IP Routing: BGP Configuration Guide, Cisco IOS XE Gibraltar 16.10.x
Bias-Free Language
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
BGP Support for Nonstop Routing (NSR) with Stateful Switchover (SSO) Using L2VPN VPLS
The BGP Support for Nonstop Routing (NSR) with Stateful Switchover (SSO) feature enables using L2VPN VPLS provider edge (PE)
routers to maintain Border Gateway Protocol (BGP) state with customer edge (CE) routers and ensure continuous packet forwarding
during a Route Processor (RP) switchover or during a planned In-Service Software Upgrade (ISSU) for a PE router. CE routers
do not need to be Nonstop Forwarding (NSF)-capable or NSF-aware to benefit from BGP NSR capabilities on PE routers. Only PE
routers need to be upgraded to support BGP NSR--no CE router upgrades are required. BGP NSR with SSO, thus, enables service
providers to provide the benefits NSF with the additional benefits of NSR without requiring CE routers to be upgraded to support
BGP graceful restart.
Prerequisites for BGP Support
for NSR with SSO
Your network must
be configured to run BGP.
Multiprotocol
Layer Switching (MPLS) Layer 3 VPNs must be configured.
You must be
familiar with NSF and SSO concepts and tasks.
Information About BGP Support for Nonstop Routing (NSR) with Stateful Switchover (SSO)
Overview of BGP NSR with
SSO
Prior to the
introduction of BGP NSR with SSO in Cisco IOS Release 12.2(28)SB, BGP required
that all neighboring devices participating in BGP NSF be configured to be
either NSF-capable or NSF-aware (by configuring the devices to support the BGP
graceful restart mechanism). BGP NSF, thus, required that all neighboring
devices be upgraded to a version of Cisco IOS software that supports BGP
graceful restart. However, in many MPLS VPN deployments, there are situations
where PE routers engage in exterior BGP (eBGP) peering sessions with CE routers
that do not support BGP graceful restart and cannot be upgraded to a software
version that supports BGP graceful restart in the same time frame as the
provider (P) routers.
BGP NSR with SSO
provides a high availability (HA) solution to service providers whose PE
routers engage in eBGP peering relationships with CE routers that do not
support BGP graceful restart. BGP NSR works with SSO to synchronize BGP state
information between the active and standby RP. SSO minimizes the amount of time
a network is unavailable to its users following a switchover. When the BGP NSR
with SSO feature is configured, in the event of an RP switchover, the PE router
uses BGP NSR with SSO to maintain BGP state for eBGP peering sessions with CEs
that are not NSF-aware (see the figure below). Additionally, the BGP NSR with
SSO feature dynamically detects NSF-aware peers and runs graceful restart with
those CE routers. For eBGP peering sessions with NSF-aware peers and for
internal BGP (iBGP) sessions with BGP Route Reflectors (RRs) in the service
provider core, the PE uses NSF to maintain BGP state. BGP NSR with SSO, thus,
enables service providers to provide the benefits of NSF with the additional
benefits of NSR without requiring CE routers to be upgraded to support BGP
graceful restart.
BGP NSR with SSO is
supported in BGP peer, BGP peer group, and BGP session template configurations.
To configure support for BGP NSR with SSO in BGP peer and BGP peer group
configurations, use the
neighborha-modesso command in address family configuration mode
for IPv4 VRF address family BGP peer sessions. To include support for Cisco BGP
NSR with SSO in a peer session template, use the
ha-modesso command in
session-template configuration mode.
Benefits of BGP NSR with
SSO
Minimizes
services disruptions--Border Gateway Protocol (BGP) Nonstop Routing (NSR) with
Stateful Switchover (SSO) reduces impact on customer traffic during route
processor (RP) switchovers (scheduled or unscheduled events), extending high
availability (HA) deployments and benefits at the edge.
