BGP Support for Nonstop Routing (NSR) with Stateful Switchover (SSO) Using L2VPN VPLS

The BGP Support for Nonstop Routing (NSR) with Stateful Switchover (SSO) feature enables using L2VPN VPLS provider edge (PE) routers to maintain Border Gateway Protocol (BGP) state with customer edge (CE) routers and ensure continuous packet forwarding during a Route Processor (RP) switchover or during a planned In-Service Software Upgrade (ISSU) for a PE router. CE routers do not need to be Nonstop Forwarding (NSF)-capable or NSF-aware to benefit from BGP NSR capabilities on PE routers. Only PE routers need to be upgraded to support BGP NSR--no CE router upgrades are required. BGP NSR with SSO, thus, enables service providers to provide the benefits NSF with the additional benefits of NSR without requiring CE routers to be upgraded to support BGP graceful restart.

Prerequisites for BGP Support for NSR with SSO

  • Your network must be configured to run BGP.

  • Multiprotocol Layer Switching (MPLS) Layer 3 VPNs must be configured.

  • You must be familiar with NSF and SSO concepts and tasks.

Information About BGP Support for Nonstop Routing (NSR) with Stateful Switchover (SSO)

Overview of BGP NSR with SSO

Prior to the introduction of BGP NSR with SSO in Cisco IOS Release 12.2(28)SB, BGP required that all neighboring devices participating in BGP NSF be configured to be either NSF-capable or NSF-aware (by configuring the devices to support the BGP graceful restart mechanism). BGP NSF, thus, required that all neighboring devices be upgraded to a version of Cisco IOS software that supports BGP graceful restart. However, in many MPLS VPN deployments, there are situations where PE routers engage in exterior BGP (eBGP) peering sessions with CE routers that do not support BGP graceful restart and cannot be upgraded to a software version that supports BGP graceful restart in the same time frame as the provider (P) routers.

BGP NSR with SSO provides a high availability (HA) solution to service providers whose PE routers engage in eBGP peering relationships with CE routers that do not support BGP graceful restart. BGP NSR works with SSO to synchronize BGP state information between the active and standby RP. SSO minimizes the amount of time a network is unavailable to its users following a switchover. When the BGP NSR with SSO feature is configured, in the event of an RP switchover, the PE router uses BGP NSR with SSO to maintain BGP state for eBGP peering sessions with CEs that are not NSF-aware (see the figure below). Additionally, the BGP NSR with SSO feature dynamically detects NSF-aware peers and runs graceful restart with those CE routers. For eBGP peering sessions with NSF-aware peers and for internal BGP (iBGP) sessions with BGP Route Reflectors (RRs) in the service provider core, the PE uses NSF to maintain BGP state. BGP NSR with SSO, thus, enables service providers to provide the benefits of NSF with the additional benefits of NSR without requiring CE routers to be upgraded to support BGP graceful restart.

Figure 1. BGP NSR with SSO Operations During an RP Switchover

BGP NSR with SSO is supported in BGP peer, BGP peer group, and BGP session template configurations. To configure support for BGP NSR with SSO in BGP peer and BGP peer group configurations, use the neighbor ha-mode sso command in address family configuration mode for IPv4 VRF address family BGP peer sessions. To include support for Cisco BGP NSR with SSO in a peer session template, use the ha-mode sso command in session-template configuration mode.

Benefits of BGP NSR with SSO

  • Minimizes services disruptions--Border Gateway Protocol (BGP) Nonstop Routing (NSR) with Stateful Switchover (SSO) reduces impact on customer traffic during route processor (RP) switchovers (scheduled or unscheduled events), extending high availability (HA) deployments and benefits at the edge.

  • Enhances high-availability Nonstop Forwarding (NSF) and SSO deployment at the edge--BGP NSR with SSO allows incremental deployment by upgrading the provider edge device with the NSR capability so that customer-facing edge devices are synchronized automatically and no coordination or NSF awareness is needed with the customer side Cisco or third-party customer edge devices. The BGP NSR feature dynamically detects NSF-aware peers and runs graceful restart with those CE devices.

