BGP Multi-homing Design and Troubleshooting. Manigandan Ganesan

Similar documents
BGP Multihoming ISP/IXP Workshops

BGP Multihoming. ISP/IXP Workshops

BGP and the Internet. Why Multihome? Why Multihome? Why Multihome? Why Multihome? Why Multihome? Redundancy. Reliability

Module 6 Implementing BGP

Troubleshooting High CPU Caused by the BGP Scanner or BGP Router Process

Simple Multihoming. ISP Workshops. Last updated 25 September 2013

BGP Multihoming Techniques

BGP Multihoming Techniques

BGP Multihoming Techniques

MPLS VPN Multipath Support for Inter-AS VPNs

Simple Multihoming. ISP Workshops. Last updated 9 th December 2015

BGP Multihoming Techniques

BGP Dynamic Neighbors

scope scope {global vrf vrf-name} no scope {global vrf vrf-name} Syntax Description

BGP Multihoming Techniques

Troubleshooting BGP. Session ID-BRKRST-3320

MPLS VPN Explicit Null Label Support with BGP. BGP IPv4 Label Session

Connecting to a Service Provider Using External BGP

BGP Multihoming Techniques Philip Smith NANOG October 2005 Los Angeles

Introduction. Keith Barker, CCIE #6783. YouTube - Keith6783.

BGP Multihoming Techniques

BGP and the Internet. Enterprise Multihoming. Enterprise Multihoming. Medium/Large ISP Multihoming. Enterprise Multihoming. Enterprise Multihoming

Q&As. CCIP Configuring BGP on Cisco Routers (BGP) Pass Cisco Exam with 100% Guarantee

Implementing Cisco IP Routing (ROUTE)

Configuring IPv6 Provider Edge over MPLS (6PE)

Chapter 6 Lab 6-3, Configuring IBGP and EBGP Sessions, Local Preference, and MED

Service Provider Multihoming

Troubleshooting BGP Philip Smith AfNOG 2003, Kampala, Uganda

BGP Tutorial Part 3 Multihoming

Rev External BGP

BGP Multihoming Techniques. Philip Smith SANOG 10/APNIC 24 29th August - 7th September 2007 New Delhi, India

Multihoming with BGP and NAT

Connecting to a Service Provider Using External BGP

APNIC elearning: BGP Basics. 30 September :00 PM AEST Brisbane (UTC+10) Revision: 2.0

Routing Between Autonomous Systems (Example: BGP4) RFC 1771

Networkers 2001, Australia

BGP Multihoming Techniques. Philip Smith APRICOT February 2009 Manila, Philippines

Implementing BGP on Cisco ASR 9000 Series Router

Service Provider Multihoming

Advanced Multihoming. BGP Traffic Engineering

Service Provider Multihoming

BGP for Internet Service Providers

BGP Part-1.

Configuring a Basic BGP Network

Introduction to BGP. ISP Workshops. Last updated 30 October 2013

Configuring Advanced BGP

Configuring BGP on Cisco Routers Volume 1

Multiprotocol BGP Extensions for IP Multicast Commands

Simple Multihoming. ISP Workshops

Multihoming Case Study

Contents. Introduction. Prerequisites. Requirements. Components Used

Multihoming Complex Cases & Caveats

BGP101. Howard C. Berkowitz. (703)

This appendix contains supplementary Border Gateway Protocol (BGP) information and covers the following topics:

Introduction to BGP. ISP/IXP Workshops

BGP AS-Override Split-Horizon

BGP Nonstop Routing was made a default feature.

Service Provider Multihoming

MPLS VPN C H A P T E R S U P P L E M E N T. BGP Advertising IPv4 Prefixes with a Label

Why Do BGP Neighbors Toggle Between Idle, Connect, and Active States?

BGP Table Version. Contents. Introduction. Network Diagram. Best Path

MPLS VPN Carrier Supporting Carrier IPv4 BGP Label Distribution

Module 8 Multihoming Strategies Lab

Internetwork Expert s CCNP Bootcamp. Border Gateway Protocol (BGP) What Is BGP?

