MPLS VPN BGP Local Convergence
|
||||||||||||||||||||||||||||||||||
Contents
MPLS VPN--BGP Local ConvergenceLast Updated: June 6, 2012
This document provides information about reducing the downtime of a provider edge (PE) to customer edge (CE) link failure. It describes how to reroute PE-egress traffic onto a backup path to the CE before BGP has reconverged. The MPLS VPN--BGP Local Convergence feature is also referred to as "local protection." This document explains how to use PE-CE local convergence. For information on using BGP PIC Edge for BGP local convergence support, see BGP PIC Edge for IP and MPLS-VPN.
Finding Feature InformationYour software release may not support all the features documented in this module. For the latest feature information and caveats, see the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the Feature Information Table at the end of this document. Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required. Prerequisites for MPLS VPN--BGP Local Convergence
Restrictions for MPLS VPN--BGP Local Convergence
Information About MPLS VPN--BGP Local Convergence
How Link Failures Are Handled with BGPWithin a Layer 3 VPN network, the failure of a PE-CE link can cause a loss of connectivity (LoC) to a customer site, which is detrimental to time-sensitive applications. Several factors contribute to the duration of such an outage:
When BGP detects a PE-CE link failure, it removes all of the BGP paths through the failing link. BGP runs the best-path algorithm on the affected prefixes and selects alternate paths for each prefix. These new paths (which typically include a remote PE) are installed into forwarding. The local labels are removed and BGP withdrawals are sent to all BGP neighbors. As each BGP neighbor receives the withdrawal messages (typically indirectly using routereflectors), the best-path algorithm is called and the prefixes are switched to an alternate path. Only then is connectivity restored. How Links Are Handled with the MPLS VPN--BGP Local Convergence FeatureThe MPLS VPN--BGP Local Convergence feature requires that the prefixes to be protected on a PE-CE link have at least one backup path that does not include that link. (See the figure below.) The customer site must have backup paths to the provider site. The MPLS VPN--BGP Local Convergence feature reduces LoC time by sending the broken link's traffic over a backup path (as shown in the figure below) instead of waiting for total network convergence. The local label is maintained for 5 minutes while prefixes switch from the failing local path to the backup path. Because the label is not freed as had been the usual practice, forwarding continues to take place. The best-path algorithm selects the backup path. Thus, the local label has been applied in place of the failed BGP best-path label (which is sometimes called "label swapping"). Traffic is restored locally while the network propagation of the BGP withdrawal messages takes place. Eventually, the egress PE router converges and bypasses the local repair. How Link Failures Are DetectedLocal protection relies on BGP being notified of the interface failure. Detection can occur using either the interface drivers or the routing tables. If an interface or route goes down, the corresponding path in the routing table is removed and BGP will be notified using the routing application programming interfaces (APIs). However, when the routing table cannot detect the failure (as when a Layer 2 switch goes down), BGP determines that a neighbor is down through use of its hold-down timer. However, that determination can be extremely slow because of the 3-minute default for BGP session timeout. You can reduce the detection delay by either reducing the BGP session timeout interval (as described in the Configuring Internal BGP Features document) or by enabling the Bidirectional Forwarding Detection (BFD) protocol within eBGP between the PE and CE. For complete instructions to enable BFD, see the Bidirectional Forwarding Detection document. How to Enable MPLS VPN--BGP Local Convergence
Configuring MPLS VPN--BGP Local Convergence with IPv4
SUMMARY STEPS
DETAILED STEPS Configuring MPLS VPN--BGP Local Convergence with IPv6
SUMMARY STEPS
DETAILED STEPS ExamplesTo verify that local link protection has been enabled, enter the show ip vrf detail command. If the protection is enabled, the status message "Local prefix protection enabled" will be shown in the display:
Router# show ip vrf detail
VRF vpn1 (VRF Id = 1); default RD 100:1; default VPNID <not set>
Interfaces:
AT1/0/1.1
VRF Table ID = 1
Export VPN route-target communities
RT:100:1
Import VPN route-target communities
RT:100:1 RT:100:2
No import route-map
No export route-map
VRF label distribution protocol: not configured
VRF label allocation mode: per-prefix
Local prefix protection enabled
Troubleshooting Tips
Configuration Examples for MPLS VPN--BGP Local ConvergenceExample MPLS VPN--BGP Local ConvergenceThe following examples show how MPLS VPN--BGP local convergence can prevent traffic loss after a link failure. You can display a detailed view of local link protection before, during, and after BGP convergence by using the show bgp vpnv4 and show mpls forwarding-table vrf commands as shown in the following three-stage example.
