Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

Ask the Expert: Configuring and Troubleshooting Border Gateway Protocol (BGP)

Configuring and Troubleshooting Border Gateway Protocol (BGP)With Sandeep Sharma

Welcome to the Cisco Support Community Ask the Expert conversation.  This  is an opportunity to learn and ask questions about issues encountered while configuring and troubleshooting Border Gateway Protocol (BGP) across various Cisco platforms with expert Sandeep Sharma.

BGP is the most widely deployed routing protocol across service provider and enterprise networks.

For more information, visit the introduction to Border Gateway Protocol at:

www.cisco.com/en/US/tech/tk365/tk80/tsd_technology_support_sub-protocol_home.html.

Sandeep Sharma is a customer support engineer in the High-Touch Technical Services Routing Protocols team based in Bangalore. He provides support to major service providers and enterprise customers for routing and MPLS technologies. He has more than seven years of experience working with large enterprise and service provider networks. He also holds a CCIE certification (#39002) in routing and switching.

Remember to use the rating system to let Sandeep know if you have received an adequate response. 

Because of the volume expected during this event, Sandeep might not be able to answer every question. Remember that you can continue the conversation in the Network Infrastructure community, subcommunity WAN, Routing, and Switching shortly after the event. This event lasts through October 4, 2013. Visit this forum often to view responses to your questions and the questions of other Cisco Support Community members.

38 REPLIES
Community Member

Re: Configuring and Troubleshooting Border Gateway Protocol (BGP

Hi Sandeep,

PFA My NW diagram with proposed link.

We are using three ISPs bandwith with eBGP, we have our own IP address and ASN.

Now we are going to start another site with different location with same ASN.

Router A NW IP : 102.21.20.0/22 advertised with Three ISP

Router A (ASN ) 23456

Router B NW IP 102.21.22.0/24  advertised with another ISP in different location with same ASN.

Router B (ASN) 23456

When another ISP b/w goes down then i need my all the traffic going via iBGP (Router A).

My Requirement when link goes down between Router – B to another ISP (Proposed) then my all the traffic working via iBGP.

So what configuration in my both the Router A & B to fulfill my requirement.

Thanks in ADV,

Cisco Employee

Configuring and Troubleshooting Border Gateway Protocol (BGP)

Hi,

Below is the response on the basis of my understanding to your query:

For giving preference to exit traffic at site A you can use weight attribute as all the ISP's are connected on the same router.

And for influencing the exit traffic for site B you should use the local preference below is the configuration for router B.

router bgp 23456

neighbor remote-as  23456

neighbor remote-as

neighbor route−map setlocalin in         >>>>>>>>. to apply local preference

ip as−path access−list 7 permit ^$       >>>>>>>>> route learned from the ISP4 will be matched here

route−map setlocalin permit 10

match as−path 7

set local−preference 400

route−map setlocalin permit 20

set local−preference 150

>>>>> you can also use default local preference command in place of using AS-path to simplify and you want to use for whole traffic.

- If you want to infulence the incoming traffic you can use MED attribute.

In case you have any specefic query and not answered here please feel free to ask again.

Thanks & Regards

Sandeep

Community Member

Configuring and Troubleshooting Border Gateway Protocol (BGP)

Hi Sandeep,

Thanks for your great help...

Bellow config i have to config in my Router A right ??

I am bit confused If as per your suggested config in Router A , becasue why ISP-4 configuration in Router A becasue it is not directely conneceted with Router A it is connected directely with Router B.

Great help pl clear my dought.

Cisco Employee

Configuring and Troubleshooting Border Gateway Protocol (BGP)

Hi ,

This is router B configuration not router A. I also mentioned in above reply aswell

Please feel free to contact in case you have any furhter query

Thanks & Regards

Sandeep

Community Member

Configuring and Troubleshooting Border Gateway Protocol (BGP)

Hi Sandeep,

Just for clarification you are mention for router B as given bellow.

router bgp 23456

neighbor remote-as  23456 <----------------

I think " neighbor

Cisco Employee

Configuring and Troubleshooting Border Gateway Protocol (BGP)

Hi,

You are correct just a typo, it will be the IBGP peer IP address and for RTRB router peer is RTRA. so this is RTRA-IP .