BGP Cost Community. Prerequisites for the BGP Cost Community Feature

BGP and the Internet

BGP-4 Border Gateway Protocol 4 (BGP-4) Primer

Lecture 07c Routing Border Gateway Protocol

IPv6 Commands: n to re

BGP on IOS: Getting Started

Contents. Configuring MSDP 1

Examination. ANSWERS IP routning på Internet och andra sammansatta nät, DD2491 IP routing in the Internet and other complex networks, DD2491

Module 13 Multihoming to Different ISPs

LACNIC XIII. Using BGP for Traffic Engineering in an ISP

CertifyMe. CertifyMe

BGP Support for Next-Hop Address Tracking

Contents. BGP commands 1

Implementing BGP on Cisco ASR 9000 Series Routers

MPLS VPN Route Target Rewrite

Configuring MSDP. Overview. How MSDP operates. MSDP peers

Operation Manual BGP. Table of Contents

IPv6 Switching: Provider Edge Router over MPLS

cisco. Number: Passing Score: 800 Time Limit: 120 min.

RealCiscoLAB.com. Chapter 2 Lab 2-2, EIGRP Load Balancing. Topology. Objectives. Background. CCNPv6 ROUTE

BGP Commands: M through N

Implementing Cisco IP Routing

address-family ipv4 vrf vrf-name - Selects a per-vrf instance of a routing protocol.

MPLS VPN Carrier Supporting Carrier IPv4 BGP Label Distribution

BGP Commands. Network Protocols Command Reference, Part 1 P1R-355

Configuring BGP community 43 Configuring a BGP route reflector 44 Configuring a BGP confederation 44 Configuring BGP GR 45 Enabling Guard route

Configuration and Management of Networks 2012

Cisco Exam Troubleshooting and Maintaining Cisco IP Networks (TSHOOT) Version: 6.0 [ Total Questions: 79 ]

Chapter 7 Lab 7-1, Configuring BGP with Default Routing

MPLS VPN Carrier Supporting Carrier Using LDP and an IGP

Module 16 An Internet Exchange Point

Internet Interconnection Structure

BGP Commands. Network Protocols Command Reference, Part 1 P1R-355

Multihoming Techniques. bdnog8 May 4 8, 2018 Jashore, Bangladesh.

Real4Test. Real IT Certification Exam Study materials/braindumps

Ravi Chandra cisco Systems Cisco Systems Confidential

Transcription:

BGP Multi-homing Design and Troubleshooting Manigandan Ganesan

Thank You for Joining Us Today The Live Ask the Expert Event Will Begin at 10:00 am Pacific Time 2

Thank You for Joining Us Today Before We Begin To submit a question just type your question below the slides and click submit. To see the questions with answers please click on the Refresh Q&A button below the slide window and use F11 to remove toolbars and enable a full screen view. If you can hear the music, your Flash player has been installed correctly If you cannot hear the music now, please download the latest version of Flash available in the Help section and reload the webcast console If you still cannot hear the music, please contact support@ciscolivevirtual.com 3

Thank You for Joining Us Today Today s presentation will include audience polling questions We encourage you to participate! 4

Thank You for Joining Us Today Downloading the Presentation If you would like a copy of the presentation slides, click the Download Presentation button below the slide window 5

Cisco Support Community - Ask the Expert Today s featured expert is Manigandan Ganesan Ask him questions now about BGP Multi-homing Manigandan Ganesan Routing Protocols Engineer, Cisco Presentation_ID Presentation_ID 2010 Cisco Systems, Inc. All 2010 rights Cisco reserved. and/or its affiliates. All rights Cisco reserved. Confidential Cisco Confidential 6

Please Note To submit a question just type your question below the slides and click submit. To see the questions with answers please click on the Refresh Q&A button below the slide window and use F11 to remove toolbars and enable a full screen view. This event is fully streamed; the audio is heard via your Flash media player You can download today s presentation by clicking on the Download Presentation button below this slide window To take part in the polls, please disable your pop-up blockers during the event so you may see and answer the questions 7

BGP Multi-homing Design and Troubleshooting Manigandan Ganesan

Cisco Support Community - Ask the Expert Today s featured expert is Manigandan Ganesan Ask him questions now about BGP Multi-homing Manigandan Ganesan Routing Protocols Engineer, Cisco Presentation_ID Presentation_ID 2010 Cisco Systems, Inc. All 2010 rights Cisco reserved. and/or its affiliates. All rights Cisco reserved. Confidential Cisco Confidential 9