Example 1: Before the Link FailureBoth a primary path and a backup path have been configured:
Router# show bgp vpnv4 unicast all 172.16.0.1
BGP routing table entry for 100:1:172.16.0.1/32, version 2
Paths: (2 available, best #2, table v1)
Flag: 0x820
Advertised to update-groups:
1
100, imported path from 100:2:172.16.0.1/32
172.16.0.6 (metric 21) from 172.16.0.7 (172.16.0.7)
Origin incomplete, metric 0, localpref 100, valid, internal
Extended Community: RT:100:0
Originator: 172.16.0.6, Cluster list: 172.16.0.7
mpls labels in/out 16/17
100
172.16.1.1 from 172.16.1.1 (172.16.0.1)
Origin incomplete, metric 0, localpref 100, valid, external, best
Extended Community: RT:100:0
mpls labels in/out 16/nolabel
BGP routing table entry for 100:2:172.16.0.1/32, version 9
Paths: (1 available, best #1, no table)
Flag: 0x820
Not advertised to any peer
100
172.16.0.6 (metric 21) from 172.16.0.7 (172.16.0.7)
Origin incomplete, metric 0, localpref 100, valid, internal, best
Extended Community: RT:100:0
Originator: 172.16.0.6, Cluster list: 172.16.0.7
mpls labels in/out nolabel/17
Label information for both paths can be displayed:
Router# show bgp vpnv4 unicast all labels
Network Next Hop In label/Out label
Route Distinguisher: 100:1 (v1)
172.16.0.1/32 172.16.0.6 16/17
172.16.1.1 16/nolabel
172.16.0.5/32 172.16.0.4 nolabel/23
172.16.0.22/32 0.0.0.0 17/nolabel(v1)
172.16.0.44/32 172.16.0.4 nolabel/24
172.16.0.66/32 172.16.0.6 nolabel/21
172.16.1.0/24 172.16.1.1 18/nolabel
0.0.0.0 18/nolabel(v1)
172.16.5.0/24 172.16.0.4 nolabel/25
172.16.8.0/24 172.16.0.6 19/23
172.16.1.1 19/nolabel
Route Distinguisher: 100:2
172.16.0.1/32 172.16.0.6 nolabel/17
172.16.0.66/32 172.16.0.6 nolabel/21
172.16.8.0/24 172.16.0.6 nolabel/23
The PE1 (see the first figure above) forwarding table contains BGP best-path information:
Router# show mpls forwarding-table vrf v1 172.16.0.1 detail
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
16 No Label 172.16.0.1/32[V] 570 Et0/0 172.16.1.1
MAC/Encaps=14/14, MRU=1504, Label Stack{}
AABBCC000B00AABBCC000C000800
VPN route: v1
No output feature configured
Example 2: After the Link Failure and Before BGP ConvergenceAfter the link failure on only one path, the backup path remains available (see the second figure above):
Router# show bgp vpnv4 unicast all 172.16.0.1
BGP routing table entry for 100:1:172.16.0.1/32, version 19
Paths: (1 available, best #1, table v1)
Not advertised to any peer
100, imported path from 100:2:172.16.0.1/32
172.16.0.6 (metric 21) from 172.16.0.7 (172.16.0.7)
Origin incomplete, metric 0, localpref 100, valid, internal, best
Extended Community: RT:100:0
Originator: 172.16.0.6, Cluster list: 172.16.0.7
mpls labels in/out 16/17
BGP routing table entry for 100:2:172.16.0.1/32, version 9
Paths: (1 available, best #1, no table)
Not advertised to any peer
100
172.16.0.6 (metric 21) from 172.16.0.7 (172.16.0.7)
Origin incomplete, metric 0, localpref 100, valid, internal, best
Extended Community: RT:100:0
Originator: 172.16.0.6, Cluster list: 172.16.0.7
mpls labels in/out nolabel/17
The label information for the backup path label can be displayed:
Router# show bgp vpnv4 unicast all labels
Network Next Hop In label/Out label
Route Distinguisher: 100:1 (v1)
172.16.0.1/32 172.16.0.6 16/17
172.16.0.5/32 172.16.0.4 nolabel/23
172.16.0.22/32 0.0.0.0 17/nolabel(v1)
172.16.0.44/32 172.16.0.4 nolabel/24
172.16.0.66/32 172.16.0.6 nolabel/21
172.16.1.0/24 172.16.0.6 nolabel/22
172.16.5.0/24 172.16.0.4 nolabel/25
172.16.8.0/24 172.16.0.6 19/23
Route Distinguisher: 100:2
172.16.0.1/32 172.16.0.6 nolabel/17
172.16.0.66/32 172.16.0.6 nolabel/21
172.16.1.0/24 172.16.0.6 nolabel/22
172.16.8.0/24 172.16.0.6 nolabel/23
The PE 1 (see the first figure above) forwarding table contains new label and next-hop information to direct traffic onto the backup path:
Router# show mpls forwarding-table vrf v1 172.16.0.1 detail
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
16 17 172.16.0.1/32[V] 0 Et1/0 172.16.3.2
MAC/Encaps=14/22, MRU=1496, Label Stack{21 17}
AABBCC000D00AABBCC000C018847 0001500000011000
VPN route: v1
No output feature configured
Example 3: After Local Label Expiration and BGP ReconvergenceBecause the local label preservation window has expired, the replacement local label is now gone from the PE 1 forwarding table information:
Router# show mpls forwarding-table vrf v1 172.16.0.1 detail
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
None 17 172.16.0.1/32[V] 0 Et1/0 172.16.3.2
MAC/Encaps=14/22, MRU=1496, Label Stack{21 17}
AABBCC000D00AABBCC000C018847 0001500000011000
VPN route: v1
No output feature configured
The new BGP information reverts to the configuration shown in the first figure above: Router# show bgp vpnv4 unicast all 172.16.0.1 BGP routing table entry for 100:1:172.16.0.1/32, version 23 Paths: (1 available, best #1, table v1) Not advertised to any peer 100, imported path from 100:2:172.16.0.1/32 172.16.0.6 (metric 21) from 172.16.0.7 (172.16.0.7) Origin incomplete, metric 0, localpref 100, valid, internal, best Extended Community: RT:100:0 Originator: 172.16.0.6, Cluster list: 172.16.0.7 mpls labels in/out nolabel/17 BGP routing table entry for 100:2:172.16.0.1/32, version 9 Paths: (1 available, best #1, no table) Not advertised to any peer 100 172.16.0.6 (metric 21) from 172.16.0.7 (172.16.0.7) Origin incomplete, metric 0, localpref 100, valid, internal, best Extended Community: RT:100:0 Originator: 172.16.0.6, Cluster list: 172.16.0.7 mpls labels in/out nolabel/17 Router# show bgp vpnv4 unicast all labels Network Next Hop In label/Out label Route Distinguisher: 100:1 (v1) 172.16.0.1/32 172.16.0.6 nolabel/17 172.16.0.5/32 172.16.0.4 nolabel/23 172.16.0.22/32 0.0.0.0 17/nolabel(v1) 172.16.0.44/32 172.16.0.4 nolabel/24 172.16.0.66/32 172.16.0.6 nolabel/21 172.16.1.0/24 172.16.0.6 nolabel/22 172.16.5.0/24 172.16.0.4 nolabel/25 172.16.8.0/24 172.16.0.6 nolabel/23 Route Distinguisher: 100:2 172.16.0.1/32 172.16.0.6 nolabel/17 172.16.0.66/32 172.16.0.6 nolabel/21 172.16.1.0/24 172.16.0.6 nolabel/22 172.16.8.0/24 172.16.0.6 nolabel/23 Example MPLS VPN--BGP Local Convergence for 6VPE 6PEYou can display a detailed view of local link protection before, during, and after BGP local convergence for Cisco IOS VPN IPv6 provider edge routers (6VPE) and Cisco IOS IPv6 provider edge routers (6PE) over MPLS by using the show bgp vpnv6 and show mpls forwarding-table vrf commands as shown in the following three-stage example. The figure below shows an MPLS VPN with BGP local convergence configured. The PE to CE routing protocol is eBGP, and the PE to route reflector (RR) sessions are BGP VPNv6. The protected prefix is the CE 1 loopback (2001:0DB8::/128). The primary path is from PE 1 to CE 1. The secondary path is from PE 1, through P and PE3, to CE 1. Example 1: Before the Link FailureBoth a primary path and a backup path have been configured for the prefix 2001:0DB8::/128. The inlabel/outlabel settings for the two paths are 28/28 and 28/nolabel.
