[c-nsp] BFD and EoMPLS
I have a test network of three Cisco 6500(Sup720s) running SXI5 connected together in a triangle. Each is iBGPed to the others using loopbacks advertised around this testbed using OSPF and Label switching is also turned on. I then have two clients connected one to router A and the second to router B with an EoMPLS pseudowire connecting them (the pseudowire is terminated against the same loopback of the 6500s used for the BGP peerings). If I then get the clients to continuously ping each other and break the link directly connecting routers A and B, there is loss of connectivity for about 6 or 7 seconds before the pseudowire re-routes via router C. If I configure BFD for each link and also attach it to OSPF and repeat the experiment, the time to re-route is still 6-7 seconds. I can reason that this might work or that it shouldn't: does this not work because there is no direct hook between BFD and LDP or should it work because the pseudowire terminating loopbacks are advertised in OSPF, OSPF has been hooked into BFD and ultimately the LFIB is built via the FIB and LIB (or perhaps with this testbed because the size of the network and Penultimate Hop Popping it means that the FIB is used anyway)? Ta, Michael. -- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BFD and EoMPLS
On Wed, 2010-12-22 at 10:08 +, Michael Robson wrote: I then have two clients connected one to router A and the second to router B with an EoMPLS pseudowire connecting them (the pseudowire is terminated against the same loopback of the 6500s used for the BGP peerings). [...] If I configure BFD for each link and also attach it to OSPF and repeat the experiment, the time to re-route is still 6-7 seconds. I can reason that this might work or that it shouldn't: does this not work because there is no direct hook between BFD and LDP Yes. AFAIK Cisco doesn't support BFD for LDP. You can try using FRR to get fast failover for EoMPLS. -- Peter ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BFD and EoMPLS
On 2010-12-22, at 5:08 AM, Michael Robson wrote: snip If I configure BFD for each link and also attach it to OSPF and repeat the experiment, the time to re-route is still 6-7 seconds. I can reason that this might work or that it shouldn't: does this not work because there is no direct hook between BFD and LDP or should it work because the pseudowire terminating loopbacks are advertised in OSPF, OSPF has been hooked into BFD and ultimately the LFIB is built via the FIB and LIB (or perhaps with this testbed because the size of the network and Penultimate Hop Popping it means that the FIB is used anyway)? /snip With regards to LDP, what about enabling mpls ldp session protection if you find that you really need it? (http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/fssespro.html) With regards to the OSPF/BFD integration, I'm not sure if it's the same for ISIS but I recently went through an exercise with BFD/ISIS integration where I was getting less than desirable results on a link failure while BFD tuned way down. Turned out that regardless of how quickly BFD reacted, I still had to tune down the ISIS timers to react more quickly when BFD detected a link failure. Now then, when I was testing this, I was using some pretty scary numbers, but ultimately got this to work in a lab, flawlessly. The result was that I went from 6-7 seconds worth of packet loss to zero seconds of packet loss between CEs when I yanked a link between two P/PE routers. Note that while I was able to achieve these results, I did so without ldp session protection enabled (I just recently read about it, but haven't had a chance to try it) and using L3VPNs, not EoMPLS. Also, this was done between 7301s, not 6500s, so YMMV on both counts: Here's what my end looked like: !R1 ! interface GigabitEthernet0/0 mpls ip bfd interval 50 min_rx 50 multiplier 3 isis bfd ! interface GigabitEthernet0/1 mpls ip bfd interval 50 min_rx 50 multiplier 3 isis bfd ! router isis spf-interval 5 1 50 prc-interval 5 1 50 lsp-gen-interval 5 1 50 ! !R2 ! interface GigabitEthernet0/0 mpls ip bfd interval 50 min_rx 50 multiplier 3 isis bfd ! interface GigabitEthernet0/1 mpls ip bfd interval 50 min_rx 50 multiplier 3 isis bfd ! router isis spf-interval 5 1 50 prc-interval 5 1 50 lsp-gen-interval 5 1 50 ! P.S. While digging through the archives for content, I also found this, which may be of more help to your particular configuration: ! router ospf 1 timers throttle spf 10 100 5000 timers throttle lsa all 10 100 5000 timers lsa arrival 80 ! ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] ACL on VLAN - performance
hi, heres a nice random open question suitable for this time of year whats the maximum entries on an ACL for a VLAN before devices on that VLAN start to get a degredation of performance.. specifically multicast traffic ? ..this'd be on a 6500 with Sup720 3BXL - but no DFCs alan ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] BFD and EoMPLS
1. Tune your IGP to your desired level of convergence (SPF timers, etc). 2. Use BFD with your IGP 3. Use LDP IGP-Sync or LDP Session Protection. -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Michael Robson Sent: Wednesday, December 22, 2010 5:09 AM To: cisco-nsp@puck.nether.net Subject: [c-nsp] BFD and EoMPLS I have a test network of three Cisco 6500(Sup720s) running SXI5 connected together in a triangle. Each is iBGPed to the others using loopbacks advertised around this testbed using OSPF and Label switching is also turned on. I then have two clients connected one to router A and the second to router B with an EoMPLS pseudowire connecting them (the pseudowire is terminated against the same loopback of the 6500s used for the BGP peerings). If I then get the clients to continuously ping each other and break the link directly connecting routers A and B, there is loss of connectivity for about 6 or 7 seconds before the pseudowire re-routes via router C. If I configure BFD for each link and also attach it to OSPF and repeat the experiment, the time to re-route is still 6-7 seconds. I can reason that this might work or that it shouldn't: does this not work because there is no direct hook between BFD and LDP or should it work because the pseudowire terminating loopbacks are advertised in OSPF, OSPF has been hooked into BFD and ultimately the LFIB is built via the FIB and LIB (or perhaps with this testbed because the size of the network and Penultimate Hop Popping it means that the FIB is used anyway)? Ta, Michael. -- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Outbound Load balancing using eBGP
