Archive for the ‘BGP’ Category

h1

Troubleshooting BGP

February 25, 2010

The new focus is of the R&S exam is troubleshooting. And for some reason this is seen as a new topic to study and as a result feared. It is vital to understand why troubleshooting was added to the lab, and why it will possibly be added to other tracks.  Anybody can apply vanilla configs, provided it is done without error, in the correct order, and by avoiding the question pitfalls.

Troubleshooting was introduced by Cisco to give the CCIE certification that edge it needs to seperate the guys that really understand the technologies and those that just learned to configure labs. Troubleshooting is thus NOT a new section! If you understand know each technology, understand its it building blocks, processes and states, troubleshooting should be nothing ‘new’.

That said once you understand the work, drafting a troubleshooting methodology per technology should be fairly straight forward. I am busy been drafting up a troubleshooting questionaire for each section that I will include in R&S Short-Notes v4.2. (Note ‘{ }’ curl-brackets indicate replaceble values, the rest is regex)

Troubleshooting BGP session start-up problems

1- Are you seeing the expected neighbors in a NON ‘idle’ or ‘active’ state?
#sh ip bgp summary

2- Is a sourced telnet to the neighbor address working?
#telnet {peer-ip} 179 /source {src-int-ip}

3- Confirm if the configuration is correct and matching to neighbors configuration?
#sh run | b router bgp

4- If eBGP, is the neighbor directly connected? (Should be 1 hop in the trace)
 4.1- If not directly connected is multihop configured?
#trace {peer-ip} source {src-int-ip}
#sh run | i {peer-ip}.*ebgp-multihop

Read the rest of this entry ?

Posted in BGP, CCIE R&S | Tagged | 3 Comments »

h1

Output 101 : BGP AFI/SAFI

November 26, 2009

When BGP peers set up their session between them, they send an OPEN message containing optional parameters.

One optional parameter is capabilities. Possible capabilities are Multiprotocol extensions, route refresh, outbound route filtering (ORF), and so on. When the BGP peers exchange the Multiprotocol extension capability, they exchange AFI and SAFI numbers and thus identify what the other BGP speaker is capable of.

IPv6 in BGP is implementated via Multi-Protocol BGP (MPBGP) (RFC 2283), as is MPLS and VPN’s through two new attributes: MP_UNREACH_NLRI and MP_REACH_NLRI. The first two values in these two attributes contain the Address Family Identifier (AFI) and the Subsequent Address Family Identifier (SAFI).

AFI Meaning
1 IPv4
2 IPv6 
.
SAFI Meaning
1 Unicast
2 Multicast
3 Unicast and multicast
4 MPLS Label
128 MPLS-labeled VPN

Read the rest of this entry ?

Posted in BGP, OUTPUT-101 | Tagged , | Leave a Comment »

h1

BGP Convergence and Updates

August 7, 2009

Several BGP timers can be used to tweak the BGP convergence in an IP/MPLS/VPN Network. A good understanding and side by side comparison will allow you to tweak BGP behavior.

BGP Scan Time:
#bgp scan-time {scanner-interval}

  • Configures  import  processing  of  IPV4  unicast  routing  information  from  BGP routes  into  routing  tables.
  • The BGP scanner walks the BGP table and confirms the reachability of next hops.
  • The BGP scanner process is also responsible for conditional advertisement check and performing route dampening.
  • The Max / Default value = 60 sec.  Range = 5-60 sec.
  • Lowering the scan-time, can greatly improve BGP convergence, to almost IGP-like behaviour.

Read the rest of this entry ?

Posted in BGP, OUTPUT-101 | Tagged , | Leave a Comment »

h1

R&S Quick Notes – BGP

May 19, 2009

BGP

  • When using Communities, don’t forget “neighbor send-community”
  • Know your attributes and the direction which applied, when to used what.
  • “aggregate address” needs a more specific prefix in the BGP table for aggregate to be advertised.
  • Synchronization issue has 3 solutions, 1- Load BGP on all transit routers, 2- GRE tunnel, 3- Redistribution BGP>IGP.
  • “no bgp nexthop trigger” – Disables next-hop tracking between scanner intervals.
  • “no bgp fast-ext-fallover” – Force the router to wait for the dead-timer to expire, before generating notification messages , when a connected peer goes down.
  • “neighbor fall-over” – Will check neighbor connenctivity between scanner intervals, aka BGP Fast Peering.
  • Only the Holdtime is sent in update-msg. Two neighbors will use the lowest holdtime and then calculate the keepalive from that.
  • Know your Regular Expressions
  • Know the difference between Peer-Groups and Peer-Templates

Posted in BGP | Tagged , | Leave a Comment »

h1

BGP Conditional Route Advertisement

February 14, 2009

Assume the following scenario:

asn1

BOB’s network 136.1.29.0/24 resides in AS-300.

For what ever reason, AS-300 needs all traffic to Prefix-A (136.1.29.0/24) to come via ASN-200 only, but in the event of link failure between AS-200 and AS-300 traffic are allowed to come in from AS-100. With the normal BGP attributes you can do this really quickly.

Hypothetically,  lets assume for a second that AS-100 has a weight set, preferring the direct link to AS-300 for all prefixes learned from AS-300.  And AS-100 is not cooperating with your request, nor is  interested to make any changes in their AS. How can you influence AS-100’s  decision, to prefer the route learned via AS-200.

There is a nice and not-so-nice to way to do this.

Read the rest of this entry ?

Posted in BGP | Tagged | Leave a Comment »

h1

Clearing BGP Sessions

November 12, 2008

There are a couple ways, some more recommended than others, to reset or clear a BGP session between two neighbors.

The Cisco IOS Software Command Summary lists the following circumstances under which you must reset a BGP connection, for changes to take effect:

  • Additions or changes to BGP-related access lists
  • Changes to BGP-related weights
  • Changes to BGP-related distribution lists
  • Changes to the BGP-related timer’s specifications
  • Changes to the BGP administrative distance
  • Changes to BGP-related route maps

.

Traditional clearing of BGP session (aka Hard Reset)

  • Tears down the BGP session  with all Neighbors, a specific neighbor or peer group.
  • A new session is re-established within 30-60 seconds, depending.
  • Processing of the full Internet table can take a really long time.
  • This is almost NEVER recommended on production networks, due the disruptive behaviour.

router#clear ip bgp {* | neighbor ip | peer-group}

Read the rest of this entry ?

Posted in BGP | Tagged | 1 Comment »

h1

Output-101: BGP-3-NOTIFICATION

September 28, 2008

Error log:

%BGP-3-NOTIFICATION:received from neighbor 196.7.8.9 2/2 (peer in wrong as) 2 bytes 0064

Explanation:

The Obvious is true, a wrong ASN is configured, but there is more detail here. “2 bytes 0064″ : the 0064 is the received ASN in HEX, ie 0×0064 in HEX = 100 decimal.

The local router is expecting Neighbor 196.7.8.9 to come from a specific ASN, not ASN 100. Have a look at the “neighbor {IP} remote-as” command to confirm it is set correctly. If confederations are used, make sure your confederation-id is correct between the two EBGP peers.

Posted in BGP, OUTPUT-101 | Tagged | Leave a Comment »