I have two routers mulithomed to one ISP so we have 2 CE's(r1 and r2) with ebgp peerings with 2 x ISP PE routers.Our own two routers r1 and r2 have an ibgp peering.My question is as follows. Recently we had issues on the primary due to insufficient memory resources so I failed over manually( lowered metric and switched over HSRP) on to the backup router ; now all traffic is using backup as the entry/exit point which is fine. We are now also getting a default route of the ISP to R1 and the full table to R2.
One thing I have noticed is that R1 even thought it is now getting a default route from the ISP we still get the full bgp table of R2 through the ibgp peering. Should I have some filtering in place here ?What is the best thing to do and is it any cause for concern ?
if now the memory usage is again acceptable (you don't receive anymore a full table on the eBGP session) you are fine.
Otherwise you can filter on the iBGP session to avoid loading R1 on the internal session.
if you filter everything you don't need the iBGP session anymore just shutdown it.
track the state of wan interface on R2.
on R2 you could implement HSRP with object tracking to check that the eBGP session is alive (you can check presence/reachability of an ip subnet)
Hope to help
Thanks , Yes I have HSRP/Tracking on R2 Wan outside interface.If I wanted to leave ibgp session in place ( is there a benefit to this now )what is best way to filter to R1 then ?
my suggestion is to use object tracking to really detect if the eBGP session is operational or not.
Tracking the WAN interface is fine but doesn't cover all possible cases: config error on provider or problems on ISP router making the BGP session not working but the link is still up.
If you do so the IBGP session loses all utility.
By the way using an iBGP session to send a default route to R1 that is never used can be something you can do otherwise what criteria to use to decide what prefixes to send from R2 to R1 ?
The only suggestion I can give is that if your enterprise is doing some extranet with business partners you may be interested on receiving some specific routes representing the partners' ip networks.
This could be a criteria to use for accepting routes on R1 from the eBGP session itself.
You coud use a feature called ORF that allows R1 to send a prefx list to say what routes it wants to receive instead of filtering inbound a whole table
In this way you coud optimize traffic to partners without overwhelming R1's memory.
Note: unfortunately ORF isn't widely supported I've found documents only for GSR and CRS.
Hope to help
You can also filter out long prefixes (for example, longer than /24) with prefix list. Full BGP table should start to consume less memory.
ip prefix-list inbound-nets seq 5 permit 0.0.0.0/0 le 24
router bgp 65535
neighbor 10.10.10.10 prefix-list inbound-nets in
How many prefixes do you recieving now?
francis, could you filter out incoming prefixes as shown above?
how many prefixes do you recieving after that?
Could you post `show ip bgp summary` here?
rtr1#sh ip bgp summary
BGP router identifier 211.x.x.x, local AS number 64XXX
BGP table version is 2077000, main routing table version 2077000
279454 network entries using 28224854 bytes of memory
279455 path entries using 13413840 bytes of memory
48309 BGP path attribute entries using 2899080 bytes of memory
43592 BGP AS-PATH entries using 1183398 bytes of memory
6116 BGP route-map cache entries using 122320 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 45843492 total bytes of memory
BGP activity 3275008/2995554 prefixes, 8730699/8451242 paths, scan interval 60 s
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
194.X.X.X 4 2111 12415559 651734 2077000 0 0 6d22h 1
211.X.X.X 4 64xxx 11281803 11045183 2077000 0 0 6d22h 279452
rtr1#sh ip bgp neighbors 194.x.x.x received-r
BGP table version is 2078044, local router ID is 211.x.x.x
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 0.0.0.0 194.x.x.x 250 2111 i
now you receive only a default route on the eBGP session with ISP on R1 but you get the full BGP table from iBGP session.
The suggestion from Eugene is to filter out of R2 on session to R1.
This will reduce the memory usage further on R1.
Now traffic is going through R2.
Hope to help