Thank You for Joining Us Today Today s presentation will include audience polling questions We encourage you to participate! 10

Thank You for Joining Us Today Downloading the Presentation If you would like a copy of the presentation slides, click the Download Presentation button below the slide window 11

Polling Question 1 What type of internet connectivity set-up does your network currently have? Simple static default route to a single ISP gateway Two static default routes with ip sla fail-over BGP to a single ISP BGP to two ISPs Other 12

POLLING 1 RESULTS 13

Submit Your Questions Now Use the Submit Text box Below the Slide Window. View Answers by Clicking on the Refresh Button 14

Agenda Multi-homing - Overview Various Options in Multi-homing Configuration of various multi-homing setups Troubleshooting typical BGP issues 15

Why Multi-home? Redundancy One connection to internet means the network is dependent on: - Local router (configuration, software, hardware) - WAN media (physical failure, carrier failure) - Upstream Service Provider (configuration, software, hardware) 16

Why Multi-home? Reliability - Business critical applications demand continuous availability - Lack of redundancy implies lack of reliability implies loss of revenue 17

Multi-homing: Definitions & Options More than one link external to the local network Usually two external facing routers ( one router gives link and provider redundancy only ) 18

Multihoming A Deeper look at the Options Will look at two cases: 1. Multihoming to the same ISP 2. Multihoming to different ISPs Will keep the examples easy - Understanding easy concepts will make the more complex scenarios easier to comprehend - All assume that the site multihoming has a /19 address block 19

CASE 1 - Two links to the same ISP In this case, we can run BGP with the same provider in two modes : 1. Fail-over mode One link primary, the other link backup only 2. Load-sharing mode Two circuits active at the same time 20

1.a ) Two links to the same ISP Failover mode Applies when end-site has bought a large primary WAN link to their upstream a small secondary WAN link as the backup For example, primary path might be an E1, backup might be 64kbps 21

1.a ) Two links to the same ISP Failover mode (contd) 22

1.a ) Two links to the same ISP Failover mode (contd) Announce /19 aggregate on each link primary link: Outbound announce /19 unaltered Inbound receive default route backup link: Outbound announce /19 with increased metric Inbound received default, and reduce local preference When one link fails, the announcement of the /19 aggregate via the other link ensures continued connectivity 23

1.a ) Two links to the same ISP Failover mode (contd) Router A Configuration router bgp 65534 network 121.10.0.0 mask 255.255.224.0 neighbor 122.102.10.2 remote-as 100 neighbor 122.102.10.2 description RouterC neighbor 122.102.10.2 prefix-list aggregate out neighbor 122.102.10.2 prefix-list default in! ip prefix-list aggregate permit 121.10.0.0/19 ip prefix-list default permit 0.0.0.0/0! 24

1.a ) Two links to the same ISP Failover mode(contd) Router B Configuration router bgp 65534 network 121.10.0.0 mask 255.255.224.0 neighbor 122.102.10.6 remote-as 100 neighbor 122.102.10.6 description RouterD neighbor 122.102.10.6 prefix-list aggregate out neighbor 122.102.10.6 route-map routerd-out out neighbor 122.102.10.6 prefix-list default in neighbor 122.102.10.6 route-map routerd-in in! ip prefix-list aggregate permit 121.10.0.0/19 ip prefix-list default permit 0.0.0.0/0! route-map routerd-out permit 10 match ip address prefix-list aggregate set metric 10 route-map routerd-out permit 20! route-map routerd-in permit 10 set local-preference 90 25

1.b ) Two links to the same ISP Load Balancing mode More common case End sites tend not to buy circuits and leave them idle, only used for backup as in previous Example This example assumes equal capacity circuits - Unequal capacity circuits requires more refinement 26

1.b ) Two links to the same ISP Load sharing mode (contd) 27

1.b ) Two links to the same ISP Load sharing mode (contd) Announce /19 aggregate on each link Split /19 and announce as two /20s, one on each link - basic inbound loadsharing - assumes equal circuit capacity and even spread of traffic across address block Vary the split until perfect loadsharing achieved Accept the default from upstream - basic outbound loadsharing by nearest exit - okay in first approx as most ISP and end-site traffic is inbound 28

