Re: Juniper BGP Convergence Time

[Saku Ytti]

Hey Adam,


On 30 May 2018 at 22:49, Adam Kajtar  wrote:

> *Receiving Full Routes*
>
> Convergence time was 180 seconds. The routing table updated and showed the
> correct path in under a minute but the forwarding table took 180 seconds
> for most the routes to update.

How as this verified? Juniper is known to converge on software much
faster than on hardware. You'd need to at least verify:

- show krt queue  => no updates queued
- show system processes extensive |match rpd   => state is 'kqread' not 'RUN'


180seconds seems unlikely for MX80/MX104, may in scenario where box
doesn't have anything else to do, no where to sends routes out to, no
inferior routes to replace with new superior routes etc. Like if you
just have empty box not connected anywhere receiving eBGP from on
peer, maybe. In actual box doing actual work, unlikely.
We see 20-30min convergence times on large boxes at initial
convergency, mostly due to full-mesh being chatty and causing lot of
useless state changes as new data keeps coming in.


-- 
  ++ytti

Re: Juniper BGP Convergence Time

[Adam Kajtar]

“I'm running two Juniper MX104s. Each MX has 1 ISP connected running
BGP(full routes). iBGP is running between the routers via a two port 20G
lag. When one of the ISPs fails, it can take upwards of 2 minutes for
traffic to start flowing correctly. The router has the correct route in the
routing table, but it doesn't install it in the forwarding table for the
full two mins.”



I finished my testing and concluded that I would continue running full
routes without any fanciness. I will detail some tests and what the
outcomes were as well as explain why I decided to keep running full routes.



*Receiving Full Routes*

Convergence time was 180 seconds. The routing table updated and showed the
correct path in under a minute but the forwarding table took 180 seconds
for most the routes to update.



*BGP Multipath*

There was no effect on convergence speed. I think paths between eBGP
neighbors are preferred over iBGP. Therefore, no routes are ever equal in
this case.



*BFD*

The slower to converge ISP refused my request to setup BFD between our
routers. This option is out of the question.



*BGP Timers*

I adjusted the BGP hold timer to 30 seconds and the stale route timer to 5
seconds. This change appeared to have no effect on convergence speed.



*Receiving Full Routes with a Default*

I suspected receiving a default route would fix the issue because the only
route that would need to be updated in the forwarding table for traffic to
flow. I assumed that it would process the lowest binary route first(
0.0.0.0/0) Once the full table was updated traffic would take the optimal
path(This would avoid customer complaints due to latency with VPNs and
Voice traffic). I also suspected exporting the default BGP default route
into OSPF would speed up OSPF convergences avoiding a generated default
route based on neighbor state.



Unfortunately, it appears like the forwarding table of the MX104 converges
abruptly instead of slowly as router processes them. Also, Traffic would
fail as the ISP connection came back up due to BGP exporting the route into
OSPF.



*Receiving Full Routes with forwarding engine commands*

After I completed the above tests, I concluded the forwarding engine would
need to speed up, and some sort of hack was in order. I tested the
following commands.



https://www.juniper.net/documentation/en_US/junos/topics/concept/use-case-for-bgp-pic-for-inet-inet6-lu.html



https://www.juniper.net/documentation/en_US/junos/topics/topic-map/forwarding-indirect-next-hop.html



With these commands enabled equal cost routes installed into the forwarding
table. Failover on equal cost routes was 40 – 50 seconds and 180 seconds on
non-equal-cost routes. This was unacceptable because most of the routes are
preferred out one ISP over the other.



I disabled ECMP and the router began installing all routes into the
forwarding table including the secondary route. The router would dump
sections of the forwarding table and act very flakey.





*Receiving Default Only*

I tested filtering out all routes besides the default route. The speed of
convergence was 30 - 45 seconds depending on which upstream ISP connection
I disconnected. This solution was unacceptable due to the traffic not
taking the optimal path outbound.



I concluded that 180 seconds was an acceptable failover time given that I
exhausted all other resources. I would prefer to have a more reliable
failover mechanism than a faster one. Also, everyday speed and usability
are more important that failover speed(which rarely happens and almost
never during peak hours) in my use case.



Thank you to anyone who gave me suggestions on this issue. It helped me
understand and accept the outcome.












On Sat, May 26, 2018 at 12:15 PM Baldur Norddahl 
wrote:

> Add a static default route on both routers. This will be invalidated as
> soon the interface goes down. Should be faster than relying on the BGP
> process on withdrawing the route. Also does not require any config changes
> at your upstreams.
>
> Regards
> Baldur
>
>
> ons. 16. maj 2018 18.52 skrev Adam Kajtar :
>
> > Erich,
> >
> > Good Idea. I can't believe I didn't think of that earlier. Simple and
> > effective. I will go ahead and request the defaults from my ISP and
> update
> > the thread of the findings.
> >
> > Thanks!
> >
> > On Wed, May 16, 2018 at 10:03 AM Kaiser, Erich 
> > wrote:
> >
> > > A last resort route (default route) could still be good to take from
> your
> > > ISP(s) even if you still do full routes, as the propagation is
> happening
> > on
> > > the internet side, you should at least have a path inbound through the
> > > other provider.  The default route at least would send the traffic out
> if
> > > it does not see the route locally.  Just an idea.
> > >
> > >
> > >
> > > On Wed, May 16, 2018 at 8:22 AM, Adam Kajtar <
> akaj...@wadsworthcity.org>
> > > wrote:
> > >
> > > > I could use static routes but I noticed since I moved to full routes
> I
> > > > have had a lot fewer 

Re: Juniper BGP Convergence Time

[Baldur Norddahl]

Add a static default route on both routers. This will be invalidated as
soon the interface goes down. Should be faster than relying on the BGP
process on withdrawing the route. Also does not require any config changes
at your upstreams.

Regards
Baldur


ons. 16. maj 2018 18.52 skrev Adam Kajtar :

> Erich,
>
> Good Idea. I can't believe I didn't think of that earlier. Simple and
> effective. I will go ahead and request the defaults from my ISP and update
> the thread of the findings.
>
> Thanks!
>
> On Wed, May 16, 2018 at 10:03 AM Kaiser, Erich 
> wrote:
>
> > A last resort route (default route) could still be good to take from your
> > ISP(s) even if you still do full routes, as the propagation is happening
> on
> > the internet side, you should at least have a path inbound through the
> > other provider.  The default route at least would send the traffic out if
> > it does not see the route locally.  Just an idea.
> >
> >
> >
> > On Wed, May 16, 2018 at 8:22 AM, Adam Kajtar 
> > wrote:
> >
> > > I could use static routes but I noticed since I moved to full routes I
> > > have had a lot fewer customer complaints about latency(especially when
> it
> > > comes to Voice and VPN traffic).
> > >
> > > I wasn't using per-packet load balancing. I believe juniper default is
> > per
> > > IP.
> > >
> > > My timers are as follows
> > >  Active Holdtime: 90
> > >  Keepalive Interval: 30
> > >
> > > Would I be correct in thinking I need to contact my ISP to lower these
> > > values?
> > >
> > > An interesting note is when I had both ISPs connected into a single
> MX104
> > > the failover was just a few seconds.
> > >
> > > Thanks again.
> > >
> > >
> > >
> > > On Tue, May 15, 2018 at 8:42 PM Ben Cannon  wrote:
> > >
> > >> Have you checked your timeouts ?
> > >>
> > >> -Ben
> > >>
> > >> > On May 15, 2018, at 4:09 PM, Kaiser, Erich 
> > wrote:
> > >> >
> > >> > Do you need full routes?  What about just a default route from BGP?
> > >> >
> > >> > Erich Kaiser
> > >> > The Fusion Network
> > >> > er...@gotfusion.net
> > >> > Office: 815-570-3101
> > >> >
> > >> >
> > >> >
> > >> >
> > >> >> On Tue, May 15, 2018 at 5:38 PM, Aaron Gould 
> > wrote:
> > >> >>
> > >> >> You sure it doesn't have something to do with 60 seconds * 3 = 180
> > >> secs of
> > >> >> BGP neighbor Time out before it believes neighbor is dead and
> remove
> > >> routes
> > >> >> to that neighbor?
> > >> >>
> > >> >> Aaron
> > >> >>
> > >> >>> On May 15, 2018, at 9:10 AM, Adam Kajtar <
> akaj...@wadsworthcity.org
> > >
> > >> >> wrote:
> > >> >>>
> > >> >>> Hello:
> > >> >>>
> > >> >>> I'm running two Juniper MX104s. Each MX has 1 ISP connected
> running
> > >> >>> BGP(full routes). iBGP is running between the routers via a two
> port
> > >> 20G
> > >> >>> lag. When one of the ISPs fails, it can take upwards of 2 minutes
> > for
> > >> >>> traffic to start flowing correctly. The router has the correct
> route
> > >> in
> > >> >> the
> > >> >>> routing table, but it doesn't install it in the forwarding table
> for
> > >> the
> > >> >>> full two mins.
> > >> >>>
> > >> >>> I have a few questions if anyone could answer them.
> > >> >>>
> > >> >>>  - What would a usual convergence time be for this setup?
> > >> >>>  - Is there anything I could do speed this process up? (I tried
> > >> >> Multipath)
> > >> >>>  - Any tips and tricks would be much appreciated
> > >> >>>
> > >> >>> Thanks in Advance
> > >> >>> --
> > >> >>> Adam Kajtar
> > >> >>> Systems Administrator
> > >> >>> City of Wadsworth
> > >> >>> akaj...@wadsworthcity.org
> > >> >>> -
> > >> >>> http://www.wadsworthcity.com
> > >> >>>
> > >> >>> Facebook * |* Twitter
> > >> >>>  *|* Instagram
> > >> >>>  *|* YouTube
> > >> >>> 
> > >> >>
> > >> >>
> > >>
> > >
> > >
> > > --
> > > Adam Kajtar
> > > Systems Administrator, Safety Services
> > > City of Wadsworth
> > > Office 330.335.2865
> > > Cell 330.485.6510
> > > akaj...@wadsworthcity.org
> > > -
> > > http://www.wadsworthcity.com
> > >
> > > Facebook * |* Twitter
> > >  *|* Instagram
> > >  *|* YouTube
> > > 
> > >
> >
>
>
> --
> Adam Kajtar
> Systems Administrator, Safety Services
> City of Wadsworth
> Office 330.335.2865
> Cell 330.485.6510
> akaj...@wadsworthcity.org
> -
> http://www.wadsworthcity.com
>
> Facebook * |* Twitter
> 

Re: Juniper BGP Convergence Time

[Olivier Benghozi]

Yep, feature naming in JunOS...
In fact I meant «Provider Edge Link Protection», which is only for VPN (and 
Labeled Unicast), and that applies here (eBGP paths are protected using iBGP 
paths).

> Le 24 mai 2018 à 13:39, Vincent Bernat  a écrit :
> 
> ❦ 24 mai 2018 12:36 +0200, Olivier Benghozi  :
> 
>> I wonder if this convergence time issue wouldn't be a typical mission for 
>> «BGP PIC Edge for MPLS Layer 3 VPNs».
>> But it would be necessary to migrate the DFZ to a VPN MPLS (and
>> configure composite nexthop and BGP PIC / «Provider Edge Link
>> Protection»).
> 
> BGP PIC is also available with IP now:
> https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/bgp-configuring-bgp-pic-for-inet.html
> 
> I've asked the question two years ago on j-nsp. Here is the thread:
> https://lists.gt.net/nsp/juniper/57149
> 
> There is a step by step guide about in the middle of the guide. I didn't
> have the right version to test at the time. I didn't try again since
> then.

Re: Juniper BGP Convergence Time

[Vincent Bernat]

 ❦ 24 mai 2018 12:36 +0200, Olivier Benghozi  :

> I wonder if this convergence time issue wouldn't be a typical mission for 
> «BGP PIC Edge for MPLS Layer 3 VPNs».
> But it would be necessary to migrate the DFZ to a VPN MPLS (and
> configure composite nexthop and BGP PIC / «Provider Edge Link
> Protection»).

BGP PIC is also available with IP now:
 
https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/bgp-configuring-bgp-pic-for-inet.html

I've asked the question two years ago on j-nsp. Here is the thread:
 https://lists.gt.net/nsp/juniper/57149

There is a step by step guide about in the middle of the guide. I didn't
have the right version to test at the time. I didn't try again since
then.
-- 
Make sure comments and code agree.
- The Elements of Programming Style (Kernighan & Plauger)

Re: Juniper BGP Convergence Time

[Olivier Benghozi]

I wonder if this convergence time issue wouldn't be a typical mission for «BGP 
PIC Edge for MPLS Layer 3 VPNs».
But it would be necessary to migrate the DFZ to a VPN MPLS (and configure 
composite nexthop and BGP PIC / «Provider Edge Link Protection»).

> Le 24 mai 2018 à 09:20, Vincent Bernat <ber...@luffy.cx> a écrit :
> 
> This feature is already enabled on MX with MPC cards.
> 
> ――― Original Message ―――
> From: Adam Kajtar <akaj...@wadsworthcity.org>
> Sent: 23 mai 2018 23:21 -0400
> Subject: Re: Juniper BGP Convergence Time
> To: Mark Tinka
> Cc: nanog@nanog.org
> 
>> Hello again:
>> 
>> I've tried using the default route, adjusting bgp timers, and mutlipath.
>> Unfortunately, these changes haven't helped much. Juniper support hasn't
>> been very helpful also. Although, I think I might have found the solution.
>> 
>> https://www.juniper.net/documentation/en_US/junos/topics/topic-map/forwarding-indirect-next-hop.html
>> 
>> Let me know what you think.
>> 
>> On Tue, May 22, 2018, 4:03 AM Mark Tinka <mark.ti...@seacom.mu> wrote:
>> 
>>> 
>>> 
>>> On 16/May/18 18:59, Phil Lavin wrote:
>>> 
>>> Ask if they will configure BFD for you. I’ve not found many transit
>>> providers that will, but it’s worth a shot and it will lower failure
>>> detection to circa 1 second.
>>> 
>>> We've tended to shy away from it, but we have 2 customers we've done it
>>> for.

Re: Juniper BGP Convergence Time

[Vincent Bernat]

Hey!

This feature is already enabled on MX with MPC cards.
-- 
Make it right before you make it faster.
- The Elements of Programming Style (Kernighan & Plauger)

 ――― Original Message ―――
 From: Adam Kajtar <akaj...@wadsworthcity.org>
 Sent: 23 mai 2018 23:21 -0400
 Subject: Re: Juniper BGP Convergence Time
 To: Mark Tinka
 Cc: nanog@nanog.org

> Hello again:
>
> I've tried using the default route, adjusting bgp timers, and mutlipath.
> Unfortunately, these changes haven't helped much. Juniper support hasn't
> been very helpful also. Although, I think I might have found the solution.
>
> https://www.juniper.net/documentation/en_US/junos/topics/topic-map/forwarding-indirect-next-hop.html
>
> Let me know what you think.
>
> On Tue, May 22, 2018, 4:03 AM Mark Tinka <mark.ti...@seacom.mu> wrote:
>
>>
>>
>> On 16/May/18 18:59, Phil Lavin wrote:
>>
>> Ask if they will configure BFD for you. I’ve not found many transit
>> providers that will, but it’s worth a shot and it will lower failure
>> detection to circa 1 second.
>>
>> We've tended to shy away from it, but we have 2 customers we've done it
>> for.
>>
>> Mark.
>>

Re: Juniper BGP Convergence Time

[Adam Kajtar]

Hello again:

I've tried using the default route, adjusting bgp timers, and mutlipath.
Unfortunately, these changes haven't helped much. Juniper support hasn't
been very helpful also. Although, I think I might have found the solution.

https://www.juniper.net/documentation/en_US/junos/topics/topic-map/forwarding-indirect-next-hop.html

Let me know what you think.

On Tue, May 22, 2018, 4:03 AM Mark Tinka  wrote:

>
>
> On 16/May/18 18:59, Phil Lavin wrote:
>
> Ask if they will configure BFD for you. I’ve not found many transit providers 
> that will, but it’s worth a shot and it will lower failure detection to circa 
> 1 second.
>
> We've tended to shy away from it, but we have 2 customers we've done it
> for.
>
> Mark.
>

Re: Juniper BGP Convergence Time

[Mark Tinka]

On 16/May/18 18:59, Phil Lavin wrote:

> Ask if they will configure BFD for you. I’ve not found many transit providers 
> that will, but it’s worth a shot and it will lower failure detection to circa 
> 1 second.
We've tended to shy away from it, but we have 2 customers we've done it for.

Mark.

Re: Juniper BGP Convergence Time

[Phil Lavin]

Ask if they will configure BFD for you. I’ve not found many transit providers 
that will, but it’s worth a shot and it will lower failure detection to circa 1 
second.


> On 16 May 2018, at 17:49, Adam Kajtar  wrote:
> 
> I could use static routes but I noticed since I moved to full routes I have
> had a lot fewer customer complaints about latency(especially when it comes
> to Voice and VPN traffic).
> 
> I wasn't using per-packet load balancing. I believe juniper default is per
> IP.
> 
> My timers are as follows
> Active Holdtime: 90
> Keepalive Interval: 30
> 
> Would I be correct in thinking I need to contact my ISP to lower these
> values?
> 
> An interesting note is when I had both ISPs connected into a single MX104
> the failover was just a few seconds.
> 
> Thanks again.
> 
> 
> 
>> On Tue, May 15, 2018 at 8:42 PM Ben Cannon  wrote:
>> 
>> Have you checked your timeouts ?
>> 
>> -Ben
>> 
>>> On May 15, 2018, at 4:09 PM, Kaiser, Erich  wrote:
>>> 
>>> Do you need full routes?  What about just a default route from BGP?
>>> 
>>> Erich Kaiser
>>> The Fusion Network
>>> er...@gotfusion.net
>>> Office: 815-570-3101
>>> 
>>> 
>>> 
>>> 
 On Tue, May 15, 2018 at 5:38 PM, Aaron Gould  wrote:
 
 You sure it doesn't have something to do with 60 seconds * 3 = 180 secs
>> of
 BGP neighbor Time out before it believes neighbor is dead and remove
>> routes
 to that neighbor?
 
 Aaron
 
> On May 15, 2018, at 9:10 AM, Adam Kajtar 
 wrote:
> 
> Hello:
> 
> I'm running two Juniper MX104s. Each MX has 1 ISP connected running
> BGP(full routes). iBGP is running between the routers via a two port
>> 20G
> lag. When one of the ISPs fails, it can take upwards of 2 minutes for
> traffic to start flowing correctly. The router has the correct route in
 the
> routing table, but it doesn't install it in the forwarding table for
>> the
> full two mins.
> 
> I have a few questions if anyone could answer them.
> 
> - What would a usual convergence time be for this setup?
> - Is there anything I could do speed this process up? (I tried
 Multipath)
> - Any tips and tricks would be much appreciated
> 
> Thanks in Advance
> --
> Adam Kajtar
> Systems Administrator
> City of Wadsworth
> akaj...@wadsworthcity.org
> -
> http://www.wadsworthcity.com
> 
> Facebook * |* Twitter
>  *|* Instagram
>  *|* YouTube
> 
 
 
>> 
> 
> 
> -- 
> Adam Kajtar
> Systems Administrator, Safety Services
> City of Wadsworth
> Office 330.335.2865
> Cell 330.485.6510
> akaj...@wadsworthcity.org
> -
> http://www.wadsworthcity.com
> 
> Facebook * |* Twitter
>  *|* Instagram
>  *|* YouTube
> 

Re: Juniper BGP Convergence Time

[Eric Sieg]

You shouldn't need to contact your ISP on the lowered BGP timers as BGP
should establish based on the lowest value.  That said, they may have a
value limit where anything lower than that, is set at your own risk.

You can look at running BFD over the BGP session as well.  Technically it
has nothing to do with convergence, but it can quickly detect a down issue
and drop BGP right away.

On Wed, May 16, 2018 at 9:22 AM, Adam Kajtar 
wrote:

> I could use static routes but I noticed since I moved to full routes I have
> had a lot fewer customer complaints about latency(especially when it comes
> to Voice and VPN traffic).
>
> I wasn't using per-packet load balancing. I believe juniper default is per
> IP.
>
> My timers are as follows
>  Active Holdtime: 90
>  Keepalive Interval: 30
>
> Would I be correct in thinking I need to contact my ISP to lower these
> values?
>
> An interesting note is when I had both ISPs connected into a single MX104
> the failover was just a few seconds.
>
> Thanks again.
>
>
>
> On Tue, May 15, 2018 at 8:42 PM Ben Cannon  wrote:
>
> > Have you checked your timeouts ?
> >
> > -Ben
> >
> > > On May 15, 2018, at 4:09 PM, Kaiser, Erich 
> wrote:
> > >
> > > Do you need full routes?  What about just a default route from BGP?
> > >
> > > Erich Kaiser
> > > The Fusion Network
> > > er...@gotfusion.net
> > > Office: 815-570-3101
> > >
> > >
> > >
> > >
> > >> On Tue, May 15, 2018 at 5:38 PM, Aaron Gould  wrote:
> > >>
> > >> You sure it doesn't have something to do with 60 seconds * 3 = 180
> secs
> > of
> > >> BGP neighbor Time out before it believes neighbor is dead and remove
> > routes
> > >> to that neighbor?
> > >>
> > >> Aaron
> > >>
> > >>> On May 15, 2018, at 9:10 AM, Adam Kajtar 
> > >> wrote:
> > >>>
> > >>> Hello:
> > >>>
> > >>> I'm running two Juniper MX104s. Each MX has 1 ISP connected running
> > >>> BGP(full routes). iBGP is running between the routers via a two port
> > 20G
> > >>> lag. When one of the ISPs fails, it can take upwards of 2 minutes for
> > >>> traffic to start flowing correctly. The router has the correct route
> in
> > >> the
> > >>> routing table, but it doesn't install it in the forwarding table for
> > the
> > >>> full two mins.
> > >>>
> > >>> I have a few questions if anyone could answer them.
> > >>>
> > >>>  - What would a usual convergence time be for this setup?
> > >>>  - Is there anything I could do speed this process up? (I tried
> > >> Multipath)
> > >>>  - Any tips and tricks would be much appreciated
> > >>>
> > >>> Thanks in Advance
> > >>> --
> > >>> Adam Kajtar
> > >>> Systems Administrator
> > >>> City of Wadsworth
> > >>> akaj...@wadsworthcity.org
> > >>> -
> > >>> http://www.wadsworthcity.com
> > >>>
> > >>> Facebook * |* Twitter
> > >>>  *|* Instagram
> > >>>  *|* YouTube
> > >>> 
> > >>
> > >>
> >
>
>
> --
> Adam Kajtar
> Systems Administrator, Safety Services
> City of Wadsworth
> Office 330.335.2865
> Cell 330.485.6510
> akaj...@wadsworthcity.org
> -
> http://www.wadsworthcity.com
>
> Facebook * |* Twitter
>  *|* Instagram
>  *|* YouTube
> 
>

Re: Juniper BGP Convergence Time

[Hugo Slabbert]

On Thu 2018-May-17 10:49:37 -0400, Adam Kajtar  
wrote:


Thomas,

Thanks for the info. This is probably why my multipath configuration wasn't
working as I thought it would. I will give this a test run also.

Mike,

Interesting thought. This would mean rpf-check wouldn't work on my outside
interfaces. Good to know.


Not necessarily that it doesn't work at all, but there are 
platform-specific differences in terms of loose vs. strict, whether the 
default route is considered in RPF evaluation, etc.  From 
https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/interfaces-configuring-unicast-rpf.html#jd0e50



# Unicast RPF Behavior with a Default Route

On all routers except those with MPCs and the MX80 router, unicast RPF 
behaves as follows if you configure a default route that uses an interface 
configured with unicast RPF:


* Loose mode—All packets are automatically accepted. For this reason, we 
recommend that you not configure unicast RPF loose mode on interfaces * 
that the default route uses.
* Strict mode—The packet is accepted when the source address of the 
packet matches any of the routes (either default or learned) that can be 
reachable through the interface. Note that routes can have multiple 
destinations associated with them; therefore, if one of the destinations 
atches the incoming interface of the packet, the packet is accepted.


On all routers with MPCs and the MX80 router, unicast RPF behaves as 
follows if you configure a default route that uses an interface configured 
with unicast RPF:


* Loose mode—All packets except the packets whose source is learned from 
the default route are accepted. All packets whose source is learned from 
the default route are dropped at the Packet Forwarding Engine. The 
default route is treated as if the route does not exist.
* Strict mode—The packet is accepted when the source address of the 
packet matches any of the routes (either default or learned) that can be 
reachable through the interface. Note that routes can have multiple 
destinations associated with them; therefore, if one of the destinations 
matches the incoming interface of the packet, the packet is accepted.


On all routers, the packet is not accepted when either of the following is 
true:


* The source address of the packet does not match a prefix in the routing 
table.
* The interface does not expect to receive a packet with this source 
address prefix.


--
Hugo Slabbert   | email, xmpp/jabber: h...@slabnet.com
pgp key: B178313E   | also on Signal


signature.asc
Description: Digital signature

Re: Juniper BGP Convergence Time

[Adam Kajtar]

Thomas,

Thanks for the info. This is probably why my multipath configuration wasn't
working as I thought it would. I will give this a test run also.

Mike,

Interesting thought. This would mean rpf-check wouldn't work on my outside
interfaces. Good to know.



On Thu, May 17, 2018 at 8:55 AM Mike Hammett <na...@ics-il.net> wrote:

> Just be aware of the impact a default route can have on your
> infrastructure, such as uRPF no longer works as expected as everything has
> a valid route.
>
>
>
> -
> Mike Hammett
> Intelligent Computing Solutions
> http://www.ics-il.com
>
> Midwest-IX
> http://www.midwest-ix.com
>
> --
> *From: *"Adam Kajtar" <akaj...@wadsworthcity.org>
> *To: *er...@gotfusion.net
> *Cc: *nanog@nanog.org
> *Sent: *Wednesday, May 16, 2018 9:32:27 AM
> *Subject: *Re: Juniper BGP Convergence Time
>
> Erich,
>
> Good Idea. I can't believe I didn't think of that earlier. Simple and
> effective. I will go ahead and request the defaults from my ISP and update
> the thread of the findings.
>
> Thanks!
>
> On Wed, May 16, 2018 at 10:03 AM Kaiser, Erich <er...@gotfusion.net>
> wrote:
>
> > A last resort route (default route) could still be good to take from your
> > ISP(s) even if you still do full routes, as the propagation is happening
> on
> > the internet side, you should at least have a path inbound through the
> > other provider.  The default route at least would send the traffic out if
> > it does not see the route locally.  Just an idea.
> >
> >
> >
> > On Wed, May 16, 2018 at 8:22 AM, Adam Kajtar <akaj...@wadsworthcity.org>
> > wrote:
> >
> > > I could use static routes but I noticed since I moved to full routes I
> > > have had a lot fewer customer complaints about latency(especially when
> it
> > > comes to Voice and VPN traffic).
> > >
> > > I wasn't using per-packet load balancing. I believe juniper default is
> > per
> > > IP.
> > >
> > > My timers are as follows
> > >  Active Holdtime: 90
> > >  Keepalive Interval: 30
> > >
> > > Would I be correct in thinking I need to contact my ISP to lower these
> > > values?
> > >
> > > An interesting note is when I had both ISPs connected into a single
> MX104
> > > the failover was just a few seconds.
> > >
> > > Thanks again.
> > >
> > >
> > >
> > > On Tue, May 15, 2018 at 8:42 PM Ben Cannon <b...@6by7.net> wrote:
> > >
> > >> Have you checked your timeouts ?
> > >>
> > >> -Ben
> > >>
> > >> > On May 15, 2018, at 4:09 PM, Kaiser, Erich <er...@gotfusion.net>
> > wrote:
> > >> >
> > >> > Do you need full routes?  What about just a default route from BGP?
> > >> >
> > >> > Erich Kaiser
> > >> > The Fusion Network
> > >> > er...@gotfusion.net
> > >> > Office: 815-570-3101
> > >> >
> > >> >
> > >> >
> > >> >
> > >> >> On Tue, May 15, 2018 at 5:38 PM, Aaron Gould <aar...@gvtc.com>
> > wrote:
> > >> >>
> > >> >> You sure it doesn't have something to do with 60 seconds * 3 = 180
> > >> secs of
> > >> >> BGP neighbor Time out before it believes neighbor is dead and
> remove
> > >> routes
> > >> >> to that neighbor?
> > >> >>
> > >> >> Aaron
> > >> >>
> > >> >>> On May 15, 2018, at 9:10 AM, Adam Kajtar <
> akaj...@wadsworthcity.org
> > >
> > >> >> wrote:
> > >> >>>
> > >> >>> Hello:
> > >> >>>
> > >> >>> I'm running two Juniper MX104s. Each MX has 1 ISP connected
> running
> > >> >>> BGP(full routes). iBGP is running between the routers via a two
> port
> > >> 20G
> > >> >>> lag. When one of the ISPs fails, it can take upwards of 2 minutes
> > for
> > >> >>> traffic to start flowing correctly. The router has the correct
> route
> > >> in
> > >> >> the
> > >> >>> routing table, but it doesn't install it in the forwarding table
> for
> > >> the
> > >> >>> full two mins.
> > >> >>>
> > >> >>> I have a few questions if anyone could answer them

Re: Juniper BGP Convergence Time

[Mike Hammett]

Just be aware of the impact a default route can have on your infrastructure, 
such as uRPF no longer works as expected as everything has a valid route. 




- 
Mike Hammett 
Intelligent Computing Solutions 
http://www.ics-il.com 

Midwest-IX 
http://www.midwest-ix.com 

- Original Message -

From: "Adam Kajtar" <akaj...@wadsworthcity.org> 
To: er...@gotfusion.net 
Cc: nanog@nanog.org 
Sent: Wednesday, May 16, 2018 9:32:27 AM 
Subject: Re: Juniper BGP Convergence Time 

Erich, 

Good Idea. I can't believe I didn't think of that earlier. Simple and 
effective. I will go ahead and request the defaults from my ISP and update 
the thread of the findings. 

Thanks! 

On Wed, May 16, 2018 at 10:03 AM Kaiser, Erich <er...@gotfusion.net> wrote: 

> A last resort route (default route) could still be good to take from your 
> ISP(s) even if you still do full routes, as the propagation is happening on 
> the internet side, you should at least have a path inbound through the 
> other provider. The default route at least would send the traffic out if 
> it does not see the route locally. Just an idea. 
> 
> 
> 
> On Wed, May 16, 2018 at 8:22 AM, Adam Kajtar <akaj...@wadsworthcity.org> 
> wrote: 
> 
> > I could use static routes but I noticed since I moved to full routes I 
> > have had a lot fewer customer complaints about latency(especially when it 
> > comes to Voice and VPN traffic). 
> > 
> > I wasn't using per-packet load balancing. I believe juniper default is 
> per 
> > IP. 
> > 
> > My timers are as follows 
> > Active Holdtime: 90 
> > Keepalive Interval: 30 
> > 
> > Would I be correct in thinking I need to contact my ISP to lower these 
> > values? 
> > 
> > An interesting note is when I had both ISPs connected into a single MX104 
> > the failover was just a few seconds. 
> > 
> > Thanks again. 
> > 
> > 
> > 
> > On Tue, May 15, 2018 at 8:42 PM Ben Cannon <b...@6by7.net> wrote: 
> > 
> >> Have you checked your timeouts ? 
> >> 
> >> -Ben 
> >> 
> >> > On May 15, 2018, at 4:09 PM, Kaiser, Erich <er...@gotfusion.net> 
> wrote: 
> >> > 
> >> > Do you need full routes? What about just a default route from BGP? 
> >> > 
> >> > Erich Kaiser 
> >> > The Fusion Network 
> >> > er...@gotfusion.net 
> >> > Office: 815-570-3101 
> >> > 
> >> > 
> >> > 
> >> > 
> >> >> On Tue, May 15, 2018 at 5:38 PM, Aaron Gould <aar...@gvtc.com> 
> wrote: 
> >> >> 
> >> >> You sure it doesn't have something to do with 60 seconds * 3 = 180 
> >> secs of 
> >> >> BGP neighbor Time out before it believes neighbor is dead and remove 
> >> routes 
> >> >> to that neighbor? 
> >> >> 
> >> >> Aaron 
> >> >> 
> >> >>> On May 15, 2018, at 9:10 AM, Adam Kajtar <akaj...@wadsworthcity.org 
> > 
> >> >> wrote: 
> >> >>> 
> >> >>> Hello: 
> >> >>> 
> >> >>> I'm running two Juniper MX104s. Each MX has 1 ISP connected running 
> >> >>> BGP(full routes). iBGP is running between the routers via a two port 
> >> 20G 
> >> >>> lag. When one of the ISPs fails, it can take upwards of 2 minutes 
> for 
> >> >>> traffic to start flowing correctly. The router has the correct route 
> >> in 
> >> >> the 
> >> >>> routing table, but it doesn't install it in the forwarding table for 
> >> the 
> >> >>> full two mins. 
> >> >>> 
> >> >>> I have a few questions if anyone could answer them. 
> >> >>> 
> >> >>> - What would a usual convergence time be for this setup? 
> >> >>> - Is there anything I could do speed this process up? (I tried 
> >> >> Multipath) 
> >> >>> - Any tips and tricks would be much appreciated 
> >> >>> 
> >> >>> Thanks in Advance 
> >> >>> -- 
> >> >>> Adam Kajtar 
> >> >>> Systems Administrator 
> >> >>> City of Wadsworth 
> >> >>> akaj...@wadsworthcity.org 
> >> >>> - 
> >> >>> http://www.wadsworthcity.com 
> >> >>> 
> >> >>> Facebook <http://www.facebook.com/cityofwadsworth>

Re: Juniper BGP Convergence Time

[Aaron Gould]

While we are on ECMP topic...

In L3VPN, when I've learned say, 3 different routes all using different MPLS 
tags to the 3 remote PE's, is there a way to ECMP hash across all of the paths 
to load balance?

Aaron

> On May 16, 2018, at 6:32 PM, Thomas Bellman  wrote:
> 
>> On 2018-05-16 15:22, Adam Kajtar wrote:
>> 
>> I wasn't using per-packet load balancing. I believe juniper default is per
>> IP.
> 
> The Juniper default is to not do ECMP at all.  Only a single route is
> programmed into the FIB for each prefix in your RIB.  If you e.g. have
> routes to 198.51.100.0/24 pointing to ten different ports, all traffic
> to that entire /24 will go out over a single port, unless you have
> explicitly enabled ECMP.
> 
> To enable ECMP, you need this:
> 
>policy-options {
>policy-statement ecmp {
>then {
>load-balance per-packet;
>}
>}
>}
>routing-options {
>forwarding-table {
>export ecmp;
>}
>}
> 
> in your configuration.  Note also that "per-packet" is a mis-nomer; it
> is really "per flow", based on a hash of the L3/L4 headers.
> 
> 'show route forwarding-table destination 198.51.100.0/24' shows if you
> actually have multiple routes in your FIB.
> 
> 
>/Bellman
> 

Re: Juniper BGP Convergence Time

[Thomas Bellman]

On 2018-05-16 15:22, Adam Kajtar wrote:

> I wasn't using per-packet load balancing. I believe juniper default is per
> IP.

The Juniper default is to not do ECMP at all.  Only a single route is
programmed into the FIB for each prefix in your RIB.  If you e.g. have
routes to 198.51.100.0/24 pointing to ten different ports, all traffic
to that entire /24 will go out over a single port, unless you have
explicitly enabled ECMP.

To enable ECMP, you need this:

policy-options {
policy-statement ecmp {
then {
load-balance per-packet;
}
}
}
routing-options {
forwarding-table {
export ecmp;
}
}

in your configuration.  Note also that "per-packet" is a mis-nomer; it
is really "per flow", based on a hash of the L3/L4 headers.

'show route forwarding-table destination 198.51.100.0/24' shows if you
actually have multiple routes in your FIB.


/Bellman



signature.asc
Description: OpenPGP digital signature

Re: Juniper BGP Convergence Time

[Adam Kajtar]

I did exactly that when I called. One is looking into the other hasn't
called yet. I will let you know what they say.

On Wed, May 16, 2018 at 12:59 PM Phil Lavin 
wrote:

> Ask if they will configure BFD for you. I’ve not found many transit
> providers that will, but it’s worth a shot and it will lower failure
> detection to circa 1 second.
>
>
> > On 16 May 2018, at 17:49, Adam Kajtar  wrote:
> >
> > I could use static routes but I noticed since I moved to full routes I
> have
> > had a lot fewer customer complaints about latency(especially when it
> comes
> > to Voice and VPN traffic).
> >
> > I wasn't using per-packet load balancing. I believe juniper default is
> per
> > IP.
> >
> > My timers are as follows
> > Active Holdtime: 90
> > Keepalive Interval: 30
> >
> > Would I be correct in thinking I need to contact my ISP to lower these
> > values?
> >
> > An interesting note is when I had both ISPs connected into a single MX104
> > the failover was just a few seconds.
> >
> > Thanks again.
> >
> >
> >
> >> On Tue, May 15, 2018 at 8:42 PM Ben Cannon  wrote:
> >>
> >> Have you checked your timeouts ?
> >>
> >> -Ben
> >>
> >>> On May 15, 2018, at 4:09 PM, Kaiser, Erich 
> wrote:
> >>>
> >>> Do you need full routes?  What about just a default route from BGP?
> >>>
> >>> Erich Kaiser
> >>> The Fusion Network
> >>> er...@gotfusion.net
> >>> Office: 815-570-3101
> >>>
> >>>
> >>>
> >>>
>  On Tue, May 15, 2018 at 5:38 PM, Aaron Gould  wrote:
> 
>  You sure it doesn't have something to do with 60 seconds * 3 = 180
> secs
> >> of
>  BGP neighbor Time out before it believes neighbor is dead and remove
> >> routes
>  to that neighbor?
> 
>  Aaron
> 
> > On May 15, 2018, at 9:10 AM, Adam Kajtar 
>  wrote:
> >
> > Hello:
> >
> > I'm running two Juniper MX104s. Each MX has 1 ISP connected running
> > BGP(full routes). iBGP is running between the routers via a two port
> >> 20G
> > lag. When one of the ISPs fails, it can take upwards of 2 minutes for
> > traffic to start flowing correctly. The router has the correct route
> in
>  the
> > routing table, but it doesn't install it in the forwarding table for
> >> the
> > full two mins.
> >
> > I have a few questions if anyone could answer them.
> >
> > - What would a usual convergence time be for this setup?
> > - Is there anything I could do speed this process up? (I tried
>  Multipath)
> > - Any tips and tricks would be much appreciated
> >
> > Thanks in Advance
> > --
> > Adam Kajtar
> > Systems Administrator
> > City of Wadsworth
> > akaj...@wadsworthcity.org
> > -
> > http://www.wadsworthcity.com
> >
> > Facebook * |* Twitter
> >  *|* Instagram
> >  *|* YouTube
> > 
> 
> 
> >>
> >
> >
> > --
> > Adam Kajtar
> > Systems Administrator, Safety Services
> > City of Wadsworth
> > Office 330.335.2865
> > Cell 330.485.6510
> > akaj...@wadsworthcity.org
> > -
> > http://www.wadsworthcity.com
> >
> > Facebook * |* Twitter
> >  *|* Instagram
> >  *|* YouTube
> > 
>


-- 
Adam Kajtar
Systems Administrator, Safety Services
City of Wadsworth
Office 330.335.2865
Cell 330.485.6510
akaj...@wadsworthcity.org
-
http://www.wadsworthcity.com

Facebook * |* Twitter
 *|* Instagram
 *|* YouTube

Re: Juniper BGP Convergence Time

[Adam Kajtar]

Erich,

Good Idea. I can't believe I didn't think of that earlier. Simple and
effective. I will go ahead and request the defaults from my ISP and update
the thread of the findings.

Thanks!

On Wed, May 16, 2018 at 10:03 AM Kaiser, Erich  wrote:

> A last resort route (default route) could still be good to take from your
> ISP(s) even if you still do full routes, as the propagation is happening on
> the internet side, you should at least have a path inbound through the
> other provider.  The default route at least would send the traffic out if
> it does not see the route locally.  Just an idea.
>
>
>
> On Wed, May 16, 2018 at 8:22 AM, Adam Kajtar 
> wrote:
>
> > I could use static routes but I noticed since I moved to full routes I
> > have had a lot fewer customer complaints about latency(especially when it
> > comes to Voice and VPN traffic).
> >
> > I wasn't using per-packet load balancing. I believe juniper default is
> per
> > IP.
> >
> > My timers are as follows
> >  Active Holdtime: 90
> >  Keepalive Interval: 30
> >
> > Would I be correct in thinking I need to contact my ISP to lower these
> > values?
> >
> > An interesting note is when I had both ISPs connected into a single MX104
> > the failover was just a few seconds.
> >
> > Thanks again.
> >
> >
> >
> > On Tue, May 15, 2018 at 8:42 PM Ben Cannon  wrote:
> >
> >> Have you checked your timeouts ?
> >>
> >> -Ben
> >>
> >> > On May 15, 2018, at 4:09 PM, Kaiser, Erich 
> wrote:
> >> >
> >> > Do you need full routes?  What about just a default route from BGP?
> >> >
> >> > Erich Kaiser
> >> > The Fusion Network
> >> > er...@gotfusion.net
> >> > Office: 815-570-3101
> >> >
> >> >
> >> >
> >> >
> >> >> On Tue, May 15, 2018 at 5:38 PM, Aaron Gould 
> wrote:
> >> >>
> >> >> You sure it doesn't have something to do with 60 seconds * 3 = 180
> >> secs of
> >> >> BGP neighbor Time out before it believes neighbor is dead and remove
> >> routes
> >> >> to that neighbor?
> >> >>
> >> >> Aaron
> >> >>
> >> >>> On May 15, 2018, at 9:10 AM, Adam Kajtar  >
> >> >> wrote:
> >> >>>
> >> >>> Hello:
> >> >>>
> >> >>> I'm running two Juniper MX104s. Each MX has 1 ISP connected running
> >> >>> BGP(full routes). iBGP is running between the routers via a two port
> >> 20G
> >> >>> lag. When one of the ISPs fails, it can take upwards of 2 minutes
> for
> >> >>> traffic to start flowing correctly. The router has the correct route
> >> in
> >> >> the
> >> >>> routing table, but it doesn't install it in the forwarding table for
> >> the
> >> >>> full two mins.
> >> >>>
> >> >>> I have a few questions if anyone could answer them.
> >> >>>
> >> >>>  - What would a usual convergence time be for this setup?
> >> >>>  - Is there anything I could do speed this process up? (I tried
> >> >> Multipath)
> >> >>>  - Any tips and tricks would be much appreciated
> >> >>>
> >> >>> Thanks in Advance
> >> >>> --
> >> >>> Adam Kajtar
> >> >>> Systems Administrator
> >> >>> City of Wadsworth
> >> >>> akaj...@wadsworthcity.org
> >> >>> -
> >> >>> http://www.wadsworthcity.com
> >> >>>
> >> >>> Facebook * |* Twitter
> >> >>>  *|* Instagram
> >> >>>  *|* YouTube
> >> >>> 
> >> >>
> >> >>
> >>
> >
> >
> > --
> > Adam Kajtar
> > Systems Administrator, Safety Services
> > City of Wadsworth
> > Office 330.335.2865
> > Cell 330.485.6510
> > akaj...@wadsworthcity.org
> > -
> > http://www.wadsworthcity.com
> >
> > Facebook * |* Twitter
> >  *|* Instagram
> >  *|* YouTube
> > 
> >
>


-- 
Adam Kajtar
Systems Administrator, Safety Services
City of Wadsworth
Office 330.335.2865
Cell 330.485.6510
akaj...@wadsworthcity.org
-
http://www.wadsworthcity.com

Facebook * |* Twitter
 *|* Instagram
 *|* YouTube

Re: Juniper BGP Convergence Time

[Adam Kajtar]

I could use static routes but I noticed since I moved to full routes I have
had a lot fewer customer complaints about latency(especially when it comes
to Voice and VPN traffic).

I wasn't using per-packet load balancing. I believe juniper default is per
IP.

My timers are as follows
 Active Holdtime: 90
 Keepalive Interval: 30

Would I be correct in thinking I need to contact my ISP to lower these
values?

An interesting note is when I had both ISPs connected into a single MX104
the failover was just a few seconds.

Thanks again.



On Tue, May 15, 2018 at 8:42 PM Ben Cannon  wrote:

> Have you checked your timeouts ?
>
> -Ben
>
> > On May 15, 2018, at 4:09 PM, Kaiser, Erich  wrote:
> >
> > Do you need full routes?  What about just a default route from BGP?
> >
> > Erich Kaiser
> > The Fusion Network
> > er...@gotfusion.net
> > Office: 815-570-3101
> >
> >
> >
> >
> >> On Tue, May 15, 2018 at 5:38 PM, Aaron Gould  wrote:
> >>
> >> You sure it doesn't have something to do with 60 seconds * 3 = 180 secs
> of
> >> BGP neighbor Time out before it believes neighbor is dead and remove
> routes
> >> to that neighbor?
> >>
> >> Aaron
> >>
> >>> On May 15, 2018, at 9:10 AM, Adam Kajtar 
> >> wrote:
> >>>
> >>> Hello:
> >>>
> >>> I'm running two Juniper MX104s. Each MX has 1 ISP connected running
> >>> BGP(full routes). iBGP is running between the routers via a two port
> 20G
> >>> lag. When one of the ISPs fails, it can take upwards of 2 minutes for
> >>> traffic to start flowing correctly. The router has the correct route in
> >> the
> >>> routing table, but it doesn't install it in the forwarding table for
> the
> >>> full two mins.
> >>>
> >>> I have a few questions if anyone could answer them.
> >>>
> >>>  - What would a usual convergence time be for this setup?
> >>>  - Is there anything I could do speed this process up? (I tried
> >> Multipath)
> >>>  - Any tips and tricks would be much appreciated
> >>>
> >>> Thanks in Advance
> >>> --
> >>> Adam Kajtar
> >>> Systems Administrator
> >>> City of Wadsworth
> >>> akaj...@wadsworthcity.org
> >>> -
> >>> http://www.wadsworthcity.com
> >>>
> >>> Facebook * |* Twitter
> >>>  *|* Instagram
> >>>  *|* YouTube
> >>> 
> >>
> >>
>


-- 
Adam Kajtar
Systems Administrator, Safety Services
City of Wadsworth
Office 330.335.2865
Cell 330.485.6510
akaj...@wadsworthcity.org
-
http://www.wadsworthcity.com

Facebook * |* Twitter
 *|* Instagram
 *|* YouTube

Re: Juniper BGP Convergence Time

[Kaiser, Erich]

A last resort route (default route) could still be good to take from your
ISP(s) even if you still do full routes, as the propagation is happening on
the internet side, you should at least have a path inbound through the
other provider.  The default route at least would send the traffic out if
it does not see the route locally.  Just an idea.



On Wed, May 16, 2018 at 8:22 AM, Adam Kajtar 
wrote:

> I could use static routes but I noticed since I moved to full routes I
> have had a lot fewer customer complaints about latency(especially when it
> comes to Voice and VPN traffic).
>
> I wasn't using per-packet load balancing. I believe juniper default is per
> IP.
>
> My timers are as follows
>  Active Holdtime: 90
>  Keepalive Interval: 30
>
> Would I be correct in thinking I need to contact my ISP to lower these
> values?
>
> An interesting note is when I had both ISPs connected into a single MX104
> the failover was just a few seconds.
>
> Thanks again.
>
>
>
> On Tue, May 15, 2018 at 8:42 PM Ben Cannon  wrote:
>
>> Have you checked your timeouts ?
>>
>> -Ben
>>
>> > On May 15, 2018, at 4:09 PM, Kaiser, Erich  wrote:
>> >
>> > Do you need full routes?  What about just a default route from BGP?
>> >
>> > Erich Kaiser
>> > The Fusion Network
>> > er...@gotfusion.net
>> > Office: 815-570-3101
>> >
>> >
>> >
>> >
>> >> On Tue, May 15, 2018 at 5:38 PM, Aaron Gould  wrote:
>> >>
>> >> You sure it doesn't have something to do with 60 seconds * 3 = 180
>> secs of
>> >> BGP neighbor Time out before it believes neighbor is dead and remove
>> routes
>> >> to that neighbor?
>> >>
>> >> Aaron
>> >>
>> >>> On May 15, 2018, at 9:10 AM, Adam Kajtar 
>> >> wrote:
>> >>>
>> >>> Hello:
>> >>>
>> >>> I'm running two Juniper MX104s. Each MX has 1 ISP connected running
>> >>> BGP(full routes). iBGP is running between the routers via a two port
>> 20G
>> >>> lag. When one of the ISPs fails, it can take upwards of 2 minutes for
>> >>> traffic to start flowing correctly. The router has the correct route
>> in
>> >> the
>> >>> routing table, but it doesn't install it in the forwarding table for
>> the
>> >>> full two mins.
>> >>>
>> >>> I have a few questions if anyone could answer them.
>> >>>
>> >>>  - What would a usual convergence time be for this setup?
>> >>>  - Is there anything I could do speed this process up? (I tried
>> >> Multipath)
>> >>>  - Any tips and tricks would be much appreciated
>> >>>
>> >>> Thanks in Advance
>> >>> --
>> >>> Adam Kajtar
>> >>> Systems Administrator
>> >>> City of Wadsworth
>> >>> akaj...@wadsworthcity.org
>> >>> -
>> >>> http://www.wadsworthcity.com
>> >>>
>> >>> Facebook * |* Twitter
>> >>>  *|* Instagram
>> >>>  *|* YouTube
>> >>> 
>> >>
>> >>
>>
>
>
> --
> Adam Kajtar
> Systems Administrator, Safety Services
> City of Wadsworth
> Office 330.335.2865
> Cell 330.485.6510
> akaj...@wadsworthcity.org
> -
> http://www.wadsworthcity.com
>
> Facebook * |* Twitter
>  *|* Instagram
>  *|* YouTube
> 
>

Re: Juniper BGP Convergence Time

[Ben Cannon]

Have you checked your timeouts ?

-Ben

> On May 15, 2018, at 4:09 PM, Kaiser, Erich  wrote:
> 
> Do you need full routes?  What about just a default route from BGP?
> 
> Erich Kaiser
> The Fusion Network
> er...@gotfusion.net
> Office: 815-570-3101
> 
> 
> 
> 
>> On Tue, May 15, 2018 at 5:38 PM, Aaron Gould  wrote:
>> 
>> You sure it doesn't have something to do with 60 seconds * 3 = 180 secs of
>> BGP neighbor Time out before it believes neighbor is dead and remove routes
>> to that neighbor?
>> 
>> Aaron
>> 
>>> On May 15, 2018, at 9:10 AM, Adam Kajtar 
>> wrote:
>>> 
>>> Hello:
>>> 
>>> I'm running two Juniper MX104s. Each MX has 1 ISP connected running
>>> BGP(full routes). iBGP is running between the routers via a two port 20G
>>> lag. When one of the ISPs fails, it can take upwards of 2 minutes for
>>> traffic to start flowing correctly. The router has the correct route in
>> the
>>> routing table, but it doesn't install it in the forwarding table for the
>>> full two mins.
>>> 
>>> I have a few questions if anyone could answer them.
>>> 
>>>  - What would a usual convergence time be for this setup?
>>>  - Is there anything I could do speed this process up? (I tried
>> Multipath)
>>>  - Any tips and tricks would be much appreciated
>>> 
>>> Thanks in Advance
>>> --
>>> Adam Kajtar
>>> Systems Administrator
>>> City of Wadsworth
>>> akaj...@wadsworthcity.org
>>> -
>>> http://www.wadsworthcity.com
>>> 
>>> Facebook * |* Twitter
>>>  *|* Instagram
>>>  *|* YouTube
>>> 
>> 
>> 

Re: Juniper BGP Convergence Time

[Kaiser, Erich]

 Do you need full routes?  What about just a default route from BGP?

Erich Kaiser
The Fusion Network
er...@gotfusion.net
Office: 815-570-3101




On Tue, May 15, 2018 at 5:38 PM, Aaron Gould  wrote:

> You sure it doesn't have something to do with 60 seconds * 3 = 180 secs of
> BGP neighbor Time out before it believes neighbor is dead and remove routes
> to that neighbor?
>
> Aaron
>
> > On May 15, 2018, at 9:10 AM, Adam Kajtar 
> wrote:
> >
> > Hello:
> >
> > I'm running two Juniper MX104s. Each MX has 1 ISP connected running
> > BGP(full routes). iBGP is running between the routers via a two port 20G
> > lag. When one of the ISPs fails, it can take upwards of 2 minutes for
> > traffic to start flowing correctly. The router has the correct route in
> the
> > routing table, but it doesn't install it in the forwarding table for the
> > full two mins.
> >
> > I have a few questions if anyone could answer them.
> >
> >   - What would a usual convergence time be for this setup?
> >   - Is there anything I could do speed this process up? (I tried
> Multipath)
> >   - Any tips and tricks would be much appreciated
> >
> > Thanks in Advance
> > --
> > Adam Kajtar
> > Systems Administrator
> > City of Wadsworth
> > akaj...@wadsworthcity.org
> > -
> > http://www.wadsworthcity.com
> >
> > Facebook * |* Twitter
> >  *|* Instagram
> >  *|* YouTube
> > 
>
>

Re: Juniper BGP Convergence Time

[Aaron Gould]

You sure it doesn't have something to do with 60 seconds * 3 = 180 secs of BGP 
neighbor Time out before it believes neighbor is dead and remove routes to that 
neighbor?

Aaron

> On May 15, 2018, at 9:10 AM, Adam Kajtar  wrote:
> 
> Hello:
> 
> I'm running two Juniper MX104s. Each MX has 1 ISP connected running
> BGP(full routes). iBGP is running between the routers via a two port 20G
> lag. When one of the ISPs fails, it can take upwards of 2 minutes for
> traffic to start flowing correctly. The router has the correct route in the
> routing table, but it doesn't install it in the forwarding table for the
> full two mins.
> 
> I have a few questions if anyone could answer them.
> 
>   - What would a usual convergence time be for this setup?
>   - Is there anything I could do speed this process up? (I tried Multipath)
>   - Any tips and tricks would be much appreciated
> 
> Thanks in Advance
> -- 
> Adam Kajtar
> Systems Administrator
> City of Wadsworth
> akaj...@wadsworthcity.org
> -
> http://www.wadsworthcity.com
> 
> Facebook * |* Twitter
>  *|* Instagram
>  *|* YouTube
> 

Re: Juniper BGP Convergence Time

[Ruairi Carroll]

On 15 May 2018 at 07:10, Adam Kajtar  wrote:

> Hello:
>
> I'm running two Juniper MX104s. Each MX has 1 ISP connected running
> BGP(full routes). iBGP is running between the routers via a two port 20G
> lag. When one of the ISPs fails, it can take upwards of 2 minutes for
> traffic to start flowing correctly. The router has the correct route in the
> routing table, but it doesn't install it in the forwarding table for the
> full two mins.
>
> I have a few questions if anyone could answer them.
>
>- What would a usual convergence time be for this setup?
>


With MX104, between 50 seconds and many minutes. The RE is not really
dimensioned for full tables, unfortunately.

   - Is there anything I could do speed this process up? (I tried Multipath)
>

Covering floating static route.



>- Any tips and tricks would be much appreciated
>
> Thanks in Advance
> --
> Adam Kajtar
> Systems Administrator
> City of Wadsworth
> akaj...@wadsworthcity.org
> -
> http://www.wadsworthcity.com
>
> Facebook * |* Twitter
>  *|* Instagram
>  *|* YouTube
> 
>

Re: Juniper BGP Convergence Time

[lobna gouda]

That's true.  But are you using per-packet load balance policy in your 
configuration?




From: NANOG <nanog-boun...@nanog.org> on behalf of Josh Baird 
<joshba...@gmail.com>
Sent: Tuesday, May 15, 2018 5:56 PM
To: Adam Kajtar
Cc: nanog@nanog.org
Subject: Re: Juniper BGP Convergence Time

The MX104 has a notoriously slow PPC-based RE unfortunately.

Josh

On Tue, May 15, 2018 at 10:10 AM, Adam Kajtar <akaj...@wadsworthcity.org>
wrote:

> Hello:
>
> I'm running two Juniper MX104s. Each MX has 1 ISP connected running
> BGP(full routes). iBGP is running between the routers via a two port 20G
> lag. When one of the ISPs fails, it can take upwards of 2 minutes for
> traffic to start flowing correctly. The router has the correct route in the
> routing table, but it doesn't install it in the forwarding table for the
> full two mins.
>
> I have a few questions if anyone could answer them.
>
>- What would a usual convergence time be for this setup?
>- Is there anything I could do speed this process up? (I tried
> Multipath)
>- Any tips and tricks would be much appreciated
>
> Thanks in Advance
> --
> Adam Kajtar
> Systems Administrator
> City of Wadsworth
> akaj...@wadsworthcity.org
> -
> http://www.wadsworthcity.com
Wadsworth, OH | Official Website<http://www.wadsworthcity.com/>
www.wadsworthcity.com
Starting in February, the City of Wadsworth will be replacing water lines on 
both the north and south sides of Broad Street, between North Lyman and Summit 
Street.


>
> Facebook <http://www.facebook.com/cityofwadsworth>* |* Twitter
> <https://twitter.com/CityOfWadsworth> *|* Instagram
> <https://www.instagram.com/cityofwadsworth/> *|* YouTube
> <https://www.youtube.com/channel/UCymlH-AZgvxTaHtgp3-AmDQ>
>

Re: Juniper BGP Convergence Time

[Josh Baird]

The MX104 has a notoriously slow PPC-based RE unfortunately.

Josh

On Tue, May 15, 2018 at 10:10 AM, Adam Kajtar 
wrote:

> Hello:
>
> I'm running two Juniper MX104s. Each MX has 1 ISP connected running
> BGP(full routes). iBGP is running between the routers via a two port 20G
> lag. When one of the ISPs fails, it can take upwards of 2 minutes for
> traffic to start flowing correctly. The router has the correct route in the
> routing table, but it doesn't install it in the forwarding table for the
> full two mins.
>
> I have a few questions if anyone could answer them.
>
>- What would a usual convergence time be for this setup?
>- Is there anything I could do speed this process up? (I tried
> Multipath)
>- Any tips and tricks would be much appreciated
>
> Thanks in Advance
> --
> Adam Kajtar
> Systems Administrator
> City of Wadsworth
> akaj...@wadsworthcity.org
> -
> http://www.wadsworthcity.com
>
> Facebook * |* Twitter
>  *|* Instagram
>  *|* YouTube
> 
>

Juniper BGP Convergence Time

[Adam Kajtar]

Hello:

I'm running two Juniper MX104s. Each MX has 1 ISP connected running
BGP(full routes). iBGP is running between the routers via a two port 20G
lag. When one of the ISPs fails, it can take upwards of 2 minutes for
traffic to start flowing correctly. The router has the correct route in the
routing table, but it doesn't install it in the forwarding table for the
full two mins.

I have a few questions if anyone could answer them.

   - What would a usual convergence time be for this setup?
   - Is there anything I could do speed this process up? (I tried Multipath)
   - Any tips and tricks would be much appreciated

Thanks in Advance
-- 
Adam Kajtar
Systems Administrator
City of Wadsworth
akaj...@wadsworthcity.org
-
http://www.wadsworthcity.com

Facebook * |* Twitter
 *|* Instagram
 *|* YouTube