IP Routing: BGP Configuration Guide, Cisco IOS Release 15S
BGP Support for NSR with SSO
Downloads: This chapterpdf (PDF - 1.43MB) The complete bookPDF (PDF - 12.31MB) | The complete bookePub (ePub - 3.04MB) | Feedback

BGP Support for NSR with SSO

Contents

BGP Support for NSR with SSO

The BGP Support for NSR with SSO feature enables provider edge (PE) devices to maintain Border Gateway Protocol (BGP) state with customer edge (CE) devices and ensure continuous packet forwarding during a route processor (RP) switchover or during a planned In-Service Software Upgrade (ISSU) for a PE device. CE devices do not need to be Nonstop Forwarding (NSF)-capable or NSF-aware to benefit from BGP Nonstop Routing (NSR) capabilities on PE devices. Only PE devices need to be upgraded to support BGP NSR—no CE device upgrades are required. The BGP Support for NSR with SSO feature, thus, enables service providers to provide the benefits of NSF with the additional benefits of NSR without requiring CE devices to be upgraded to support BGP graceful restart.

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

Prerequisites for BGP Support for NSR with SSO

  • Your network must be configured to run BGP.

  • Multiprotocol Layer Switching (MPLS) Layer 3 VPNs must be configured.

  • You must be familiar with NSF and SSO concepts and tasks.

Information About BGP Support for NSR with SSO

Overview of BGP NSR with SSO

Prior to the introduction of Border Gateway Protocol (BGP) Nonstop Routing (NSR) with Stateful Switchover (SSO), BGP required that all neighboring devices participating in BGP Nonstop Forwarding (NSF) be configured to be either NSF-capable or NSF-aware (by configuring the devices to support the BGP graceful restart mechanism). BGP NSF, thus, required that all neighboring devices be upgraded to a version of Cisco IOS software that supports BGP graceful restart. However, in many Multiprotocol Layer Switching (MPLS) Virtual Private Networks (VPN) deployments, there are situations where provider edge (PE) devices engage in exterior BGP (eBGP) peering sessions with customer edge (CE) devices that do not support BGP graceful restart and cannot be upgraded to a software version that supports BGP graceful restart in the same time frame as the PE devices.

BGP NSR with SSO provides a high availability (HA) solution to service providers whose PE devices engage in eBGP peering relationships with CE devices that do not support BGP graceful restart. BGP NSR works with SSO to synchronize BGP state information between the active and standby route processor (RP). SSO minimizes the amount of time a network is unavailable to its users following a switchover. When the BGP Support for NSR with SSO feature is configured, in the event of an RP switchover, the PE device uses BGP NSR with SSO to maintain BGP state for eBGP peering sessions with CE devices that are not NSF-aware (see the illustration below).

Additionally, the BGP Support for NSR with SSO feature dynamically detects NSF-aware peers and runs graceful restart with those CE devices. For eBGP peering sessions with NSF-aware peers and for internal BGP (iBGP) sessions with BGP route reflectors (RRs) in the service provider core, the PE device uses NSF to maintain BGP state. BGP NSR with SSO, thus, enables service providers to provide the benefits of NSF with the additional benefits of NSR without requiring CE devices to be upgraded to support BGP graceful restart.

Figure 1. BGP NSR with SSO Operations During an RP Switchover

BGP NSR with SSO is supported in BGP peer, BGP peer group, and BGP session template configurations. To configure support for BGP NSR with SSO in BGP peer and BGP peer group configurations, use the neighbor ha-mode sso command in address family configuration mode for IPv4 VRF address family BGP peer sessions. To include support for Cisco BGP NSR with SSO in a peer session template, use the ha-mode sso command in session-template configuration mode.

When BGP NSR with graceful restart is configured, graceful restart takes precedence over BGP NSR for all BGP peers, if graceful restart capability is received from the BGP peer.