Thanks & Regards

Sandeep

Cisco Employee

Configuring and Troubleshooting Border Gateway Protocol (BGP)

Hello Sandeep Sir,

Just wanted to know what is a BGP slow-peer and what ar/is the way to mitigate this issue.

/Imran

Cisco Employee

Configuring and Troubleshooting Border Gateway Protocol (BGP)

Hi Imran

BGP Slow peer cases often are reported as "missing update", "slow update", "stopped update" or "session flap due to Hold timer expiry when local BGP is not able to send the updates to neighbor for the time interval of hold time" type issues, rather than being identified as a slow peer issue by the customer.

You can confirm that a case is due to a slow peer by issuing

    show ip bgp all summary

and watching the routing table versions associated with various neighbors. The problem neighbor's version will typically increase slowly, if at all, and frequently, but not always, have a large outQ of unsent BGP messages.

The command

    show ip bgp all update-group

    show ip bgp update-group

Will show you which neighbors are in which update-group. A slow peer only impacts neighbors in the same update-group. If there is more than one update-group, you can check and make sure that the impacted neighbors are indeed in the same update-group as the slow peer.

If a * is marked in front of the neighbor then that shows that updates are being sent to the neighbor. If the * mark is not removed for a period of a minute then it must be a slow peer.

One way to find the slow peer is issue

    show ip bgp neighbor

    show ip bgp neighbor

Look for "Keepalives are temporarily in throttle due to closed TCP window" or TCP receive Window Size is very low or Zero. Repeat this for all the neighbors in the update group. If a neighbor displays above message then it might be a probable slow peer. Coupls of reasons for slow peer might be

    There is packet loss and/or high traffic on the link to the peer and the throughput of the BGP TCP connection is very low.

    The peer is heavily loaded in terms of its CPU and cannot service the TCP connection at the required frequency.

You can try few wokraround to fix the slo peer issues like :

- If IOS version doesn't support the Slow peer detection & protection feature then identify the slow peer from the steps listed above and move the slow peer to different update-group group by configuring dummy policy or by changing "advertisement-interval" interval different than the rest of the neighbors "neighbor advertisement-interval

How to mitigate the slow peer:

============================

- While fully resolving a slow peer situation requires addressing the issue which is causing it to be slow, such as packet loss between the RR and the peer, or an overloaded CPU on the slow peer, you can mitigate the problem my moving the individual peer into its own update group, so that its slowness does not impact other peers.

- More recent Cisco IOS releases contain automatic slow peer mitigation features which can be turned on.

- for Older releases which do not contain these features. To mitigate a slow peer on these older releases, you need to change the configuration so that the slow peer is forced into its own update-group. you can do this by configuring a dummy route-map and apply it to just the one peer. You may need to remove the peer from a peer-group or other shared configuration in order to do this.

Moving a neighbor into its own update-group causes the router to engage in additional processing, which will increase CPU utilization and memory consumption.

Hope this answers your query, In case you have anny further query please feel free to post.

Thanks & Regards

Sandeep

Cisco Employee

Configuring and Troubleshooting Border Gateway Protocol (BGP)

Thanks Sandeep! That was a clear and lucid explanation. It was helpful!!!

/Imran

Community Member

Configuring and Troubleshooting Border Gateway Protocol (BGP)

HI Sandeep,

Thanks for open up this discussion on BGP actually I’m looking for a BGP solution, my query as below   

If we have 2 WAN routers and a single MPLS connectivity running BGP AS 200, then how we can use our both WAN routers to get hardware redundancy, as service provider is not ready to give duel BGP peer on single link. 

Attaching diagram for more clarity

Thanks/SANJEEV

Cisco Employee

Configuring and Troubleshooting Border Gateway Protocol (BGP)

Hi Sanjeev,

With reference to you query it is not recommended to use BGP in this setup because as a best practice BGP is a viable solution when used in dual home scenario so here you can configure IGP with your service provider. Or if you wanted to run BGP you have to ask for 2 eBGP peering with provider.