  • Provides transparent route convergence--BGP NSR with SSO eliminates route flaps by keeping BGP state on both active and standby RPs and ensures continuous packet forwarding with minimal packet loss during RP failovers.

How to Configure BGP Support for Nonstop Routing (NSR) with Stateful Switchover (SSO)

Configuring a PE Device to Support BGP NSR with SSO

Perform this task to enable a provider edge (PE) device to maintain BGP state with customer edge (CE) devices and ensure continuous packet forwarding during a route processor (RP) switchover or during a planned ISSU. Border Gateway Protocol (BGP) Nonstop Routing (NSR) with Stateful Switchover (SSO) enables service providers to provide the benefits Nonstop Forwarding (NSF) with the additional benefits of NSR without requiring CE devices to be upgraded to support BGP graceful restart.

BGP NSR with SSO is supported in BGP peer, BGP peer group, and BGP session template configurations. Perform one of the following tasks in this section on a PE device, depending on whether you want to configure support for BGP NSR with SSO in a peer, a peer group, or a session template configuration:

Prerequisites

  • These tasks assume that you are familiar with BGP peer, BGP peer group, and BGP session template concepts. For more information, see the “Configuring a Basic BGP Network” module.

  • The active and standby RP must be in SSO mode. For information about configuring SSO mode, see the “Configuring Stateful Switchover” module in the High Availability Configuration Guide.

  • Graceful restart should be enabled on the PE device. We recommend that you enable graceful restart on all BGP peers in the provider core that participate in BGP NSF. For more information about configuring graceful restart, see the “Configuring Advanced BGP Features” module.

  • CE devices must support the route refresh capability. For more information, see the “Configuring a Basic BGP Network” module.

Configuring a Peer to Support BGP NSR with SSO

SUMMARY STEPS

    1.    enable

    2.    configure terminal

    3.    router bgp autonomous-system-number

    4.    bgp graceful-restart [restart-time seconds ] [stalepath-time seconds]

    5.    address-family l2vpn vpls

    6.    neighbor ip-address remote-as autonomous-system-number

    7.    neighbor ip-address ha-mode sso

    8.    neighbor ip-address activate

    9.    end

    10.    show ip bgp vpnv4 all sso summary


DETAILED STEPS
     Command or ActionPurpose
    Step 1 enable


    Example:
    Device> enable
     

    Enables privileged EXEC mode.

     
    Step 2 configure terminal


    Example:
    Device# configure terminal
     

    Enters global configuration mode.

     
    Step 3 router bgp autonomous-system-number


    Example:
    Device(config)# router bgp 40000
     

    Enters router configuration mode for the specified routing process.

     
    Step 4 bgp graceful-restart [restart-time seconds ] [stalepath-time seconds]


    Example:
    Device(config-router)# bgp graceful-restart
     

    Enables the Border Gateway Protocol (BGP) graceful restart capability and BGP Nonstop Forwarding (NSF) awareness.

    • If you enter this command after the BGP session has been established, you must restart the session for the capability to be exchanged with the BGP neighbor.

    • Use this command on the restarting device and all of its peers (NSF-capable and NSF-aware).

     
    Step 5 address-family l2vpn vpls


    Example:
    Device(config-router)# address-family l2vpn vpls
     

    Specifies activation of L2VPN VPLS peering.

     
    Step 6 neighbor ip-address remote-as autonomous-system-number


    Example:
    Device(config-router-af)# neighbor 192.168.1.1 remote-as 45000
     

    Adds the IP address of the neighbor in the specified autonomous system to the IPv4 multiprotocol BGP neighbor table of the local router.

     
    Step 7 neighbor ip-address ha-mode sso


    Example:
    Device(config-router-af)# neighbor 192.168.1.1 ha-mode sso
     

    Configures the neighbor to support BGP Nonstop Routing (NSR) with Stateful Switchover (SSO).

     
    Step 8 neighbor ip-address activate


    Example:
    Device(config-router-af)# neighbor testgroup activate
     

    Enables the neighbor to exchange prefixes for the IPv4 address family with the local router.

    Note   

    By default, neighbors that are defined using the neighbor remote-as command in router configuration mode exchange only unicast address prefixes.

     
    Step 9 end


    Example:
    Device(config-router-af)# end
     

    Exits address family configuration mode and enters privileged EXEC mode.

     
    Step 10 show ip bgp vpnv4 all sso summary


    Example:
    Device# show ip bgp vpnv4 all sso summary 
     

    (Optional) Displays the number of BGP neighbors that are in SSO mode.

     

    Configuring a Peer Group to Support BGP NSR with SSO

    SUMMARY STEPS

      1.    enable

      2.    configure terminal

      3.    router bgp autonomous-system-number

      4.    bgp graceful-restart [restart-time seconds ] [stalepath-time seconds]

      5.    neighbor peer-group-name peer-group

      6.    neighbor ip-address remote-as autonomous-system-number

      7.    neighbor ip-address peer-group peer-group-name

      8.    neighbor peer-group-name ha-mode sso

      9.    address-family l2vpn vpls

      10.    neighbor peer-group-name activate

      11.    end

      12.    show ip bgp l2vpn vpls all sso summary


    DETAILED STEPS
       Command or ActionPurpose
      Step 1 enable


      Example:
      Device> enable
       

      Enables privileged EXEC mode.

       
      Step 2 configure terminal


      Example:
      Device# configure terminal
       

      Enters global configuration mode.

       
      Step 3 router bgp autonomous-system-number


      Example:
      Device(config)# router bgp 40000
       

      Enters router configuration mode for the specified routing process.

       
      Step 4 bgp graceful-restart [restart-time seconds ] [stalepath-time seconds]


      Example:
      Device(config-router)# bgp graceful-restart
       

      Enables the Border Gateway Protocol (BGP) graceful restart capability and BGP Nonstop Forwarding (NSF) awareness.

      • If you enter this command after the BGP session has been established, you must restart the session for the capability to be exchanged with the BGP neighbor.

      • Use this command on the restarting device and all of its peers (NSF-capable and NSF-aware).

       
      Step 5 neighbor peer-group-name peer-group


      Example:
      Device(config-router-af)# neighbor testgroup peer-group
       

      Creates a BGP peer group.

       
      Step 6 neighbor ip-address remote-as autonomous-system-number


      Example:
      Device(config-router-af)# neighbor 192.168.1.1 remote-as 45000
       

      Adds the IP address of the neighbor in the specified autonomous system to the IPv4 multiprotocol BGP neighbor table of the local device.

       
      Step 7 neighbor ip-address peer-group peer-group-name


      Example:
      Device(config-router-af)# neighbor 192.168.1.1 peer-group testgroup
       

      Assigns the IP address of a BGP neighbor to a BGP peer group.

       
      Step 8 neighbor peer-group-name ha-mode sso


      Example:
      Device(config-router-af)# neighbor 192.168.1.1 ha-mode sso
       

      Configures the BGP peer group to support BGP Nonstop Routing (NSR) with Stateful Switchover (SSO).

       
      Step 9 address-family l2vpn vpls


      Example:
      Device(config-router)# address-family l2vpn vpls
       

      Specifies activation of L2VPN VPLS peering.

       
      Step 10 neighbor peer-group-name activate


      Example:
      Device(config-router-af)# neighbor testgroup activate
       

      Enables the neighbor to exchange prefixes for the IPv4 address family with the local device.

       
      Step 11 end


      Example:
      Device(config-router-af)# end
       

      Exits address family configuration mode and returns to global configuration mode.

       
      Step 12 show ip bgp l2vpn vpls all sso summary


      Example:
      Device# show ip bgp l2vpn vpls all sso summary
       

      (Optional) Displays the number of BGP neighbors that are in SSO mode.

       

      Configuring Support for BGP NSR with SSO in a Peer Session Template

      SUMMARY STEPS

        1.    enable

        2.    configure terminal

        3.    router bgp autonomous-system-number

        4.    template peer-session session-template-name

        5.    ha-mode sso

        6.    exit-peer-session

        7.    end

        8.    show ip bgp template peer-session [session-template-name]


      DETAILED STEPS
         Command or ActionPurpose
        Step 1 enable


        Example:
        Device> enable
         

        Enables privileged EXEC mode.

         
        Step 2 configure terminal


        Example:
        Device# configure terminal
         

        Enters global configuration mode.

         
        Step 3 router bgp autonomous-system-number


        Example:
        Device(config)# router bgp 101
         

        Enters router configuration mode and creates a Border Gateway Protocol (BGP) routing process.

         
        Step 4 template peer-session session-template-name


        Example:
        Device(config-router)# template peer-session CORE1
         

        Enters session-template configuration mode and creates a peer session template.

         
        Step 5 ha-mode sso


        Example:
        Device(config-router-stmp)# ha-mode sso
         

        Configures the neighbor to support BGP Nonstop Routing (NSR) with Stateful Switchover (SSO).

         
        Step 6 exit-peer-session


        Example:
        Device(config-router-stmp)# exit-peer-session
         

        Exits session-template configuration mode and returns to router configuration mode.

         
        Step 7 end


        Example:
        Device(config-router)# end
         

        Exits router configuration mode and returns to privileged EXEC mode.

         
        Step 8 show ip bgp template peer-session [session-template-name]


        Example:
        Device# show ip bgp template peer-session
         

        (Optional) Displays locally configured peer session templates.

        • The output can be filtered to display a single peer policy template with the session-template-name argument. This command also supports all standard output modifiers.

         

        What to Do Next

        After the peer session template is created, the configuration of the peer session template can be inherited by or applied to another peer session template with the inherit peer-session or neighbor inherit peer-session command.

        For more information about configuring peer session templates, see the "Configuring a Basic BGP Network" chapter in the Cisco IOS IP Routing: BGP Configuration Guide.

        Verifying BGP Support for NSR with SSO

        SUMMARY STEPS

          1.    enable

          2.    show ip bgpl2vpnvpls all sso summary

          3.    show ip bgpl2vpnvpls all neighbors


        DETAILED STEPS
          Step 1   enable

          Enables privileged EXEC mode.



          Example:
          Device> enable
          
          Step 2   show ip bgpl2vpnvpls all sso summary

          This command is used to display the number of Border Gateway Protocol (BGP) neighbors that are in Stateful Switchover (SSO) mode.

          The following is sample output from the show ip bgp l2vpnvpls all sso summary command:



          Example:
          Device# show ip bgp l2vpn vpls all sso summary
             Stateful switchover support enabled for 40 neighbors
          
          Step 3   show ip bgpl2vpnvpls all neighbors

          This command displays VPN address information from the BGP table.

          The following is sample output from the show ip bgp l2vpnvpls all neighbors command. The "Stateful switchover support" field indicates whether SSO is enabled or disabled. The "SSO Last Disable Reason" field displays information about the last BGP session that lost SSO capability.



