The load-sharing bug was CSCuv74616: Unlabelled Best External Path must be excluded from FIB load balancing. It was fixed in 2015 in release 5.3.3.
advertise best-external advertises the best-external path for both labeled and unlabeled unicast address families. An option to restrict the advertisement to labeled unicast only, introduced by CSCvv41943 (release 7.3.1): RP/0/0/CPU0:R2(config-bgp-af)#advertise best-external ? disable Do not advertise best-external path labeled-unicast Limit best-external to Labeled-Unicast address family <cr> When the router advertises a labeled route, it programs the label with the outgoing interface. When the router receives a labeled packet, it forwards it to the interface as dictated by the label. Therefore, when the advertising router advertises a best-external route with a label, the label points to the external interface. When it receives a packet, with that label, it forwards the packet directly to the external interface. When the router receives an unlabeled IP packet, it looks up the IP address and so it always sends it to the best path, never to the best-external path. The receiving router is unable to determine from the destination IP address alone that the intent of the sending router might be the best-external path. Kind Regards, Jakob Heitz From: Gert Doering <[email protected]> Date: Wednesday, December 10, 2025 at 11:04 AM To: Jakob Heitz (jheitz) <[email protected]> Cc: [email protected] <[email protected]> Subject: Re: [c-nsp] Best Practices for quickly removing routes when BGP peer drops Kind Regards, Jakob Hi, On Wed, Dec 10, 2025 at 05:49:47PM +0000, Jakob Heitz (jheitz) via cisco-nsp wrote: > advertise best-external without labels causes transient forwarding loops. In BGP those could last 10s of seconds. You could use labels or add-path. > (add-path could cause loops too. C???est la vie) True, using labels is the best choice to avoid this sort of transient loops. The problem with IOS XR is not that "without labels you would see transient loops", the problem is that it's not working correctly *at all* (because XR - at least the versions we discussed with TAC for - installs both "best" and "best external" path as load-sharing entries, and so half your packets are sent the wrong way). gert -- "If was one thing all people took for granted, was conviction that if you feed honest figures into a computer, honest figures come out. Never doubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon is a Harsh Mistress Gert Doering - Munich, Germany [email protected] _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