Router# show bgp vpnv6 unicast all 2001:0DB8::/128
BGP routing table entry for [1:1]2001:0DB8::/128, version 5
Paths: (2 available, best #2, table v1)
Advertised to update-groups:
2
100, imported path from [2:2]2001:0DB8::/128
::FFFF:10.6.6.6 (metric 21) from 10.7.7.7 (10.7.7.7)
Origin incomplete, metric 0, localpref 100, valid, internal
Extended Community: RT:1:1
Originator: 10.6.6.6, Cluster list: 10.7.7.7
mpls labels in/out 28/28
100
2001:0DB8:0:ABCD::1 (FE80::A8BB:CCFF:FE00:B00) from 2001:0DB8:0:ABCD::1 (10.1.1.1)
Origin incomplete, metric 0, localpref 100, valid, external, best
Extended Community: RT:1:1
mpls labels in/out 28/nolabel
BGP routing table entry for [2:2]2001:0DB8::/128, version 11
Paths: (1 available, best #1, no table)
Not advertised to any peer
100
::FFFF:10.6.6.6 (metric 21) from 10.7.7.7 (10.7.7.7)
Origin incomplete, metric 0, localpref 100, valid, internal, best
Extended Community: RT:1:1
Originator: 10.6.6.6, Cluster list: 10.7.7.7
mpls labels in/out nolabel/28
The PE 1 forwarding table contains new label and next-hop information to direct traffic onto the backup path: Router# show mpls forwarding-table vrf v1 2001:0DB8::/128 detail Local Outgoing Prefix Bytes Label Outgoing Next Hop Label Label or Tunnel Id Switched interface 28 No Label 2001:0DB8::/128[V] 804 Et0/0 FE80::A8BB:CCFF:FE00:B00 MAC/Encaps=14/14, MRU=1504, Label Stack{} AABBCC000B00AABBCC000C0086DD VPN route: v1 No output feature configured Example 2: After the Link FailureAfter the link failure, the backup path is still available, the original path is removed from BGP, and the backup path is activated:
Router# show mpls forwarding-table vrf v1 2001:0DB8::/128 detail
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
28 28 2001:0DB8::/128[V] 0 Et1/0 10.3.0.2
MAC/Encaps=14/22, MRU=1496, Label Stack{23 28}
AABBCC000D00AABBCC000C018847 000170000001C000
VPN route: v1
No output feature configured
After a configured length of time, the local label expires. The output from the show mpls forwarding-tablecommand also verifies that the local label has expired:
Router# show mpls forwarding-table vrf v1 2001:0DB8::/128 detail
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
None 28 2001:0DB8::/128[V] 0 Et1/0 10.3.0.2
MAC/Encaps=14/22, MRU=1496, Label Stack{23 28}
AABBCC000D00AABBCC000C018847 000170000001C000
VPN route: v1
No output feature configured
Example 3: After the Link Is Restored
When the link is restored the original path is added to BGP and the traffic switches back to this path: Router# show bgp vpnv6 unicast all 2001:0DB8::/128 BGP routing table entry for [1:1]2001:0DB8::/128, version 28 Paths: (2 available, best #1, table v1) Advertised to update-groups: 2 100 2001:0DB8:0:ABCD::1 (FE80::A8BB:CCFF:FE00:B00) from 2001:0DB8:0:ABCD::1 (10.1.1.1) Origin incomplete, metric 0, localpref 100, valid, external, best Extended Community: RT:1:1 mpls labels in/out 16/nolabel 100, imported path from [2:2]2001:0DB8::/128 ::FFFF:10.6.6.6 (metric 21) from 10.7.7.7 (10.7.7.7) Origin incomplete, metric 0, localpref 100, valid, internal Extended Community: RT:1:1 Originator: 10.6.6.6, Cluster list: 10.7.7.7 mpls labels in/out 16/28 BGP routing table entry for [2:2]2001:0DB8::/128, version 11 Paths: (1 available, best #1, no table) Not advertised to any peer 100 ::FFFF:10.6.6.6 (metric 21) from 10.7.7.7 (10.7.7.7) Origin incomplete, metric 0, localpref 100, valid, internal, best Extended Community: RT:1:1 Originator: 10.6.6.6, Cluster list: 10.7.7.7 mpls labels in/out nolabel/28 Router# show mpls for vrf v1 2001:0DB8::/128 detail Local Outgoing Prefix Bytes Label Outgoing Next Hop Label Label or Tunnel Id Switched interface 16 No Label 2001:0DB8::/128[V] 0 Et0/0 FE80::A8BB:CCFF:FE00:B00 MAC/Encaps=14/14, MRU=1504, Label Stack{} AABBCC000B00AABBCC000C0086DD VPN route: v1 No output feature configured Additional ReferencesRelated Documents
MIBsTechnical Assistance
Feature Information for MPLS VPN--BGP Local ConvergenceThe following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature. Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R) Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental. © 2012 Cisco Systems, Inc. All rights reserved.
|
||||||||||||||||||||||||||||||||||