          Example:
          Device# show ip bgp l2vpn vpls all neighbors 10.3.3.3
          BGP neighbor is 10.3.3.3,  vrf vrf1,  remote AS 3, external link
            Inherits from template 10vrf-session for session parameters
             BGP version 4, remote router ID 10.1.105.12
             BGP state = Established, up for 04:21:39
             Last read 00:00:05, last write 00:00:09, hold time is 30, keepalive interval is 10 seconds
             Configured hold time is 30, keepalive interval is 10 seconds
             Minimum holdtime from neighbor is 0 seconds
             Neighbor capabilities:
               Route refresh: advertised and received(new)
               Address family IPv4 Unicast: advertised and received
               Stateful switchover support enabled
             Message statistics:
               InQ depth is 0
               OutQ depth is 0
                                    Sent       Rcvd
               Opens:                  1          1
               Notifications:          0          0
               Updates:                1          4
               Keepalives:          1534       1532
               Route Refresh:          0          0
               Total:               1536       1537
             Default minimum time between advertisement runs is 30 seconds
            For address family: L2VPN VPLS
             BGP table version 25161, neighbor version 25161/0
             Output queue size : 0
             Index 7, Offset 0, Mask 0x80
             7 update-group member
             Inherits from template 10vrf-policy
             Overrides the neighbor AS with my AS before sending updates
             Outbound path policy configured
             Route map for outgoing advertisements is Deny-CE-prefixes
                                            Sent       Rcvd
             Prefix activity:               ----       ----
               Prefixes Current:              10         50 (Consumes 3400 bytes)
               Prefixes Total:                10         50
               Implicit Withdraw:              0          0
               Explicit Withdraw:              0          0
               Used as bestpath:             n/a          0
               Used as multipath:            n/a          0
                                              Outbound    Inbound
             Local Policy Denied Prefixes:    --------    -------
               route-map:                          150          0
               AS_PATH loop:                       n/a        760
               Total:                              150        760
             Number of NLRIs in the update sent: max 10, min 10
             Address tracking is enabled, the RIB does have a route to 10.3.3.3
             Address tracking requires at least a /24 route to the peer
             Connections established 1; dropped 0
             Last reset never
             Transport(tcp) path-mtu-discovery is enabled
             TCP session must be opened passively
          Connection state is ESTAB, I/O status: 1, unread input bytes: 0 Connection is ECN Disabled Local host: 10.0.21.1, Local port: 179 Foreign host: 10.0.21.3, Foreign port: 51205 Connection tableid (VRF): 1
          Enqueued packets for retransmit: 0, input: 0  mis-ordered: 0 (0 bytes)
          Event Timers (current time is 0x1625488):
          Timer          Starts    Wakeups            Next
          Retrans          1746        210             0x0
          TimeWait            0          0             0x0
          AckHold          1535       1525             0x0
          SendWnd             0          0             0x0
          KeepAlive           0          0             0x0
          GiveUp              0          0             0x0
          PmtuAger            0          0             0x0
          DeadWait            0          0             0x0
          Linger              0          0             0x0
          iss: 2241977291  snduna: 2242006573  sndnxt: 2242006573     sndwnd:  13097
          irs:  821359845  rcvnxt:  821391670  rcvwnd:      14883  delrcvwnd:   1501
          SRTT: 300 ms, RTTO: 303 ms, RTV: 3 ms, KRTT: 0 ms
          minRTT: 0 ms, maxRTT: 300 ms, ACK hold: 200 ms Status Flags: passive open, retransmission timeout, gen tcbs
             0x1000
          Option Flags: VRF id set, always push, md5
          Datagrams (max data segment is 4330 bytes):
          Rcvd: 3165 (out of order: 0), with data: 1535, total data bytes: 31824
          Sent: 3162 (retransmit: 210 fastretransmit: 0),with data: 1537, total data
          bytes: 29300
          SSO Last Disable Reason: Application Disable (Active)

          Troubleshooting Tips

          To troubleshoot BGP NSR with SSO, use the following commands in privileged EXEC mode, as needed:

          • debug ip bgp sso --Displays BGP-related SSO events or debugging information for BGP-related interactions between the active RP and the standby RP. This command is useful for monitoring or troubleshooting BGP sessions on a PE router during an RP switchover or during a planned ISSU.

          • debug ip tcp ha --Displays TCP HA events or debugging information for TCP stack interactions between the active RP and the standby RP. This is command is useful for troubleshooting SSO-aware TCP connections.

          • show tcp --Displays the status of TCP connections. The display output will display the SSO capability flag and will indicate the reason that the SSO property failed on a TCP connection.

          • show tcp ha connections --Displays connection-ID-to-TCP mapping data.

          Configuration Examples for BGP Support for Nonstop Routing (NSR) with Stateful Switchover (SSO) using L2VPN VPLS

          Example: Configuring BGP NSR with SSO Using L2VPN VPLS

          The illustration below illustrates a sample Border Gateway Protocol (BGP) Nonstop Routing (NSR) with Stateful Switchful (SSO) network topology using L2VPN VPLS technology, and the configuration examples that follow show configurations from two devices in the topology: the RR1 device and the provider edge (PE) device.


          Note


          The configuration examples omit some of the configuration required for Multiprotocol Label Switching (MPLS) VPNs because the purpose of these examples is to illustrate the configuration of BGP NSR with SSO.