When you enable graceful restart globally, the graceful restart capability exchange takes effect after all current BGP sessions are reset. You must do a session renegotiation for all BGP peers manually. To reset all current BGP sessions, use the clear ip bgp * command in privileged EXEC mode. After the session reset, graceful restart takes precedence over BGP NSR for all peers.

To configure a particular BGP peer to choose NSR over graceful restart, you must disable graceful restart for that particular BGP peer on a per neighbor basis. To disable graceful restart, use the neighbor ip-address ha-mode graceful-restart disable command.

Benefits of BGP NSR with SSO

  • Minimizes services disruptions--Border Gateway Protocol (BGP) Nonstop Routing (NSR) with Stateful Switchover (SSO) reduces impact on customer traffic during route processor (RP) switchovers (scheduled or unscheduled events), extending high availability (HA) deployments and benefits at the edge.

  • Enhances high-availability Nonstop Forwarding (NSF) and SSO deployment at the edge--BGP NSR with SSO allows incremental deployment by upgrading the provider edge device with the NSR capability so that customer-facing edge devices are synchronized automatically and no coordination or NSF awareness is needed with the customer side Cisco or third-party customer edge devices. The BGP NSR feature dynamically detects NSF-aware peers and runs graceful restart with those CE devices.

  • Provides transparent route convergence--BGP NSR with SSO eliminates route flaps by keeping BGP state on both active and standby RPs and ensures continuous packet forwarding with minimal packet loss during RP failovers.

Global Support for BGP NSR and NSR Preference over Graceful Restart

Global support for Border Gateway Protocol (BGP) Nonstop Routing (NSR) enhancement enables or disables BGP NSR for all neighbors configured on the provider edge (PE) device, customer edge (CE) device, and core devices under router configuration mode.

When BGP NSR and graceful restart are configured on the same BGP device, graceful restart takes precedence over NSR configuration. The BGP peer advertises the graceful restart capability, becomes graceful restart-enabled by default, and does not support NSR. To configure support for BGP NSR globally and NSR preference over graceful restart, use the bgp ha-mode sso [prefer] command in router configuration mode. The optional keyword prefer enables NSR to take precedence over graceful restart configuration. In the current scenario, when BGP NSR with graceful restart is configured, graceful restart takes precedence over BGP NSR for all BGP peers, if graceful restart capability is received from the BGP peer.


Note


The prefer keyword is used to take precedence if BGP NSR with graceful restart is configured on the same device. If the device is configured with NSR only, you need not to use the prefer keyword.


How to Configure BGP Support for NSR with SSO

Configuring Global Support for BGP NSR and NSR Preference over Graceful Restart

SUMMARY STEPS

    1.    enable

    2.    configure terminal

    3.    router bgp as-number

    4.    bgp ha-mode sso [prefer]

    5.    end


DETAILED STEPS
     Command or ActionPurpose
    Step 1 enable


    Example:
    Device> enable
     

    Enables privileged EXEC mode.

     
    Step 2 configure terminal


    Example:
    Device# configure terminal
     

    Enters global configuration mode.

     
    Step 3 router bgp as-number


    Example:
    Device(config)# router bgp 65000
     

    Configures a BGP routing process and enters router configuration mode.

     
    Step 4 bgp ha-mode sso [prefer]


    Example:
    Device(config-router)# bgp ha-mode sso prefer
     

    Configures the device to support Border Gateway Protocol (BGP) Nonstop Routing (NSR) with Stateful Switchover (SSO) globally and enables NSR to take precedence over graceful restart.

     
    Step 5 end


    Example:
    Device(config-router)# end
     

    Exits router configuration mode and returns to privileged EXEC mode.

     

    Configuring a PE Device to Support BGP NSR with SSO

    Perform this task to enable a provider edge (PE) device to maintain BGP state with customer edge (CE) devices and ensure continuous packet forwarding during a route processor (RP) switchover or during a planned ISSU. Border Gateway Protocol (BGP) Nonstop Routing (NSR) with Stateful Switchover (SSO) enables service providers to provide the benefits Nonstop Forwarding (NSF) with the additional benefits of NSR without requiring CE devices to be upgraded to support BGP graceful restart.

