BGP Route Refresh and Soft-Reconfiguration for Inbound Policy Update

Whenever there is a change in routing policy, the BGP session must be reset (cleared) for the new policy to take effect and the routing table  to be configured. Using a hard reset to clear a BGP session causes cache invalidation and results in a negative impact on network.

We can use the following three methods to reset the BGP session:
  1. Hard reset: dropping and re-establishing TCP session to our peers.
  2. Dynamic Soft reset: uses the route-refresh capability to request all NLRI be sent again.
  3. Soft reset using stored information: uses the unmodified and unfiltered stored updates.

Hard Reset
Using a hard reset to clear a BGP session causes cache invalidation and results in a negative impact on network. By clearing the BGP sessions using this method, BGP process drops all the BGP peers and re-establishes the TCP session followed by Open message which makes the neighbor to send all the NLRIs again. This method is not recomended and should only be used if other soft reset methods fail. Hard reset can be done by the following command:
#clear ip bgp 192.0.2.1
*Mar  1 00:54:34.491: %BGP-5-ADJCHANGE: neighbor 192.0.2.1 Down User reset
*Mar  1 00:54:37.083: %BGP-5-ADJCHANGE: neighbor 192.0.2.1 Up


Dynamic Soft Reset
BGP dynamic soft reset is the most widely used and recommended method for requesting all NLRI from the BGP peer. This method requires that the peer supports the route refresh capability. In this method, we request the BGP peer to send all the NLRI again which can be used to process our new inbound policies.

Dynamic route refresh features:
  • Does not require pre-configuration.
  • Does not require additional memory for storing routing update information.
To verify the BGP peer's capabilities, use the following command:
 #sh ip bgp neighbors 192.0.2.1 | s capabilities
  Neighbor capabilities:
    Route refresh: advertised and received(old & new)
    Address family IPv4 Unicast: advertised and received
 To perform dynamic route refresh to apply inbound policies, use the following command:
#clear ip bgp 192.0.2.1 in
*Mar  1 02:34:04.491: BGP: 192.0.2.1 sending REFRESH_REQ(5) for afi/safi: 1/1
*Mar  1 02:34:04.495: BGP: 192.0.2.1 send message type 5, length (incl. header) 23


or

#clear ip bgp 192.0.2.1 soft in
*Mar  1 02:34:40.471: BGP: 192.0.2.1 sending REFRESH_REQ(5) for afi/safi: 1/1
*Mar  1 02:34:40.475: BGP: 192.0.2.1 send message type 5, length (incl. header) 23
 Both of the above commands perform the same function and requests the BGP peer to resend all NLRI.


Soft Reset using Stored information
Before going ahead, first let's understand how BGP routes are propagated into the BGP table, and out to a BGP speaker.  The process is

Adj-RIB-In —> Loc-RIB —> Adj-RIB-Out

Adj-RIB-In: The Adj-RIBs-In contains unprocessed routing information that has been advertised to the local BGP speaker by its peers.
Loc-RIB: The Loc-RIB contains the routes that have been selected by the local BGP speaker's Decision Process.
Adj-RIB-Out: The Adj-RIBs-Out contains the routes for advertisement to specific peers by means of the local speaker's UPDATE messages. This is actually just a pointer back to the record in the Loc-RIB.

If  soft-reconfiguration inbound is configured, the router stores a copy of all unprocessed updates received by its peers for future use, otherwise this table is discarded after putting the routes in Loc-RIB. BGP soft-reconfiguration inbound can be configured by following command:
neighbor 192.0.2.1 soft-reconfiguration inbound

 The contents of Adj-RIB-In can be seen by using the following command:
 #show ip bgp neighbors x.x.x.x received-routes
 example:
Adj-RIB-In
If the soft-reconfiguration inbound is not configured for a neighbor, an error is displayed when we try to view the received-routes. This is just because the Adj-RIB-In table is discarded after processing the routes from it and building the Loc-RIB.
#show ip bgp neighbors 192.0.2.5 received-routes
% Inbound soft reconfiguration not enabled on 192.0.2.5

 To view the contents of Loc-RIB table from a specific neighbor, issue the following command:
#show ip bgp neighbors x.x.x.x routes
 example:
Loc-RIB

To view the contents of Adj-RIB-Out table, the following command can be used. Note that there is no such actual table stored in memory, this is actually just a pointer back to the record in the Loc-RIB.
#show ip bgp neighbors 192.0.2.1 advertised-routes
 example:
Adj-RIB-Out

To reset the BGP using Soft Reset using Stored Information, the following commands can be used:
#clear ip bgp 192.0.2.1 soft in

or

#clear ip bgp 192.0.2.1 in
 example:

Note that BGP session reset using Dynamic route-refresh capability and Soft Reset using Stored Information are mutually exclusive. If soft-reconfiguration inbound is configured, BGP will always refresh the routes using the stored information in Adj-RIB-In instead of requesting updates from its peers.
Before configuring the soft-reconfiguration inbound for neighbors, consider the memory requirement. Because huge amount of memory might be required to store whole internet routing table for multiple neighbors.


Comments

Post a Comment

Popular posts from this blog

Specifying SSH port in Ansible Inventory

Ansible-Playbook to display output of multiple show commands (using stdout_lines with Loop)

Filtering Routes in BGP using Route-maps and Prefix-list

Ansible Playbook for Network OS Upgrade with pre and post checks

Bypassing Proxy Server in Google Chrome

VMware NSX Traffic Flow — East-West & North-South

Ansible-playbook for backing up running config of Cisco IOS

Export or Backup Azure Network Security Groups into CSV using PowerShell