Enhances
high-availability Nonstop Forwarding (NSF) and SSO deployment at the edge--BGP
NSR with SSO allows incremental deployment by upgrading the provider edge
device with the NSR capability so that customer-facing edge devices are
synchronized automatically and no coordination or NSF awareness is needed with
the customer side Cisco or third-party customer edge devices. The BGP NSR
feature dynamically detects NSF-aware peers and runs graceful restart with
those CE devices.
Provides
transparent route convergence--BGP NSR with SSO eliminates route flaps by
keeping BGP state on both active and standby RPs and ensures continuous packet
forwarding with minimal packet loss during RP failovers.
How to Configure BGP Support for Nonstop Routing (NSR) with Stateful Switchover (SSO)
Configuring a PE Device to
Support BGP NSR with SSO
Perform this task to
enable a provider edge (PE) device to maintain BGP state with customer edge
(CE) devices and ensure continuous packet forwarding during a route processor
(RP) switchover or during a planned ISSU. Border Gateway Protocol (BGP) Nonstop
Routing (NSR) with Stateful Switchover (SSO) enables service providers to
provide the benefits Nonstop Forwarding (NSF) with the additional benefits of
NSR without requiring CE devices to be upgraded to support BGP graceful
restart.
BGP NSR with SSO is
supported in BGP peer, BGP peer group, and BGP session template configurations.
Perform one of the following tasks in this section on a PE device, depending on
whether you want to configure support for BGP NSR with SSO in a peer, a peer
group, or a session template configuration:
Prerequisites
These tasks
assume that you are familiar with BGP peer, BGP peer group, and BGP session
template concepts. For more information, see the “Configuring a Basic BGP
Network” module.
The active and
standby RP must be in SSO mode. For information about configuring SSO mode, see
the “Configuring Stateful Switchover” module in the
High
Availability Configuration Guide.
Graceful restart
should be enabled on the PE device. We recommend that you enable graceful
restart on all BGP peers in the provider core that participate in BGP NSF. For
more information about configuring graceful restart, see the “Configuring
Advanced BGP Features” module.
CE devices must
support the route refresh capability. For more information, see the
“Configuring a Basic BGP Network” module.
Enables the
Border Gateway Protocol (BGP) graceful restart capability and BGP Nonstop
Forwarding (NSF) awareness.
If you
enter this command after the BGP session has been established, you must restart
the session for the capability to be exchanged with the BGP neighbor.
Use this
command on the restarting device and all of its peers (NSF-capable and
NSF-aware).
Step 5
address-familyipv4vrfvrf-name
Example:
Device(config-router)# address-family ipv4 vrf test
Enters address
family configuration mode for IPv4 VRF address family sessions.
The
vrfkeyword and
vrf-name
argument specify that
IPv4VRFinstanceinformationwillbeexchanged.
Note
Only the
syntax necessary for this task is displayed. For more details, see the
Cisco IOS IP
Routing: BGP Command Reference.
Enables the
Border Gateway Protocol (BGP) graceful restart capability and BGP Nonstop
Forwarding (NSF) awareness.
If you
enter this command after the BGP session has been established, you must restart
the session for the capability to be exchanged with the BGP neighbor.
Use this
command on the restarting device and all of its peers (NSF-capable and
NSF-aware).
The output
can be filtered to display a single peer policy template with the
session-template-name argument. This command also
supports all standard output modifiers.
What to Do Next
After the peer session template is created, the configuration of the peer session template can be inherited by or applied
to another peer session template with the
inheritpeer-session or
neighborinheritpeer-session command.
For more information about configuring peer session templates, see the "Configuring a Basic BGP Network" chapter in the
Cisco IOS IP Routing: BGP Configuration Guide.
Verifying BGP Support for
NSR with SSO
SUMMARY STEPS
enable
showipbgpl2vpnvplsallssosummary
showipbgpl2vpnvplsallneighbors
DETAILED STEPS
Step 1
enable
Enables
privileged EXEC mode.
Example:
Device> enable
Step 2
showipbgpl2vpnvplsallssosummary
This command
is used to display the number of Border Gateway Protocol (BGP) neighbors that
are in Stateful Switchover (SSO) mode.