    BGP NSR with SSO is supported in BGP peer, BGP peer group, and BGP session template configurations. Perform one of the following tasks in this section on a PE device, depending on whether you want to configure support for BGP NSR with SSO in a peer, a peer group, or a session template configuration:

    Prerequisites

    • These tasks assume that you are familiar with BGP peer, BGP peer group, and BGP session template concepts. For more information, see the “Configuring a Basic BGP Network” module.

    • The active and standby RP must be in SSO mode. For information about configuring SSO mode, see the “Configuring Stateful Switchover” module in the High Availability Configuration Guide.

    • Graceful restart should be enabled on the PE device. We recommend that you enable graceful restart on all BGP peers in the provider core that participate in BGP NSF. For more information about configuring graceful restart, see the “Configuring Advanced BGP Features” module.

    • CE devices must support the route refresh capability. For more information, see the “Configuring a Basic BGP Network” module.

    Configuring a Peer to Support BGP NSR with SSO

    SUMMARY STEPS

      1.    enable

      2.    configure terminal

      3.    router bgp autonomous-system-number

      4.    bgp graceful-restart [restart-time seconds ] [stalepath-time seconds]

      5.    address-family ipv4 vrf vrf-name

      6.    neighbor ip-address remote-as autonomous-system-number

      7.    neighbor ip-address ha-mode sso

      8.    neighbor ip-address activate

      9.    end

      10.    show ip bgp vpnv4 all sso summary


    DETAILED STEPS
       Command or ActionPurpose
      Step 1 enable


      Example:
      Device> enable
       

      Enables privileged EXEC mode.

       
      Step 2 configure terminal


      Example:
      Device# configure terminal
       

      Enters global configuration mode.

       
      Step 3 router bgp autonomous-system-number


      Example:
      Device(config)# router bgp 40000
       

      Enters router configuration mode for the specified routing process.

       
      Step 4 bgp graceful-restart [restart-time seconds ] [stalepath-time seconds]


      Example:
      Device(config-router)# bgp graceful-restart
       

      Enables the Border Gateway Protocol (BGP) graceful restart capability and BGP Nonstop Forwarding (NSF) awareness.

      • If you enter this command after the BGP session has been established, you must restart the session for the capability to be exchanged with the BGP neighbor.

      • Use this command on the restarting device and all of its peers (NSF-capable and NSF-aware).

       
      Step 5 address-family ipv4 vrf vrf-name


      Example:
      Device(config-router)# address-family ipv4 vrf test
       

      Enters address family configuration mode for IPv4 VRF address family sessions.

      • The vrfkeyword and vrf-name argument specify that IPv4 VRF instance information will be exchanged.

      Note   

      Only the syntax necessary for this task is displayed. For more details, see the Cisco IOS IP Routing: BGP Command Reference.

       
      Step 6 neighbor ip-address remote-as autonomous-system-number


      Example:
      Device(config-router-af)# neighbor 192.168.1.1 remote-as 45000
       

      Adds the IP address of the neighbor in the specified autonomous system to the IPv4 multiprotocol BGP neighbor table of the local router.

       
      Step 7 neighbor ip-address ha-mode sso


      Example:
      Device(config-router-af)# neighbor 192.168.1.1 ha-mode sso
       

      Configures the neighbor to support BGP Nonstop Routing (NSR) with Stateful Switchover (SSO).

       
      Step 8 neighbor ip-address activate


      Example:
      Device(config-router-af)# neighbor testgroup activate
       

      Enables the neighbor to exchange prefixes for the IPv4 address family with the local router.

      Note   

      By default, neighbors that are defined using the neighbor remote-as command in router configuration mode exchange only unicast address prefixes.

       
      Step 9 end


      Example:
      Device(config-router-af)# end
       

      Exits address family configuration mode and enters privileged EXEC mode.

       
      Step 10 show ip bgp vpnv4 all sso summary


      Example:
      Device# show ip bgp vpnv4 all sso summary 
       

      (Optional) Displays the number of BGP neighbors that are in SSO mode.

       

      Configuring a Peer Group to Support BGP NSR with SSO

      SUMMARY STEPS

        1.    enable

        2.    configure terminal

        3.    router bgp autonomous-system-number

        4.    bgp graceful-restart [restart-time seconds ] [stalepath-time seconds]

        5.    address-family ipv4 vrf vrf-name

        6.    neighbor peer-group-name peer-group

        7.    neighbor ip-address remote-as autonomous-system-number

        8.    neighbor ip-address peer-group peer-group-name

        9.    neighbor peer-group-name ha-mode sso

        10.    neighbor peer-group-name activate

        11.    end

        12.    show ip bgp vpnv4 all sso summary


      DETAILED STEPS
         Command or ActionPurpose
        Step 1 enable


        Example:
        Device> enable
         

        Enables privileged EXEC mode.

         
        Step 2 configure terminal


        Example:
        Device# configure terminal
         

        Enters global configuration mode.

         
        Step 3 router bgp autonomous-system-number


        Example:
        Device(config)# router bgp 40000
         

        Enters router configuration mode for the specified routing process.

         
        Step 4 bgp graceful-restart [restart-time seconds ] [stalepath-time seconds]


        Example:
        Device(config-router)# bgp graceful-restart
         

        Enables the Border Gateway Protocol (BGP) graceful restart capability and BGP Nonstop Forwarding (NSF) awareness.

        • If you enter this command after the BGP session has been established, you must restart the session for the capability to be exchanged with the BGP neighbor.

        • Use this command on the restarting device and all of its peers (NSF-capable and NSF-aware).

         
        Step 5 address-family ipv4 vrf vrf-name


        Example:
        Device(config-router)# address-family ipv4 vrf cisco
         

        Specifies the IPv4 address family and enters address family configuration mode.

        • The vrfkeyword and vrf-name argument specify that IPv4 VRF instance information will be exchanged.

        Note   

        Only the syntax necessary for this task is displayed. For more details, see the Cisco IOS IP Routing: BGP Command Reference.

         
        Step 6 neighbor peer-group-name peer-group


        Example:
        Device(config-router-af)# neighbor testgroup peer-group
         

        Creates a BGP peer group.

         
        Step 7 neighbor ip-address remote-as autonomous-system-number


        Example:
        Device(config-router-af)# neighbor 192.168.1.1 remote-as 45000
         

        Adds the IP address of the neighbor in the specified autonomous system to the IPv4 multiprotocol BGP neighbor table of the local device.

         
        Step 8 neighbor ip-address peer-group peer-group-name


        Example:
        Device(config-router-af)# neighbor 192.168.1.1 peer-group testgroup
         

        Assigns the IP address of a BGP neighbor to a BGP peer group.

         
        Step 9 neighbor peer-group-name ha-mode sso


        Example:
        Device(config-router-af)# neighbor 192.168.1.1 ha-mode sso
         

        Configures the BGP peer group to support BGP Nonstop Routing (NSR) with Stateful Switchover (SSO).

         
        Step 10 neighbor peer-group-name activate


        Example:
        Device(config-router-af)# neighbor testgroup activate
         

        Enables the neighbor to exchange prefixes for the IPv4 address family with the local device.

         
        Step 11 end


        Example:
        Device(config-router-af)# end
         

        Exits address family configuration mode and returns to global configuration mode.

         
        Step 12 show ip bgp vpnv4 all sso summary


        Example:
        Device# show ip bgp vpnv4 all sso summary
         

        (Optional) Displays the number of BGP neighbors that are in SSO mode.

         

        Configuring Support for BGP NSR with SSO in a Peer Session Template

        SUMMARY STEPS

          1.    enable

          2.    configure terminal

          3.    router bgp autonomous-system-number

          4.    template peer-session session-template-name

          5.    ha-mode sso

          6.    exit-peer-session

          7.    end

          8.    show ip bgp template peer-session [session-template-name]


        DETAILED STEPS
           Command or ActionPurpose
          Step 1 enable


          Example:
          Device> enable
           

          Enables privileged EXEC mode.

           
          Step 2 configure terminal


          Example:
          Device# configure terminal
           

          Enters global configuration mode.

           
          Step 3 router bgp autonomous-system-number


          Example:
          Device(config)# router bgp 101
           

          Enters router configuration mode and creates a Border Gateway Protocol (BGP) routing process.

           
          Step 4 template peer-session session-template-name


          Example:
          Device(config-router)# template peer-session CORE1
           

          Enters session-template configuration mode and creates a peer session template.

           
          Step 5 ha-mode sso


          Example:
          Device(config-router-stmp)# ha-mode sso
           

          Configures the neighbor to support BGP Nonstop Routing (NSR) with Stateful Switchover (SSO).

           
          Step 6 exit-peer-session


          Example:
          Device(config-router-stmp)# exit-peer-session
           

          Exits session-template configuration mode and returns to router configuration mode.

           
          Step 7 end


          Example:
          Device(config-router)# end
           

          Exits router configuration mode and returns to privileged EXEC mode.

           
          Step 8 show ip bgp template peer-session [session-template-name]


          Example:
          Device# show ip bgp template peer-session
           

          (Optional) Displays locally configured peer session templates.

          • The output can be filtered to display a single peer policy template with the session-template-name argument. This command also supports all standard output modifiers.

           

          What to Do Next

          After the peer session template is created, the configuration of the peer session template can be inherited by or applied to another peer session template with the inherit peer-session or neighbor inherit peer-session command.

          For more information about configuring peer session templates, see the "Configuring a Basic BGP Network" chapter in the Cisco IOS IP Routing: BGP Configuration Guide.

          Verifying BGP Support for NSR with SSO

          SUMMARY STEPS

            1.    enable

            2.    show ip bgp vpnv4 all sso summary

            3.    show ip bgp vpnv4 all neighbors


          DETAILED STEPS
            Step 1   enable

            Enables privileged EXEC mode.



            Example:
            Device> enable
            
            Step 2   show ip bgp vpnv4 all sso summary

            This command is used to display the number of Border Gateway Protocol (BGP) neighbors that are in Stateful Switchover (SSO) mode.

            The following is sample output from the show ip bgp vpnv4 all sso summary command:



            Example:
            Device# show ip bgp vpnv4 all sso summary
               Stateful switchover support enabled for 40 neighbors
            
            Step 3   show ip bgp vpnv4 all neighbors

            This command displays VPN address information from the BGP table.

            The following is sample output from the show ip bgp vpnv4 all neighbors command. The "Stateful switchover support" field indicates whether SSO is enabled or disabled. The "SSO Last Disable Reason" field displays information about the last BGP session that lost SSO capability.