1.b ) Two links to the same ISP Load sharing mode(contd) Router A Configuration router bgp 65534 network 121.10.0.0 mask 255.255.224.0 network 121.10.0.0 mask 255.255.240.0 neighbor 122.102.10.2 remote-as 100 neighbor 122.102.10.2 prefix-list routerc out neighbor 122.102.10.2 prefix-list default in! ip prefix-list default permit 0.0.0.0/0 ip prefix-list routerc permit 121.10.0.0/20 ip prefix-list routerc permit 121.10.0.0/19! ip route 121.10.0.0 255.255.240.0 null0 ip route 121.10.0.0 255.255.224.0 null0 Router B configuration is similar but with the other /20 29

CASE 2 - Two links to different ISPs In this case, we run BGP with the different provider in two modes : 1. Fail-over mode One link primary, the other link backup only 2. Load-sharing mode Two circuits active at the same time 30

2.a ) Two links to Different ISP Fail-over mode Announce /19 aggregate on each link - primary link makes standard announcement - backup link lengthens the AS PATH by using AS PATH prepend When one link fails, the announcement of the /19 aggregate via the other link ensures continued connectivity 31

2.a ) Two links to Different ISP Fail-over mode Router A Configuration router bgp 130 network 121.10.0.0 mask 255.255.224.0 neighbor 122.102.10.1 remote-as 100 neighbor 122.102.10.1 prefix-list aggregate out neighbor 122.102.10.1 prefix-list default in! ip prefix-list aggregate permit 121.10.0.0/19 ip prefix-list default permit 0.0.0.0/0 32

2.a ) Two links to Different ISP Fail-over mode Router B Configuration router bgp 130 network 121.10.0.0 mask 255.255.224.0 neighbor 120.1.5.1 remote-as 120 neighbor 120.1.5.1 prefix-list aggregate out neighbor 120.1.5.1 route-map routerd-out out neighbor 120.1.5.1 prefix-list default in neighbor 120.1.5.1 route-map routerd-in in! ip prefix-list aggregate permit 121.10.0.0/19 ip prefix-list default permit 0.0.0.0/0! route-map routerd-out permit 10 set as-path prepend 130 130 130! route-map routerd-in permit 10 set local-preference 80 33

2.b ) Two links to Different ISP Load-sharing mode Announce /19 aggregate on each link Split /19 and announce as two /20s, one on each link - basic inbound loadsharing When one link fails, the announcement of the /19 aggregate via the other ISP ensures continued connectivity 34

2.b ) Two links to Different ISP Load-sharing mode Router A Configuration router bgp 130 network 121.10.0.0 mask 255.255.224.0 network 121.10.0.0 mask 255.255.240.0 neighbor 122.102.10.1 remote-as 100 neighbor 122.102.10.1 prefix-list firstblock out neighbor 122.102.10.1 prefix-list default in! ip prefix-list default permit 0.0.0.0/0! ip prefix-list firstblock permit 121.10.0.0/20 ip prefix-list firstblock permit 121.10.0.0/19 35

2.b ) Two links to Different ISP Load-sharing mode Router B Configuration router bgp 130 network 121.10.0.0 mask 255.255.224.0 network 121.10.16.0 mask 255.255.240.0 neighbor 120.1.5.1 remote-as 120 neighbor 120.1.5.1 prefix-list secondblock out neighbor 120.1.5.1 prefix-list default in! ip prefix-list default permit 0.0.0.0/0! ip prefix-list secondblock permit 121.10.16.0/20 ip prefix-list secondblock permit 121.10.0.0/19 36

Polling Question 2 What is the most common problem that you face in BGP? BGP session flapping Asymmetric routing Route-advertisement issue High CPU due to BGP Other problems 37

POLLING 2 RESULT 38

TROUBLESHOOTING COMMON BGP PROBLEMS 39

No Peering Ping: Fails BGP Speakers Won t Peer This can be difficult to troubleshoot if you can only see one side of the connection Start with the simple things: check for common mistakes - Is it supposed to be configured for ebgp multihop? - Are the AS numbers right? Next, try pinging the peering address - If the ping fails, there s likely a connectivity problem + 40