On Wed, Dec 22, 2010 at 16:33, RAZ MUHAMMAD raz.muham...@gmail.com wrote: Unfortunately the vendor does not support multipath or anything similar on their platform. As you asked on a Cisco list, you got a response on what can be done with Cisco equipment - use multipath. You might try asking the vendor if they have any tricks. Otherwise, you should try looking for a user group mailing list for whatever vendor that may be (it would be quite a bit more helpful to identify what equipment you are using). There are Alcatel, Extreme, Foundry, Force10, HP, Huawei and Juniper mailing lists hosted on puck @ http://puck.nether.net/mailman/listinfo/ Possibly they can be of use, being that the users of whatever type of equipment you are using are in the same boat. Good Luck, Andrew Koch ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Outbound Load balancing using eBGP
On 12/22/10 2:33 PM, RAZ MUHAMMAD wrote: I would appreciate if someone can shed some further light on using the default route or full routing table scenario while multi homed. In this case hardware is not an issue, I am trying to assess the operational, differences, or the outcome in terms of traffic patterns. Outbound is easier than inbound. In general, use a route map to set local preference or another attribute based on as-path and apply to each neighbor. Say you're multi-homed to AS100 and AS200. You would do something like: ip as-path access-list 100 deny _200_ ip as-path access-list 100 permit _100$ ip as-path access-list 100 permit _100_[0-9]+$ ip as-path access-list 100 permit _100_[0-9]+_[0-9]+$ ip as-path access-list 200 deny _100_ ip as-path access-list 200 permit _200$ ip as-path access-list 200 permit _200_[0-9]+$ ip as-path access-list 200 permit _200_[0-9]+_[0-9]+$ Then towards your AS100 neighbor apply a route-map to bump local-pref to a value of 110 any inbound announcements matching as-path 100, likewise same on AS200 for as-path 200. All else matches the default local-pref of 100. Other traffic will use the regular BGP metrics to choose a path. This sends your traffic to AS100 targets, its customers, and second level out the link to AS100 and likewise for AS200. If you lose either link, the other will pick up all traffic. After a while you'll get a sense of how well balanced things are and you can tweak the lists to prefer one path or the other for portions of your outbound traffic to other networks. For example, if AS200 is only taking 20% of your outbound traffic and you send quite a bit to AS300, then add a permit to as-path list 200 to prefer sending AS300 traffic out that path. Don't try to dynamically load-balance individual flows between your two neighbors. You'll have horrible issues with packets out of order and things will get very ugly. You'll never get anywhere close to an exact 50-50 balance and it will vary a lot depending on what destinations become popular and unpopular with your customers at what time of day, etc. -- Jay Hennigan - CCIE #7880 - Network Engineering - j...@impulse.net Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Outbound Load balancing using eBGP
In addition to the manual route map method there are also appliances such as internap and F5 link controller that will you to match your bgp metrics more closely to the traffic traversing your AS. I think the internap supports dynamic metric changes based in traffic flow. Sent from my iPhone On Dec 20, 2010, at 4:30 PM, RAZ MUHAMMAD raz.muham...@gmail.com wrote: Hi all, I would like to find out how one can use BGP to load balance outbound traffic, while multi homed to 2 transit providers or ISPs and getting full routing tables, no default routes? The BGP peer at the client end is a non Cisco router, so would not be able to use the multipath feature. The load balancing is intended for all routes in the routing table, or at least to achieve some kind of load distribution. Is there any other way to achieve an optimal outbound load balancing method using eBGP? Regards ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Odd IPv6 Issue
[adding the list] So none of the routes are being installed on RouterA from the BGP table into the RIB? all the routes are marked as RIB failure in the BGP table of RouterA? I remember there being a debug that will show you why a route isn't installed into the routing table from BGP, but I can't remember what it is and I don't have access to a box at the moment to look it up, but I think it's debug ip bgp update or debug ip bgp event but I could be totally wrong. The other things I would think of are the common IPv4 issues, which are sync enabled, next hop (which we covered) and OSPF RID != BGP RID. Have you tried it without route reflectors in the mix? Do you see the same problem? -Pete On Tue, Dec 21, 2010 at 11:52 PM, Jimmy Changa jimmy.changa...@gmail.com wrote: Yes, pingable also ;) Sent from my iPhone On Dec 21, 2010, at 2:25 PM, Pete Lumbis alum...@gmail.com wrote: Random guess, but are the BGP next hops reachable by the RR? On Tue, Dec 21, 2010 at 12:07 PM, Jimmy Changa jimmy.changa...@gmail.com wrote: I have a router (routerA) that is a route-reflector client to two upstream routers (routerb and routerc). The 3 routers have full IPv6 BGP tables, however if I look at routerA's routing table, there are not BGP routes in it. While I can see the route for say, ipv6.google.com, the router says it has not route to the site. Any thoughts on what might be the issue? Jimmy ___ cisco-nsp mailing list cisco-...@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