            Example:
            Device# show ip bgp vpnv4 all neighbors 10.3.3.3
            BGP neighbor is 10.3.3.3,  vrf vrf1,  remote AS 3, external link
              Inherits from template 10vrf-session for session parameters
               BGP version 4, remote router ID 10.1.105.12
               BGP state = Established, up for 04:21:39
               Last read 00:00:05, last write 00:00:09, hold time is 30, keepalive interval is 10 seconds
               Configured hold time is 30, keepalive interval is 10 seconds
               Minimum holdtime from neighbor is 0 seconds
               Neighbor capabilities:
                 Route refresh: advertised and received(new)
                 Address family IPv4 Unicast: advertised and received
                 Stateful switchover support enabled
               Message statistics:
                 InQ depth is 0
                 OutQ depth is 0
                                      Sent       Rcvd
                 Opens:                  1          1
                 Notifications:          0          0
                 Updates:                1          4
                 Keepalives:          1534       1532
                 Route Refresh:          0          0
                 Total:               1536       1537
               Default minimum time between advertisement runs is 30 seconds
              For address family: VPNv4 Unicast
               Translates address family IPv4 Unicast for VRF vrf1
               BGP table version 25161, neighbor version 25161/0
               Output queue size : 0
               Index 7, Offset 0, Mask 0x80
               7 update-group member
               Inherits from template 10vrf-policy
               Overrides the neighbor AS with my AS before sending updates
               Outbound path policy configured
               Route map for outgoing advertisements is Deny-CE-prefixes
                                              Sent       Rcvd
               Prefix activity:               ----       ----
                 Prefixes Current:              10         50 (Consumes 3400 bytes)
                 Prefixes Total:                10         50
                 Implicit Withdraw:              0          0
                 Explicit Withdraw:              0          0
                 Used as bestpath:             n/a          0
                 Used as multipath:            n/a          0
                                                Outbound    Inbound
               Local Policy Denied Prefixes:    --------    -------
                 route-map:                          150          0
                 AS_PATH loop:                       n/a        760
                 Total:                              150        760
               Number of NLRIs in the update sent: max 10, min 10
               Address tracking is enabled, the RIB does have a route to 10.3.3.3
               Address tracking requires at least a /24 route to the peer
               Connections established 1; dropped 0
               Last reset never
               Transport(tcp) path-mtu-discovery is enabled
               TCP session must be opened passively
            Connection state is ESTAB, I/O status: 1, unread input bytes: 0 Connection is ECN Disabled Local host: 10.0.21.1, Local port: 179 Foreign host: 10.0.21.3, Foreign port: 51205 Connection tableid (VRF): 1
            Enqueued packets for retransmit: 0, input: 0  mis-ordered: 0 (0 bytes)
            Event Timers (current time is 0x1625488):
            Timer          Starts    Wakeups            Next
            Retrans          1746        210             0x0
            TimeWait            0          0             0x0
            AckHold          1535       1525             0x0
            SendWnd             0          0             0x0
            KeepAlive           0          0             0x0
            GiveUp              0          0             0x0
            PmtuAger            0          0             0x0
            DeadWait            0          0             0x0
            Linger              0          0             0x0
            iss: 2241977291  snduna: 2242006573  sndnxt: 2242006573     sndwnd:  13097
            irs:  821359845  rcvnxt:  821391670  rcvwnd:      14883  delrcvwnd:   1501
            SRTT: 300 ms, RTTO: 303 ms, RTV: 3 ms, KRTT: 0 ms
            minRTT: 0 ms, maxRTT: 300 ms, ACK hold: 200 ms Status Flags: passive open, retransmission timeout, gen tcbs
               0x1000
            Option Flags: VRF id set, always push, md5
            Datagrams (max data segment is 4330 bytes):
            Rcvd: 3165 (out of order: 0), with data: 1535, total data bytes: 31824
            Sent: 3162 (retransmit: 210 fastretransmit: 0),with data: 1537, total data
            bytes: 29300
            SSO Last Disable Reason: Application Disable (Active)

            Troubleshooting Tips

            To troubleshoot BGP NSR with SSO, use the following commands in privileged EXEC mode, as needed:

            • debug ip bgp sso --Displays BGP-related SSO events or debugging information for BGP-related interactions between the active RP and the standby RP. This command is useful for monitoring or troubleshooting BGP sessions on a PE router during an RP switchover or during a planned ISSU.

            • debug ip tcp ha --Displays TCP HA events or debugging information for TCP stack interactions between the active RP and the standby RP. This is command is useful for troubleshooting SSO-aware TCP connections.