The following
is sample output from the
showipbgpl2vpnvplsallssosummary command:
Example:
Device# show ip bgp l2vpn vpls all sso summary
Stateful switchover support enabled for 40 neighbors
Step 3
showipbgpl2vpnvplsallneighbors
This command
displays VPN address information from the BGP table.
The following
is sample output from the
showipbgpl2vpnvplsallneighbors command. The "Stateful switchover
support" field indicates whether SSO is enabled or disabled. The "SSO Last
Disable Reason" field displays information about the last BGP session that lost
SSO capability.
Example:
Device# show ip bgp l2vpn vpls all neighbors 10.3.3.3
BGP neighbor is 10.3.3.3, vrf vrf1, remote AS 3, external link
Inherits from template 10vrf-session for session parameters
BGP version 4, remote router ID 10.1.105.12
BGP state = Established, up for 04:21:39
Last read 00:00:05, last write 00:00:09, hold time is 30, keepalive interval is 10 seconds
Configured hold time is 30, keepalive interval is 10 seconds
Minimum holdtime from neighbor is 0 seconds
Neighbor capabilities:
Route refresh: advertised and received(new)
Address family IPv4 Unicast: advertised and received
Stateful switchover support enabled
Message statistics:
InQ depth is 0
OutQ depth is 0
Sent Rcvd
Opens: 1 1
Notifications: 0 0
Updates: 1 4
Keepalives: 1534 1532
Route Refresh: 0 0
Total: 1536 1537
Default minimum time between advertisement runs is 30 seconds
For address family: L2VPN VPLS
BGP table version 25161, neighbor version 25161/0
Output queue size : 0
Index 7, Offset 0, Mask 0x80
7 update-group member
Inherits from template 10vrf-policy
Overrides the neighbor AS with my AS before sending updates
Outbound path policy configured
Route map for outgoing advertisements is Deny-CE-prefixes
Sent Rcvd
Prefix activity: ---- ----
Prefixes Current: 10 50 (Consumes 3400 bytes)
Prefixes Total: 10 50
Implicit Withdraw: 0 0
Explicit Withdraw: 0 0
Used as bestpath: n/a 0
Used as multipath: n/a 0
Outbound Inbound
Local Policy Denied Prefixes: -------- -------
route-map: 150 0
AS_PATH loop: n/a 760
Total: 150 760
Number of NLRIs in the update sent: max 10, min 10
Address tracking is enabled, the RIB does have a route to 10.3.3.3
Address tracking requires at least a /24 route to the peer
Connections established 1; dropped 0
Last reset never
Transport(tcp) path-mtu-discovery is enabled
TCP session must be opened passively
Connection state is ESTAB, I/O status: 1, unread input bytes: 0 Connection is ECN Disabled Local host: 10.0.21.1, Local port: 179 Foreign host: 10.0.21.3, Foreign port: 51205 Connection tableid (VRF): 1
Enqueued packets for retransmit: 0, input: 0 mis-ordered: 0 (0 bytes)
Event Timers (current time is 0x1625488):
Timer Starts Wakeups Next
Retrans 1746 210 0x0
TimeWait 0 0 0x0
AckHold 1535 1525 0x0
SendWnd 0 0 0x0
KeepAlive 0 0 0x0
GiveUp 0 0 0x0
PmtuAger 0 0 0x0
DeadWait 0 0 0x0
Linger 0 0 0x0
iss: 2241977291 snduna: 2242006573 sndnxt: 2242006573 sndwnd: 13097
irs: 821359845 rcvnxt: 821391670 rcvwnd: 14883 delrcvwnd: 1501
SRTT: 300 ms, RTTO: 303 ms, RTV: 3 ms, KRTT: 0 ms
minRTT: 0 ms, maxRTT: 300 ms, ACK hold: 200 ms Status Flags: passive open, retransmission timeout, gen tcbs
0x1000
Option Flags: VRF id set, always push, md5
Datagrams (max data segment is 4330 bytes):
Rcvd: 3165 (out of order: 0), with data: 1535, total data bytes: 31824
Sent: 3162 (retransmit: 210 fastretransmit: 0),with data: 1537, total data
bytes: 29300
SSO Last Disable Reason: Application Disable (Active)
Troubleshooting Tips
To troubleshoot BGP NSR with SSO, use the following commands in privileged EXEC mode, as needed:
debugipbgpsso--Displays BGP-related SSO events or debugging information for BGP-related interactions between the active RP and the standby
RP. This command is useful for monitoring or troubleshooting BGP sessions on a PE router during an RP switchover or during
a planned ISSU.