BGP Speakers Won t Peer Try some alternate ping options Is the local peering address the actual peering interface? If not, use extended ping to source from the loopback or actual peering address If this fails, there is an underlying routing problem The other router may not know how to reach your peering interface + Router>enable Router#ping Protocol [ip]: Target IP address: 192.168.40.1 Repeat count [5]: Datagram size [100]: Timeout in seconds [2]: Extended commands [n]: y Source address or interface: 172.16.23.2 41

BGP Speakers Won t Peer Try extended ping to sweep a range of possible MTUs - Note the MTU at which the ping starts to fail - Make certain the interface is configured for that MTU size If these all fail - None of the pings work no matter how you try... - It s likely a transport problem Router>enable Router#ping Protocol [ip]: Target IP address: 192.168.40.1 Repeat count [5]: Datagram size [100]: Timeout in seconds [2]: Extended commands [n]: y... Sweep range of sizes [n]: y Sweep min size [36]: 100 Sweep max size [18024]: 2500 Sweep interval [1]: 100... + 42

BGP Speakers Won t Peer + Remember that BGP runs on top of IP, and can be affected by: - Rate limiting - Traffic shaping - Tunneling problems - IP reachability problems (the underlying routing isn t working) - ACL / FW blocking port 179 - TCP problems 43

BGP Speakers Won t Peer Useful Peer Troubleshooting Commands show tcp brief all show tcp statistics TCB Local Address Foreign Address (state) 64316F14 1.1.1.1.12345 2.2.2.2.179 ESTAB 6431BA8C *.179 2.2.2.2.* LISTEN Rcvd: 7005 Total, 10 no port 0 checksum error, 0 bad offset, 0 too short... 0 out-of-order packets (0 bytes)... 4186 ack packets (73521 bytes)... Sent: 9150 Total, 0 urgent packets 4810 control packets (including 127 retransmitted) 2172 data packets (71504 bytes)... 44

BGP Speakers Won t Peer Useful Peer Troubleshooting Commands debug ip tcp transactions This can be very chatty, so be careful with this debug! R1#sh log i TCP0: TCP0: state was ESTAB -> FINWAIT1 [12345 -> 2.2.2.2(179)] TCP0: sending FIN TCP0: state was FINWAIT1 -> FINWAIT2 [12345 -> 2.2.2.2(179)] TCP0: FIN processed TCP0: state was FINWAIT2 -> TIMEWAIT [12345 -> 2.2.2.2(179)] TCP0: Connection to 2.2.2.2:179, advertising MSS 1460 TCP0: state was CLOSED -> SYNSENT [12346 -> 2.2.2.2(179)] TCP0: state was SYNSENT -> ESTAB [12346 -> 2.2.2.2(179)] TCP0: tcb 6430DCDC connection to 2.2.2.2:179, received MSS 1460, MSS is 1460 45

BGP Speakers Won t Peer + If the connectivity is good, the next step is to check BGP itself debug ip bgp Use with caution Configure so the output goes to the log, rather than the console logging buffered <size> no logging console It s easier to find the problem points this way router#show log i NOTIFICATION 46

BGP Speakers Won t Peer + show ip bgp neighbor 1.1.1.1 include last reset This should give you the resets for a peer The same information as is shown through debug ip bgp bgp log-neighbor changes Provides much of the same information as debug ip bgp, as well 47

1.1.1.1 10.1.1.1 10.1.1.2 2.2.2.2 BGP Speakers Won t Peer Source/Destination Address Matching Both sides must agree on source and destination addresses + neighbor 2.2.2.2 remote-as 100 neighbor 2.2.2.2 update-source loopback 0 BGP will tear down the TCP session due to the conflict R1 R2 debug ip bgp on R1 shows BGP: 2.2.2.2 passive open to 10.1.1.1 BGP: 2.2.2.2 passive open failed - 10.1.1.1 is not update-source Loopback0's address (1.1.1.1) neighbor 10.1.1.1 remote-as 100 neighbor 10.1.1.1 update-source loopback 0 48