            • show tcp --Displays the status of TCP connections. The display output will display the SSO capability flag and will indicate the reason that the SSO property failed on a TCP connection.

            • show tcp ha connections --Displays connection-ID-to-TCP mapping data.

            Configuration Examples for BGP Support for NSR with SSO

            Example: Configuring Global Support for BGP NSR and NSR Preference over Graceful Restart

            The following example shows how to configure Boarder Gateway Protocol (BGP) Nonstop Routing (NSR) under router configuration mode and how to enable NSR to take precedence over graceful restart configuration:

            Device# configure terminal
            Device(config)# router bgp 65000
            Device(config-router)# bgp ha-mode sso prefer
            Device(config-router)# end
            

            The following example shows how to enable Stateful Switchover (SSO) for the BGP peer sessions 10.0.0.2, 101.0.0.3, and 201.0.0.3 and how to configure NSR preference over graceful restart using the bgp ha-mode sso prefer command under router configuration mode:

            router bgp 65000
              bgp log-neighbor-changes
              bgp ha-mode sso prefer
              no bgp default ipv4-unicast
              neighbor 10.0.0.2 remote-as 65000
              neighbor 10.0.0.2 update-source Loopback0
              bgp graceful-restart
              bgp graceful-restart restart-time 120
              bgp graceful-restart stalepath-time 360
            
              !
              address-family ipv4
              redistribute connected
              neighbor 10.0.0.2 activate
              neighbor 10.0.0.2 send-community extended
              exit-address-family
              !
              address-family vpnv4
              neighbor 10.0.0.2 activate
              neighbor 10.0.0.2 send-community both
              exit-address-family
              !
              address-family ipv4 vrf blue
              neighbor 101.0.0.3 remote-as 101
              neighbor 101.0.0.3 activate
              exit-address-family
              !
              address-family ipv4 vrf red
              neighbor 201.0.0.3 remote-as 201
              neighbor 201.0.0.3 activate
              exit-address-family
              !
            

            Example: Configuring BGP NSR with SSO

            The illustration below illustrates a sample Border Gateway Protocol (BGP) Nonstop Routing (NSR) with Stateful Switchful (SSO) network topology, and the configuration examples that follow show configurations from three devices in the topology: the RR1 device, the provider edge (PE) device, and the CE-1 device.


            Note


            The configuration examples omit some of the configuration required for Multiprotocol Label Switching (MPLS) VPNs because the purpose of these examples is to illustrate the configuration of BGP NSR with SSO.


            Figure 2. BGP NSR with SSO Example Topology

            RR1 Configuration

            The following example shows the BGP configuration for RR1 in the illustration above. RR1 is configured as a Nonstop Forwarding (NSF)-aware route reflector (RR). In the event of an route processor (RP) switchover, the PE device uses NSF to maintain the BGP state of the internal peering session with RR1.

            !
            router bgp 1
             no synchronization
             bgp log-neighbor-changes
             bgp graceful-restart restart-time 120
             bgp graceful-restart stalepath-time 360
             bgp graceful-restart
             neighbor 10.2.2.2 remote-as 1
             neighbor 10.2.2.2 update-source Loopback0
             no auto-summary
             !        
             address-family vpnv4
             neighbor 10.2.2.2 activate
             neighbor 10.2.2.2 send-community both
             neighbor 10.2.2.2 route-reflector-client
             exit-address-family
             !

            PE Configuration

            The following example shows the BGP NSR with SSO configuration for the PE device in the illustration above. The PE device is configured to support both NSF-awareness and the BGP NSR with SSO capability. In the event of an RP switchover, the PE device uses BGP NSR with SSO to maintain BGP state for the external BGP (eBGP) peering session with the CE-1 device, a customer edge (CE) device in this topology that is not NSF-aware, and uses NSF to maintain BGP state for the internal BGP (iBGP) session with RR1. The PE device also detects if any of the other CE devices in the MPLS VPN network are NSF-aware and runs graceful restart with those CE devices.

