route   (from vss) for the same route in above capture

- traceroute from your VSS switch and LAN to any IP address in outer segment ( from VSS switch, machine and switch below VSS domain in LAN)


Please feel free to contact in case you have any further query.


Thanks & Regards

Sandeep


josh94950 Wed, 10/02/2013 - 12:33
User Badges:

Thanks Sandeep. Although the south bound devices are dual homed but for some reasons they are acitve/standby. We will test this out with Active/Active scenario.


Regards,

Josh.

lee.ajacs Fri, 09/27/2013 - 01:11
User Badges:

Hi,


Can you proide any advice on the best method or tools to monitor route changes. We operate an MPLS network and have various routers configured as VPNs for backup. we run BGP and EIGRP and I'm intersted to know how to track the specific routes and any route changes.


Regards,

Lee

Sandeep Sharma Sun, 09/29/2013 - 20:15
User Badges:
  • Cisco Employee,

Hi Lee


To track route changes you can try the below EEM script that can update you if any new route got added or removed.



event manager applet route-table-monitor

event routing network 0.0.0.0/0 ge 1

action 0.5 set msg "Route changed: Type: $_routing_type, Network: $_routing_network, Mask/Prefix: $_routing_mask, Protocol: $_routing_protocol, GW: $_routing_lastgateway, Intf: $_routing_lastinterface"

action 1.0 syslog msg "$msg"


Hope it answers you query. In case you have any further query please feel free to post.


Thanks & Regards

Sandeep

sathvik k v Mon, 09/30/2013 - 02:17
User Badges:

Hi Sandeep,


The information provide is very helpful thank you.


I have one more query regarding usage of bgp always-compare-med and  bgp deterministic-med.  My understanding is bgp deteministic-med is used for comparison of metric in same AS and bgp always-compare-med is used for comparing metric from different AS. We had a scenario were we observed stale routes in the routing table.  Was informed by TAC  both bgp always-compare-med and  bgp deterministic-med are not required and was asked to disable bgp deterministic med.


Would be helpful  if you can suggest.



Regards,

Sathvik K V

Sandeep Sharma Tue, 10/01/2013 - 21:44
User Badges:
  • Cisco Employee,

Hi Sathvik,


Your understanding is correct,bgp deterministic-med command ensures the comparison of the MED variable when choosing routes advertised by different peers in the same autonomous system and bgp always-compare-med command ensures the comparison of the MED for paths from neighbors in different autonomous systems.


But there is a way and sequence of comparison depending if both are enabled or either one is enabled. Please follow the link below that will help you understanding the MED comparison.


http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094925.shtml


However regarding disabling bgp deterministic med in your condition i am not sure the reason behind it. As it might depends on your situations and you might required both in certain conditions. May be the above link will answer your question. If you wanted me to check that please share the topology and other information related to the problem.


Thanks & Regards

Sandeep

snarayan62 Tue, 10/01/2013 - 09:12
User Badges:

Hallo


Sandeep


I was also looking for the solution for similar problem.  Its a helpful post I tried and its working fine in our networks


Thanks for your valuable guidence


Satnarain gautam

surajit_c Fri, 09/27/2013 - 17:39
User Badges:

Hi Sir,

  We have a Cisco ASR1004 router ESP20/RP2/16GB DRAM acting as our ISP gateway router. It is really an excellent machine. With three peering ISPs with full routing table from each the CPU utilization is <1%. First of all I would like to thank Cisco to manifacture such a wonderful product. Anyway let me come to the point.

1) Recently we tried to peer with a new upstream ISP. But they were not being able to inject full BGP table as their next hop router has some limitations. But they were able to advertise our subnets/ASN to the internet cloud. No issue.

But it turned worse when we requested full BGP feed. They requested us to establish a new peering relation with a multihop router. So we removed the old neighbor statement (which was the next hop router) and added a multihop neighbor (with a static route to reach this multihop neighbor). Though full BGP table was received and our subnets/ASN were visible globally. But any request from our subnets were not reachable even to their next hop router.

e.g. if we ping with providers WAN IP address we can reach everywhere in the internet, but if we ping with our subnet IP address we can not even reach providers next hop router. Earlier with the next hop BGP neighbor this was possible.


So they requested us to add an additional bgp neighbor statement with the next hop IP address that we removed earlier.

This let everything worked. I am confused as their remark was - the multihop neighbor was for receiving full BGP feed and the next hop bgp neighbor statement was to allow traffic from our subnets.


2) Earlier we faced similar situation with our previous ISP also. But they only requested us to add just the multihop bgp neighbor statement (also a static route to this multihop neighbor).  No additional next hop neighbor syntax was required to advertise our subnets/ASN.


Please help me to understand the logic behind both the scenery discussed above.


Thanks and regards

Surajit

Assam, India

Sandeep Sharma Sun, 09/29/2013 - 18:11
User Badges:
  • Cisco Employee,

Hi Surajit,


Thanks for appreciating the cisco products and good to hear that you are satisfied with the ASR routers.


EBGP multihop explanation:

====================

- As you are aware that BGP works on TCP and no direct connectivity is required to build the bgp peering and just need the IP reachability between the BGP speakers/routers.


In case of Ebgp peering we use ebgp-multihop command so that we can customize/change the TTL value.


For better understanding refer the below diagram where we wanted to establish the Ebgp peering between A and C and to achieve this we have to perform 2 things.


RTR A------{RTR B------- RTR C}

CE                            PE's


1. ebgp-multihop command on A (CE) and C (PE) router

2. Static route for reachability of IP on which establishing the BGP peering.


Now coming to your situation why your traffic was getting dropped when you moved to EBGP multihop because your traffic was black-holed on router B/Next hop router (means no routes available on ISP next hop router to reach your network subnets)


As a solution to this problem ISP would have recommended to configure EBGP peering with next hop so this router gets the routing information for you subnets.


However previous ISP hasn’t asked you to configure 2 eBGP peerings as they would have running iBGP session between their routers (Next hop router and EBGP multihop router or router B& C as per my diagram) and by this way ISP next hop router was getting your network subnet information.


Hope it clarifies your doubts. Please feel free to contact in case you have any further query.


Thanks & Regards

Sandeep

sathvik k v Sun, 09/29/2013 - 21:10
User Badges:

Hi Sandeep,



I have one cisco 7609 connected to cisco 7206 over multilple links of different bandwidth. Load sharing works well initially. Whenever there is a flap or link goes down the share count value is changed abnormally. This causes few of the links to be higly utilized and leaving the rest under utilized. bgp dmzlink-bw is enabled globally and dmzlink-bw is enabled per neighbor.



Configuration is as follows.


Router bgp XX

neighbor x.x.x.x remote-as --

neighbor x.x.x.x activate

neighbor x.x.x.x send-community both

neighbor x.x.x.x soft-reconfiguration inbound

neighbor x.x.x.x dmzlink-bw

bgp dmzlink-bw


Regards,

Sathvik      

sathvik k v Tue, 10/01/2013 - 01:52
User Badges:

Hi Sandeep,


The information provide is very helpful thank you.


I have one more query regarding usage of bgp always-compare-med and  bgp deterministic-med.  My understanding is bgp deteministic-med is used for comparison of metric in same AS and bgp always-compare-med is used for comparing metric from different AS. We had a scenario were we observed stale routes in the routing table.  Was informed by TAC  both bgp always-compare-med and  bgp deterministic-med are not required and was asked to disable bgp deterministic med.


Would be helpful  if you can suggest.



Regards,

Sathvik K V

Sandeep Sharma Thu, 10/03/2013 - 01:57
User Badges:
  • Cisco Employee,

Hi Sathvik,


Your understanding is correct,bgp deterministic-med command ensures the comparison of the MED variable when choosing routes advertised by different peers in the same autonomous system and bgp always-compare-med command ensures the comparison of the MED for paths from neighbors in different autonomous systems.


But there is a way and sequence of comparison depending if both are enabled or either one is enabled. Please follow the link below that will help you understanding the MED comparison.


http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094925.shtml


However regarding disabling bgp deterministic med in your condition i am not sure the reason behind it. As it might depends on your situations and you might required both in certain conditions. May be the above link will answer your question. If you wanted me to check that please share the topology and other information related to the problem.


Thanks & Regards

Sandeep

Sandeep Sharma Mon, 09/30/2013 - 00:20
User Badges:
  • Cisco Employee,

Hi Sathvik


I think this is nothing to do with BGP and depends on mls cef.


If it seen on the 7600 side you might refer the below  link for understanding the loadbalancing, I have taken the below capture  from the same link that may help you  :


http://www.cisco.com/en/US/products/hw/switches/ps700/products_configuration_example09186a00800ab513.shtml


==========


The mls ip cef load-sharing simple command gives a better load balance and avoids a new adjacency in the forwarding engine. Also, the mls ip cef load-sharing full command is a load balancing algorithm recommended for a single-stage  CEF that includes a load balancing algorithm for L4 ports. In order to  achieve the best CEF load balancing, alternate L3 and L4 hashing on  access, distribution and core routers, and use this type of  configuration:


On access and core routers -mls ip cef load-sharing simple

On distribution routers - mls ip cef load-sharing full


The mls ip cef load-sharing full command can  improve load balancing if there is a good mix of L4 ports in the  network. With the SRB2 image it can used in all adjacencies such as  ip2ip, ip2tag, tag2tag and tag2ip cases. However, with SRA it works  only with ip2ip, ip2tag adjacency.


===========

Please feel free to contact in case you have any query.