debugiptcpha--Displays TCP HA events or debugging information for TCP stack interactions between the active RP and the standby RP. This
is command is useful for troubleshooting SSO-aware TCP connections.
showtcp--Displays the status of TCP connections. The display output will display the SSO capability flag and will indicate the reason
that the SSO property failed on a TCP connection.
Configuration Examples for BGP Support for Nonstop Routing (NSR) with Stateful Switchover (SSO) using L2VPN VPLS
Example: Configuring BGP NSR
with SSO Using L2VPN VPLS
The illustration
below illustrates a sample Border Gateway Protocol (BGP) Nonstop Routing (NSR)
with Stateful Switchful (SSO) network topology using L2VPN VPLS technology, and
the configuration examples that follow show configurations from two devices in
the topology: the RR1 device and the provider edge (PE) device.
Note
The configuration
examples omit some of the configuration required for Multiprotocol Label
Switching (MPLS) VPNs because the purpose of these examples is to illustrate
the configuration of BGP NSR with SSO.
RR1 Configuration
The following
example shows the BGP configuration for RR1 in the illustration above. RR1 is
configured as a Nonstop Forwarding (NSF)-aware route reflector (RR). In the
event of an route processor (RP) switchover, the PE device uses NSF to maintain
the BGP state of the internal peering session with RR1.
The following
example shows the BGP NSR with SSO configuration for the PE device in the
illustration above. The PE device is configured to support both NSF-awareness
and the BGP NSR with SSO capability. In the event of an RP switchover, the PE
device uses BGP NSR with SSO to maintain BGP state for the external BGP (eBGP)
peering session and uses NSF to maintain BGP state for the internal BGP (iBGP)
session with RR1.
The Cisco
Support and Documentation website provides online resources to download
documentation, software, and tools. Use these resources to install and
configure the software and to troubleshoot and resolve technical issues with
Cisco products and technologies. Access to most tools on the Cisco Support and
Documentation website requires a Cisco.com user ID and password.
Feature Information for BGP
Support for Nonstop Routing (NSR) with Stateful Switchover (SSO) Using L2VPN
VPLS
The following table provides release information about the feature or features described in this module. This table lists
only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise,
subsequent releases of that software release train also support that feature.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco
Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Table 1. Feature Information for BGP
Support for Nonstop Routing (NSR) with Stateful Switchover (SSO)
Feature
Name
Releases
Feature
Information
BGP Support
for Nonstop Routing (NSR) with Stateful Switchover (SSO) Using L2VPN VPLS
Cisco IOS
XE Fuji 16.7.1
The BGP
Support for Nonstop Routing (NSR) with Stateful Switchover (SSO) using L2VPN
VPLS feature enables provider edge (PE) routers to maintain Border Gateway
Protocol (BGP) state with customer edge (CE) routers and ensure continuous
packet forwarding during a Route Processor (RP) switchover or during a planned
In-Service Software Upgrade (ISSU) for a PE router. CE routers do not need to
be Nonstop Forwarding (NSF)-capable or NSF-aware to benefit from BGP NSR
capabilities on PE routers. Only PE routers need to be upgraded to support BGP
NSR--no CE router upgrades are required. BGP NSR with SSO, thus, enables
service providers to provide the benefits NSF with the additional benefits of
NSR without requiring CE routers to be upgraded to support BGP graceful
restart.