            !
            router bgp 2
             no synchronization
             bgp log-neighbor-changes
             bgp graceful-restart restart-time 120
             bgp graceful-restart stalepath-time 360
             bgp graceful-restart
             neighbor 10.1.1.1 remote-as 1
             neighbor 10.1.1.1 update-source Loopback0
             no auto-summary
             !        
             address-family vpnv4
             neighbor 10.1.1.1 activate
             neighbor 10.1.1.1 send-community both
             exit-address-family
             !
             address-family ipv4 vrf ce-1
             neighbor 10.3.3.3 remote-as 3
             neighbor 10.3.3.3 ha-mode sso
             neighbor 10.3.3.3 activate
             neighbor 10.3.3.3 as-override
             no auto-summary
             no synchronization
             exit-address-family
            !

            CE-1 Configuration

            The following example shows the BGP configuration for CE-1 in the illustration above. The CE-1 device is configured as an external peer of the PE device. The CE-1 device is not configured to be NSF-capable or NSF-aware. The CE-1 device, however, does not need to be NSF-capable or NSF-aware to benefit from BGP NSR capabilities on the PE device nor does it need to be upgraded to support BGP NSR.

            !
            router bgp 3
             neighbor 10.2.2.2 remote-as 1
            !

            Additional References for BGP Support for NSR with SSO

            Related Documents

            Related Topic

            Document Title

            Cisco IOS commands

            Cisco IOS Master Command List, All Releases

            BGP commands

            Cisco IOS IP Routing: BGP Command Reference

            BGP NSF awareness concepts, configuration tasks, and examples

            “Configuring Advanced BGP Features” module

            ISSU concepts, configuration tasks, and examples

            “Cisco In Service Software Upgrade Process” module

            MPLS Layer 3 VPN concepts and configuration tasks

            “Configuring MPLS Layer 3 VPNs” module in the MPLS: Layer 3 VPNs Configuration Guide

            MPLS Layer 3 VPN commands

            Cisco IOS Multiprotocol Label Switching Command Reference

            SSO concepts, configuration tasks, and examples

            “Configuring Stateful Switchover” module in the High Availability Configuration Guide

            RFCs

            RFC

            Title

            draft-ietf-idr-restart-06.txt

            Graceful Restart Mechanism for BGP

            Technical Assistance

            Description

            Link

            The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password.

            http:/​/​www.cisco.com/​cisco/​web/​support/​index.html

            Feature Information for BGP Support for NSR with SSO

            The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

            Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

            Table 1 Feature Information for BGP Support for NSR with SSO

            Feature Name

            Releases

            Feature Information

            BGP Support for NSR with SSO

            12.2(28)SB

            15.0(1)S

            The BGP Support for Nonstop Routing (NSR) with Stateful Switchover (SSO) feature enables provider edge (PE) routers to maintain Border Gateway Protocol (BGP) state with customer edge (CE) routers and ensure continuous packet forwarding during a Route Processor (RP) switchover or during a planned In-Service Software Upgrade (ISSU) for a PE router. CE routers do not need to be Nonstop Forwarding (NSF)-capable or NSF-aware to benefit from BGP NSR capabilities on PE routers. Only PE routers need to be upgraded to support BGP NSR--no CE router upgrades are required. BGP NSR with SSO, thus, enables service providers to provide the benefits NSF with the additional benefits of NSR without requiring CE routers to be upgraded to support BGP graceful restart.

            The following commands were introduced or modified:

            • debug ip bgp sso

            • debug ip tcp ha

            • neighbor ha-mode sso

            • show ip bgp vpnv4

            • show ip bgp vpnv4 all sso summary

            • show tcp

            • show tcp ha connections

            BGP—NSR Enhancement

            Cisco IOS Release XE 3.13S

            The global support for BGP NSR and NSR preference over graceful restart has been enabled.

            The optional keyword prefer has been added to the bgp ha-mode sso command.