          Figure 2. BGP NSR with SSO Example Topology

          RR1 Configuration

          The following example shows the BGP configuration for RR1 in the illustration above. RR1 is configured as a Nonstop Forwarding (NSF)-aware route reflector (RR). In the event of an route processor (RP) switchover, the PE device uses NSF to maintain the BGP state of the internal peering session with RR1.

          !
          router bgp 1
           no synchronization
           bgp log-neighbor-changes
           bgp graceful-restart restart-time 120
           bgp graceful-restart stalepath-time 360
           bgp graceful-restart
           neighbor 10.2.2.2 remote-as 1
           neighbor 10.2.2.2 update-source Loopback0
           no auto-summary
           !        
           address-family l2vpn vpls
           neighbor 10.2.2.2 activate
           neighbor 10.2.2.2 send-community both
           neighbor 10.2.2.2 route-reflector-client
           exit-address-family
           !

          PE Configuration

          The following example shows the BGP NSR with SSO configuration for the PE device in the illustration above. The PE device is configured to support both NSF-awareness and the BGP NSR with SSO capability. In the event of an RP switchover, the PE device uses BGP NSR with SSO to maintain BGP state for the external BGP (eBGP) peering session and uses NSF to maintain BGP state for the internal BGP (iBGP) session with RR1.

          !
          router bgp 2
           no synchronization
           bgp log-neighbor-changes
           bgp graceful-restart restart-time 120
           bgp graceful-restart stalepath-time 360
           bgp graceful-restart
           neighbor 10.1.1.1 remote-as 1
           neighbor 10.1.1.1 update-source Loopback0
          	neighbor 10.3.3.3 remote-as 3
           neighbor 10.3.3.3 ha-mode sso
           neighbor 10.3.3.3 activate
           neighbor 10.3.3.3 as-override
           no auto-summary
           !        
           address-family l2vpn vpls
           neighbor 10.1.1.1 activate
           neighbor 10.1.1.1 send-community both
           exit-address-family
           !
           no auto-summary
           no synchronization
           exit-address-family
          !

          Additional References

          Related Documents

          Related Topic

          Document Title

          Cisco IOS commands

          Cisco IOS Master Commands List, All Releases

          BGP commands

          Cisco IOS BGP Command Reference

          MTR commands

          Cisco IOS Multitopology Routing Command Reference

          Configuring Multitopology Routing

          Multitopology Routing Configuration Guide

          BGP NSR Support for iBGP Peers

          BGP Configuration Guide

          BGP NSR Support for MPLS VPNv4 and VPNv6 Inter-AS Option B

          BGP Configuration Guide

          BGP-IPV6 NSR

          BGP Configuration Guide

          Technical Assistance

          Description

          Link

          The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password.

          http:/​/​www.cisco.com/​cisco/​web/​support/​index.html

          Feature Information for BGP Support for Nonstop Routing (NSR) with Stateful Switchover (SSO) Using L2VPN VPLS

          The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

          Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.
          Table 1 Feature Information for BGP Support for Nonstop Routing (NSR) with Stateful Switchover (SSO)

          Feature Name

          Releases

          Feature Information

          BGP Support for Nonstop Routing (NSR) with Stateful Switchover (SSO) Using L2VPN VPLS

          Cisco IOS XE Fuji 16.7.1

          The BGP Support for Nonstop Routing (NSR) with Stateful Switchover (SSO) using L2VPN VPLS feature enables provider edge (PE) routers to maintain Border Gateway Protocol (BGP) state with customer edge (CE) routers and ensure continuous packet forwarding during a Route Processor (RP) switchover or during a planned In-Service Software Upgrade (ISSU) for a PE router. CE routers do not need to be Nonstop Forwarding (NSF)-capable or NSF-aware to benefit from BGP NSR capabilities on PE routers. Only PE routers need to be upgraded to support BGP NSR--no CE router upgrades are required. BGP NSR with SSO, thus, enables service providers to provide the benefits NSF with the additional benefits of NSR without requiring CE routers to be upgraded to support BGP graceful restart.

          The following commands were modified:

          • debug ip bgp sso

          • show ip bgp l2vpn