Thanks & Regads

Sandeep

Mahabir Prasad Tue, 10/01/2013 - 09:12
User Badges:
  • Cisco Employee,

Hi Sandeep


Can you throw some light on ospf specific bgp attributes and how they are used in ospf superbackbone?


Thanks

Mahavir

Sandeep Sharma Thu, 10/03/2013 - 02:07
User Badges:
  • Cisco Employee,

Hi Mahabir


As per my understanding your query is  related to the designing and  ASBR that will run BGP with other ASBRs  external to the AS and OSPF as its IGP. For related to this you can find the compete details in RFC1403. Please refer the link below and feel free to contact in case you need any clarification.


http://tools.ietf.org/html/rfc1403


Thanks & Regards

Sandeep

Mahabir Prasad Thu, 10/03/2013 - 02:44
User Badges:
  • Cisco Employee,

Hi Sandeep


Thanks for the pointing in to right direction.


Regards

Mahavir

snarayan62 Tue, 10/01/2013 - 22:44
User Badges:

Hi Sandeep,


Can you please explain what is BGP peer groups and what is the benift of using this.


Regards

SN Gautam

Sandeep Sharma Thu, 10/03/2013 - 02:20
User Badges:
  • Cisco Employee,

Hi Satnarain


BGP peer group is a good concept which is very helpful in reducing the CPU processing for the BGP running device.You can group BGP neighbors who share the same outbound policies together in what is called a BGP peer group. Instead of configuring each neighbor with the same policy individually, a peer group allows you to group the policies which can be applied to individual peers thus making efficient update calculation along with simplified configuration.


Benifits of configuring BGP peer group:

============================

The major benefit you achieve when you specify a BGP peer group is that a BGP peer group reduces the amount of system resources (CPU and memory) necessary in an update generation. In addition, a BGP peer group also simplifies the BGP configuration. A BGP peer group reduces the load on system resources by allowing the routing table to be checked only once, and updates to be replicated to all peer group members instead of being done individually for each peer in the peer group. Based on the number of peer group members, the number of prefixes in the table, and the number of prefixes advertised, this can significantly reduce the load. It is recommended that you group together peers with identical outbound announcement policies.


Hope this answers your queries. Please feel free to contact in case you need any further clarification.


Thanks & Regards

Sandeep

snarayan62 Tue, 10/01/2013 - 22:48
User Badges:

Hi Sandeep,


Can you please explain what is BGP peer groups and what is the benift of using this.


Regards

Sandeep Sharma Thu, 10/03/2013 - 02:27
User Badges:
  • Cisco Employee,

Hi Satnarain


I think by mistake you have posted the query twice. I have responded to your query please refer the above section/reply.


Thanks & Regards

Sandeep

snarayan62 Thu, 10/03/2013 - 02:33
User Badges:

Hi Sandeep


Your posted reply is very helpful to my team


Thanks


SNG

hanuman121 Thu, 10/03/2013 - 03:14
User Badges:

Hi Sandeep


Need to know what is the best possible way that RTA should reach network 160.10.0.0 directly via RTB rather taking the path to RTC because here in this router RTA will have the this route preferred via EBGP (Ad=20) as compared to EIGRP. Do we have any other option that changing the AD value to achieve this? Refer the below link for diagram






Thanks


Hanuman



Sandeep Sharma Thu, 10/03/2013 - 08:52
User Badges:
  • Cisco Employee,

Hi Hanuman


Considering your query and diagram, RTA and RTC are running EBGP, and RTB and RTC are running EBGP. RTA and RTB are running Eigrp.By definition, EBGP updates have a distance of 20 which is lower than the Eigrp (90) distances.



RTA will receive updates about 160.10.0.0 via two routing protocols: EBGP with a distance of 20 and EIGRP with a distance higher than 20 (=90).



On way to fulfil your requirement s to change EBGP's external distance or IGP's distance, but which is not recommended. So the solution to your problemis to Use BGP backdoor.


BGP backdoor makes the IGP route the preferred route.



Command to configure Backdoor

========================


The configured network is the network that we would like to reach via IGP. For BGP this network will be treated as a locally assigned network except it will not be advertised in BGP updates.



    RTA#

    router eigrp 10

    network 160.10.0.0

    router bgp 100

    neighbor 2.2.2.1 remote−as 300

    network 160.10.0.0 backdoor


Network 160.10.0.0 is treated as a local entry, but is not advertised as a normal network entry.

RTA learns 160.10.0.0 from RTB via EIGRP with distance 90, and also learns it from RTC via EBGP with distance 20. Normally EBGP is preferred, but because of the backdoor command EIGRP is preferred.



Hope it answers your query. Please feel free to contact in case you have any query or need any further clarification.


Thanks & Regards

Sandeep

hanuman121 Fri, 10/04/2013 - 01:49
User Badges:

Hi Sandeep


Thanks for your given solution I implemented this solution and working fine


Thanks and Regards


Hanuman

Actions

This Discussion

Related Content