However if you are keen to run BGP with in the specified conditions you can try a workaround of running eBGP peering on HSRP/VRRP virtual IP but it will cause the delay and only the session initiated by provider router will establish the BGP. You can minimize the delay upto some extent by changing the HSRP and BGP timers.

But apart from delays there will be one problem that your eBGP session from the standby router will be in active state and keep on probing and I think would not be acceptable. This is not a recommended solution and just a workaround.

Hope it answers your query.

Thanks & Regards

Sandeep

Community Member

Re: Configuring and Troubleshooting Border Gateway Protocol (BGP

Hi Sandeep,

Simulated in lab, results are same as you mentioned, thanks for your inputs.

/SANJEEV

Community Member

Configuring and Troubleshooting Border Gateway Protocol (BGP)

Hi,

We have a VSS domain, with 2 BGP upstream connections (to the same AS), one on each domain-switch...
In BGP we set maximum-paths 2 I'd like to know if there is a way to load-balance over both links outgoing traffic.
I do see both bgp routes in the routing table but VSS is prefering the link on the active switch (as expected I guess), is there a way to overide this behaviour and send traffic over the vsl-link to the other link?  (don't feel for manipulating bgp attributes for half of the routes).

Tnx

Josh.

Cisco Employee

Re: Configuring and Troubleshooting Border Gateway Protocol (BGP

Hi Josh,

First of all in order to utilize both L3 links, you need to make sure that devices are dual-homed to both VSS chassis with Multi-Chassis EtherChannel (MEC), otherwise traffic will only be sent out from the local chassis which is an expected behavior of VSS.

I have seen the similar issue earlier where customer has the single connectivity between LAN and VSS core and soon as he connected to both VSS switches it started load balancing.

If in your case you already have the dual-homed (between VSS core and LAN).Please share the below captures

- show ip bgp    (from vss) and specify any route

- show ip route   (from vss) for the same route in above capture

- traceroute from your VSS switch and LAN to any IP address in outer segment ( from VSS switch, machine and switch below VSS domain in LAN)

Please feel free to contact in case you have any further query.

Thanks & Regards

Sandeep


Community Member

Configuring and Troubleshooting Border Gateway Protocol (BGP)

Thanks Sandeep. Although the south bound devices are dual homed but for some reasons they are acitve/standby. We will test this out with Active/Active scenario.

Regards,

Josh.

Community Member

Configuring and Troubleshooting Border Gateway Protocol (BGP)

Hi,

Can you proide any advice on the best method or tools to monitor route changes. We operate an MPLS network and have various routers configured as VPNs for backup. we run BGP and EIGRP and I'm intersted to know how to track the specific routes and any route changes.

Regards,

Lee

Cisco Employee

Configuring and Troubleshooting Border Gateway Protocol (BGP)

Hi Lee

To track route changes you can try the below EEM script that can update you if any new route got added or removed.

event manager applet route-table-monitor

event routing network 0.0.0.0/0 ge 1

action 0.5 set msg "Route changed: Type: $_routing_type, Network: $_routing_network, Mask/Prefix: $_routing_mask, Protocol: $_routing_protocol, GW: $_routing_lastgateway, Intf: $_routing_lastinterface"

action 1.0 syslog msg "$msg"

Hope it answers you query. In case you have any further query please feel free to post.

Thanks & Regards

Sandeep

Community Member

Configuring and Troubleshooting Border Gateway Protocol (BGP)

Hi Sandeep,

The information provide is very helpful thank you.

I have one more query regarding usage of bgp always-compare-med and  bgp deterministic-med.  My understanding is bgp deteministic-med is used for comparison of metric in same AS and bgp always-compare-med is used for comparing metric from different AS. We had a scenario were we observed stale routes in the routing table.  Was informed by TAC  both bgp always-compare-med and  bgp deterministic-med are not required and was asked to disable bgp deterministic med.

Would be helpful  if you can suggest.

Regards,

Sathvik K V

Cisco Employee

Configuring and Troubleshooting Border Gateway Protocol (BGP)

Hi Sathvik,

Your understanding is correct,bgp deterministic-med command ensures the comparison of the MED variable when choosing routes advertised by different peers in the same autonomous system and bgp always-compare-med command ensures the comparison of the MED for paths from neighbors in different autonomous systems.

But there is a way and sequence of comparison depending if both are enabled or either one is enabled. Please follow the link below that will help you understanding the MED comparison.

http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094925.shtml

However regarding disabling bgp deterministic med in your condition i am not sure the reason behind it. As it might depends on your situations and you might required both in certain conditions. May be the above link will answer your question. If you wanted me to check that please share the topology and other information related to the problem.

Thanks & Regards

Sandeep

Community Member

Configuring and Troubleshooting Border Gateway Protocol (BGP)

Hallo

Sandeep

I was also looking for the solution for similar problem.  Its a helpful post I tried and its working fine in our networks

Thanks for your valuable guidence

Satnarain gautam

Community Member

Configuring and Troubleshooting Border Gateway Protocol (BGP)

Hi Sir,

  We have a Cisco ASR1004 router ESP20/RP2/16GB DRAM acting as our ISP gateway router. It is really an excellent machine. With three peering ISPs with full routing table from each the CPU utilization is <1%. First of all I would like to thank Cisco to manifacture such a wonderful product. Anyway let me come to the point.

1) Recently we tried to peer with a new upstream ISP. But they were not being able to inject full BGP table as their next hop router has some limitations. But they were able to advertise our subnets/ASN to the internet cloud. No issue.

But it turned worse when we requested full BGP feed. They requested us to establish a new peering relation with a multihop router. So we removed the old neighbor statement (which was the next hop router) and added a multihop neighbor (with a static route to reach this multihop neighbor). Though full BGP table was received and our subnets/ASN were visible globally. But any request from our subnets were not reachable even to their next hop router.

e.g. if we ping with providers WAN IP address we can reach everywhere in the internet, but if we ping with our subnet IP address we can not even reach providers next hop router. Earlier with the next hop BGP neighbor this was possible.

So they requested us to add an additional bgp neighbor statement with the next hop IP address that we removed earlier.

This let everything worked. I am confused as their remark was - the multihop neighbor was for receiving full BGP feed and the next hop bgp neighbor statement was to allow traffic from our subnets.

2) Earlier we faced similar situation with our previous ISP also. But they only requested us to add just the multihop bgp neighbor statement (also a static route to this multihop neighbor).  No additional next hop neighbor syntax was required to advertise our subnets/ASN.

Please help me to understand the logic behind both the scenery discussed above.

Thanks and regards

Surajit

Assam, India

Cisco Employee

Configuring and Troubleshooting Border Gateway Protocol (BGP)

Hi Surajit,

Thanks for appreciating the cisco products and good to hear that you are satisfied with the ASR routers.

EBGP multihop explanation:

====================

- As you are aware that BGP works on TCP and no direct connectivity is required to build the bgp peering and just need the IP reachability between the BGP speakers/routers.

In case of Ebgp peering we use ebgp-multihop command so that we can customize/change the TTL value.

For better understanding refer the below diagram where we wanted to establish the Ebgp peering between A and C and to achieve this we have to perform 2 things.

RTR A------{RTR B------- RTR C}

CE                            PE's

1. ebgp-multihop command on A (CE) and C (PE) router

2. Static route for reachability of IP on which establishing the BGP peering.

Now coming to your situation why your traffic was getting dropped when you moved to EBGP multihop because your traffic was black-holed on router B/Next hop router (means no routes available on ISP next hop router to reach your network subnets)

As a solution to this problem ISP would have recommended to configure EBGP peering with next hop so this router gets the routing information for you subnets.

However previous ISP hasn’t asked you to configure 2 eBGP peerings as they would have running iBGP session between their routers (Next hop router and EBGP multihop router or router B& C as per my diagram) and by this way ISP next hop router was getting your network subnet information.

Hope it clarifies your doubts. Please feel free to contact in case you have any further query.

Thanks & Regards

Sandeep

Community Member

Configuring and Troubleshooting Border Gateway Protocol (BGP)

Hi Sandeep,

I have one cisco 7609 connected to cisco 7206 over multilple links of different bandwidth. Load sharing works well initially. Whenever there is a flap or link goes down the share count value is changed abnormally. This causes few of the links to be higly utilized and leaving the rest under utilized. bgp dmzlink-bw is enabled globally and dmzlink-bw is enabled per neighbor.

Configuration is as follows.

Router bgp XX

neighbor x.x.x.x remote-as --

neighbor x.x.x.x activate

neighbor x.x.x.x send-community both

neighbor x.x.x.x soft-reconfiguration inbound

neighbor x.x.x.x dmzlink-bw

bgp dmzlink-bw

Regards,

Sathvik      

Cisco Employee

Re: Configuring and Troubleshooting Border Gateway Protocol (BGP

Hi Sathvik

I think this is nothing to do with BGP and depends on mls cef.

If it seen on the 7600 side you might refer the below  link for understanding the loadbalancing, I have taken the below capture  from the same link that may help you  :

http://www.cisco.com/en/US/products/hw/switches/ps700/products_configuration_example09186a00800ab513.shtml

==========

The mls ip cef load-sharing simple command gives a better load balance and avoids a new adjacency in the forwarding engine. Also, the mls ip cef load-sharing full command is a load balancing algorithm recommended for a single-stage  CEF that includes a load balancing algorithm for L4 ports. In order to  achieve the best CEF load balancing, alternate L3 and L4 hashing on  access, distribution and core routers, and use this type of  configuration:

On access and core routers -mls ip cef load-sharing simple

On distribution routers - mls ip cef load-sharing full

The mls ip cef load-sharing full command can  improve load balancing if there is a good mix of L4 ports in the  network. With the SRB2 image it can used in all adjacencies such as  ip2ip, ip2tag, tag2tag and tag2ip cases. However, with SRA it works  only with ip2ip, ip2tag adjacency.

===========

Please feel free to contact in case you have any query.

Thanks & Regads

Sandeep

Community Member

Configuring and Troubleshooting Border Gateway Protocol (BGP)

Hi Sandeep,

The information provide is very helpful thank you.

I have one more query regarding usage of bgp always-compare-med and  bgp deterministic-med.  My understanding is bgp deteministic-med is used for comparison of metric in same AS and bgp always-compare-med is used for comparing metric from different AS. We had a scenario were we observed stale routes in the routing table.  Was informed by TAC  both bgp always-compare-med and  bgp deterministic-med are not required and was asked to disable bgp deterministic med.

Would be helpful  if you can suggest.

Regards,

Sathvik K V

Cisco Employee

Configuring and Troubleshooting Border Gateway Protocol (BGP)

Hi Sathvik,

Your understanding is correct,bgp deterministic-med command ensures the comparison of the MED variable when choosing routes advertised by different peers in the same autonomous system and bgp always-compare-med command ensures the comparison of the MED for paths from neighbors in different autonomous systems.

But there is a way and sequence of comparison depending if both are enabled or either one is enabled. Please follow the link below that will help you understanding the MED comparison.

http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094925.shtml

However regarding disabling bgp deterministic med in your condition i am not sure the reason behind it. As it might depends on your situations and you might required both in certain conditions. May be the above link will answer your question. If you wanted me to check that please share the topology and other information related to the problem.

Thanks & Regards

Sandeep

Cisco Employee

Configuring and Troubleshooting Border Gateway Protocol (BGP)

Hi Sandeep

Can you throw some light on ospf specific bgp attributes and how they are used in ospf superbackbone?

Thanks

Mahavir

Cisco Employee

Configuring and Troubleshooting Border Gateway Protocol (BGP)

Hi Mahabir

As per my understanding your query is  related to the designing and  ASBR that will run BGP with other ASBRs  external to the AS and OSPF as its IGP. For related to this you can find the compete details in RFC1403. Please refer the link below and feel free to contact in case you need any clarification.

http://tools.ietf.org/html/rfc1403

Thanks & Regards

Sandeep

Cisco Employee

Configuring and Troubleshooting Border Gateway Protocol (BGP)

Hi Sandeep

Thanks for the pointing in to right direction.

Regards

Mahavir

7447
Views
68
Helpful
38
Replies
CreatePlease to create content