08-01-2013 04:01 AM - edited 03-04-2019 08:37 PM
Failover
=========
I did an admin shut on gi 0/1 of R1..
It took around 3 minutes for R3 and R5 to reflect this change..(to change the path for prefix A)
Failback:
=========
I have enabled Gi 0/1 on R1
It look less than a minute for R3 and R5 to reflected this change.
The failover time needs to be improved as it cause application like office communicator, outlook etc
to kick off the session and prompt for relogin as they failover from primary to secondary path.
1) When there is an actual outage for the Gi 0/1 circuit of R1, will it react the same way.i.e, will R3 and R5 take so long (around
3 minutes) to reflect this change?
2) What and whose BGP timers has to be tuned in order to achieve a quick failover (around 1 minute)?
Regards
Vinayak
Solved! Go to Solution.
08-02-2013 08:40 AM
The problem is that the PE router will wait until the holdtime expiration to invalidate the routes received from the CE. A solution for this case and type of access would be to change the timers to 15 45 or 10 30 or even better, configure BFD, which could detect the failure in the access in milliseconds.
Be aware that the update generation plays a major role in improving the BGP convergence time. The timer that controls the update generation is the minimum advertisement interval:
neighbor advertisement-interval
By default, the values in latest IOS are:
eBGP: 30 seconds
iBGP: 0 seconds
eBGP and iBGP in VRF: 0 seconds
So, in your case I would also change the default to 0 seconds.
Best Regards,
Jose.
08-01-2013 04:12 AM
Hi Vinayak,
Looks like you have default BGP timer on the neighbor. If the neighbor is formed from the interface IP address, interface down should trigger BGP neighbor immediately. If the BGP neighbor is formed from other IP, like loopback, then it will wait for 3 mins. You can tune the BGP timer on either side, the neighbors will negotiate timers when session come up.
HTH,
Lei Tian
Sent from Cisco Technical Support iPhone App
08-01-2013 04:18 AM
08-01-2013 05:24 PM
What kind of link is between the BGP neighbor? Does shutdown the interface on one side triggers the interface down on the other side? How is the backup path learned?
HTH,
Lei Tian
Sent from Cisco Technical Support iPhone App
08-02-2013 02:57 AM
1) it is an ethernet link just peers from our CE to PE..we do not run MPLS on our CE..it starts from PE.
2) When i shutdown the ethernet WAN interface ..i assume it will be immediately recognized by the PE.
3) On the router R 3, prefix A is learnt via ebgp and ibgp..ebgp is preferred normally and when R1's WAN is shutdown it takes around 3 minutes to purge ebgp route and install ibgp on the fib.
Regards
Vinayak
08-02-2013 04:47 AM
Interface down on CE may not trigger down on PE side, but your CE router should drop BGP neighbor. Can you share the BGP part configuration on your CE? Can you also share the output of 'show IP BGP sum' and 'show IP BGP x.x.x.x' after you shutdown the interface?
HTH,
Lei Tian
Sent from Cisco Technical Support iPhone App
08-02-2013 08:40 AM
The problem is that the PE router will wait until the holdtime expiration to invalidate the routes received from the CE. A solution for this case and type of access would be to change the timers to 15 45 or 10 30 or even better, configure BFD, which could detect the failure in the access in milliseconds.
Be aware that the update generation plays a major role in improving the BGP convergence time. The timer that controls the update generation is the minimum advertisement interval:
neighbor advertisement-interval
By default, the values in latest IOS are:
eBGP: 30 seconds
iBGP: 0 seconds
eBGP and iBGP in VRF: 0 seconds
So, in your case I would also change the default to 0 seconds.
Best Regards,
Jose.
08-02-2013 08:57 AM
For configuring BFD, should I make changes on both CE and PE routers?
We manage only CE and just peer with PE via eBGP..
Regards
Vinayak
08-02-2013 09:03 AM
Yes, in both sides.
08-02-2013 09:06 AM
ok ..i got the point ..they should be bfd neighbhors..so it should be conigured at both ends..i am not sure how my SP will react for this..
On the other hand if I change my adv interval as 15 45...I dont think PE end should also be configured the same..eBGP peering should negotiate for low timers..is that correct ? will this flap my eBGP session ?
08-02-2013 09:12 AM
Correct, both are negotiated to the lowest value. You should do a hard reset for the change. I have seen providers using the timers 10 30 and 15 45 in MPLS/VPN environments without problems.
08-02-2013 09:23 AM
Hi Jose,
One small correction. Only the holdtime is negotiated via the BGP open message.
Regards
08-02-2013 09:24 AM
Hi Jose,
'The problem is that the PE router will wait until the holdtime expiration to invalidate the routes received from the CE. '
This is not the problem here. The problem is shutdown the interface on CE, doesn't trigger eBGP neighbor down on CE. This should be default behavior if neighbor is from the interface IP.
If the CE can detect the link failure and shutdown BGP neighbor, it should failover to the backup iBGP path. The CE router doesnt need to wait for PE router to invalidate routes.
Tune BGP timer, and BFD (if provider agrees to do, and the platfrom supports it) can help, but not the solution for initial problem.
Regards,
Lei Tian
08-02-2013 10:14 AM
Lei,
yes, if you shutdown the interface, this is the default behavior because bgp fast-external-fallover is activated by default. If it has been disabled, it will wait until the holdtime expiration to tear down the BGP session.
"If the CE can detect the link failure and shutdown BGP neighbor, it should failover to the backup iBGP path. The CE router doesnt need to wait for PE router to invalidate routes."
My suggestion is for a real outage. The CE will not detect the link failure in this type of access by default, which is Ethernet. The CE router will failover to the backup, correct, but what happens to the routes that the CE's are sending ? It will be still installed in the primary PE as best routes until it invalidates which will be until holdtime expiration.
Harold,
I think both are negotiated to the smaller value. I have done a quick test and this is the behavior:
R7#show ip bgp neighbors | i keep
Last read 00:00:01, last write 00:00:02, hold time is 30, keepalive interval is 10 seconds
But it has the default timers configured:
router bgp 200
no synchronization
bgp log-neighbor-changes
neighbor 10.1.57.5 remote-as 100
no auto-summary
The other peer:
R5#show ip bgp neighbors | i keep
Last read 00:00:06, last write 00:00:03, hold time is 30, keepalive interval is 10 seconds
Configured hold time is 30, keepalive interval is 10 seconds
Best Regards,
Jose.
08-02-2013 11:08 AM
Hi Jose,
All correct, but you are making some assumption here. Which is why I was asking for running and show output.
Regards,
Lei Tian
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: