[AusNOG] Best practices on speeding up BGP convergence times
Alex Samad
alex at samad.com.au
Tue Feb 27 12:25:17 EST 2018
Hi
Add in my experience.
I have multiple upstreams, I advertise to all upstreams at the same time, I
am not sure why you wouldn't do that. Maybe to control the reverse path.
I preference by stuffing AS - seems to work well for us.
But I ran into issue with convergence.
1) time it would take for the router to realise the interface was down -
like the reference below - WAN links are not direct connected to the
router. - Yeah BFD
2) Time it would take to reprocess route table after removing a path
So what I have done is
try to implement BFD with BGP where I can, not very many ISP have it as an
option .. that i found interesting.
reduce the keep alive timer for BGP ... So the doco says don't make it too
low, because it might start to flap ...
What I also did was reduce what routes I accept, so I still take a full
table, but only inject around 10K prefixes into my main routing table -
this i found help with convergence (out bound).
I actually have a script that generates my bgp filter rules based on
networks wanted
A
On 27 February 2018 at 09:37, David Hughes <david at hughes.com.au> wrote:
>
> On 26 Feb 2018, at 9:52 pm, Geoff Huston <gih at apnic.net> wrote:
>
>
> a) detecting link down quickly
>
> You can adjust your BGP session keepalive timers to smaller values and
> make the session more sensitive to outages as a result. I also thought that
> these days you can get the interface status to directly map to the session
> state, but its been a while since I’ve done this in anger and frankly I
> have NFC how to do that, even if I used to know! Maybe you are already
> doing that anyway.
>
>
>
> This is the scenario I was talking about (references below). You can
> easily have link on a northbound interface even if the peer isn’t there
> (you hit a layer-2 agg switch on the way for example). If the peer fails
> but you still have link on the interface you’ll be blindly forwarding
> packets to it, even though it’s not there anymore, until the BGP timers
> expire. That was the point of the lightning talk I gave way-back -then.
> Default timers aren’t helpful in this situation.
>
> Fast forward to this decade and you have routing protocols that are
> “BFD-aware” so you have sub-second link failure detection. That allows the
> control plane to pull down the peer session and remove paths to that peer
> from the FIB. You can only run BFD if your upstream is as well so you know
> they will dump the prefixes from that peer session as quickly as you will.
> It makes failing over to a secondary link within the same upstream provider
> pretty seamless.
>
>
> Ref :
> http://archive.apnic.net/meetings/21/docs/sigs/routing/
> routing-pres-hughes-bgp.pdf
> http://lists.ausnog.net/pipermail/ausnog/2015-January/029486.html
>
>
> David
> ...
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20180227/39ec1293/attachment.html>
More information about the AusNOG
mailing list