BGP Speakers Won t Peer + Bad Messages What to look for? %BGP-3-NOTIFICATION: sent to neighbor 2.2.2.2 2/2 (peer in wrong AS) 2 bytes 00C8 FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFF 002D 0104 00C8 00B4 0202 0202 1002 0601 0400 0100 0102 0280 0002 0202 00 49

BGP Speakers Won t Peer Bad Messages contd.. + unknown subcode incompatible BGP version peer in wrong AS BGP identifier wrong unsupported optional parameter authentication failure unacceptable hold time unsupported/disjoint capability The peer open notification subcode isn t known The version of BGP the peer is running isn t compatible with the local version of BGP The AS this peer is locally configured for doesn t match the AS the peer is advertising The BGP router ID is the same as the local BGP router ID There is an option in the packet which the local BGP speaker doesn t recognize The MD5 hash on the received packet does not match the correct MD5 hash The remote BGP peer has requested a BGP hold time which is not allowed (too low) The peer has asked for support for a feature which the local router does not support 50

High Processor Utilization + Why? This could be for several reasons - High route churn is the most likely router# show process cpu CPU utilization for five seconds: 100%/0%; one minute: 99%; five minutes: 81%... 139 6795740 1020252 6660 88.34% 91.63% 74.01% 0 BGP Router 51

High Processor Utilization Check how busy the peers are - the Table Version + We have 150k routes and see the table version increase by 150k every minute something is wrong We have 150k routes and see the table version increase by 300 every minute sounds like normal network churn The InQ - Flood of incoming updates or build up of unprocessed updates The OutQ - Flood of outgoing updates or build up of untransmitted updates router# show ip bgp summary Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down /PfxRcd 10.1.1.1 4 64512 309453 157389 19981 0 253 22:06:44 111633 172.16.1.1 4 65101 188934 1047 40081 41 0 00:07:51 58430 52

High Processor Utilization + If the Table Version is Changing Quickly Are we in initial convergence with this peer? Is the peer flapping for some reason? Examine the table entries from this peer: why are they changing? If there is a group of routes which are constantly changing, consider route flap dampening If the InQ is high You should see the table version changing quickly If it s not, the peer isn t acting correctly Consider shutting it down until the peer can be fixed If the OutQ is high Lots of updates being generated Check table versions of other peers Check for underlying transport problems 53

High Processor Utilization Check on the BGP Scanner - Walks the table looking for changed next hops - Checks conditional advertisement - Imports from and exports to VPNv4 VRFs router# show processes include BGP Scanner 172 Lsi 407A1BFC 29144 29130 1000 8384/9000 0 BGP Scanner 54

High Processor Utilization To relieve pressure on the BGP Scanner Upgrade to newer code - Most of the work of the BGP Scanner has been moved to an event driven model - This has reduced the impact of BGP Scanner significantly Reduce route and view count Reduce or eliminate other processes which walk the RIB - SNMP routing table walks, for instance Deploy BGP Next Hop Tracking (NHT) 55

Polling Question 3 Which Routing topics would you like to see in a future Webcast? More on BGP MPLS VPN IOS NAT on Routers EIGRP/ OSPF Other 56

POLLING 3 RESULT 57

Submit Your Questions Now Use the Submit Text Box Below the Slide Window. View Answers by Clicking on the Refresh Button 58

Q&A 59

We Appreciate Your Feedback! The first 10 listeners who fill out an Evaluation will receive a free: $20 USD Amazon Gift Certificate To complete the evaluation, please click on Evaluation button under the slides. 60

Some Useful BGP Links BGP Case studies: http://www.cisco.com/en/us/tech/tk365/technologies_tech_note09186a00800c95bb.shtml BGP Command Reference: http://www.cisco.com/en/us/docs/ios/iproute_bgp/command/reference/irg_book.html BGP Configuration Guide: http://www.cisco.com/en/us/docs/ios/iproute_bgp/configuration/guide/12_4/irg_12_4_boo k.html Bug Tool-Kit: http://www.cisco.com/pcgi-bin/support/bugtool/home.pl 61

Post Questions on Our Forum Here: https://supportforums.cisco.com/community/netpro/networkinfrastructure/routing

Thank You for Your Time Please Take a Moment to Complete the Evaluation

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback