Juniper BGP Convergence Time
Hello: I'm running two Juniper MX104s. Each MX has 1 ISP connected running BGP(full routes). iBGP is running between the routers via a two port 20G lag. When one of the ISPs fails, it can take upwards of 2 minutes for traffic to start flowing correctly. The router has the correct route in the routing table, but it doesn't install it in the forwarding table for the full two mins. I have a few questions if anyone could answer them. - What would a usual convergence time be for this setup? - Is there anything I could do speed this process up? (I tried Multipath) - Any tips and tricks would be much appreciated Thanks in Advance -- Adam Kajtar Systems Administrator City of Wadsworth akajtar@wadsworthcity.org ----------------------------------------------------- http://www.wadsworthcity.com Facebook <http://www.facebook.com/cityofwadsworth>* |* Twitter <https://twitter.com/CityOfWadsworth> *|* Instagram <https://www.instagram.com/cityofwadsworth/> *|* YouTube <https://www.youtube.com/channel/UCymlH-AZgvxTaHtgp3-AmDQ>
The MX104 has a notoriously slow PPC-based RE unfortunately. Josh On Tue, May 15, 2018 at 10:10 AM, Adam Kajtar <akajtar@wadsworthcity.org> wrote:
Hello:
I'm running two Juniper MX104s. Each MX has 1 ISP connected running BGP(full routes). iBGP is running between the routers via a two port 20G lag. When one of the ISPs fails, it can take upwards of 2 minutes for traffic to start flowing correctly. The router has the correct route in the routing table, but it doesn't install it in the forwarding table for the full two mins.
I have a few questions if anyone could answer them.
- What would a usual convergence time be for this setup? - Is there anything I could do speed this process up? (I tried Multipath) - Any tips and tricks would be much appreciated
Thanks in Advance -- Adam Kajtar Systems Administrator City of Wadsworth akajtar@wadsworthcity.org ----------------------------------------------------- http://www.wadsworthcity.com
Facebook <http://www.facebook.com/cityofwadsworth>* |* Twitter <https://twitter.com/CityOfWadsworth> *|* Instagram <https://www.instagram.com/cityofwadsworth/> *|* YouTube <https://www.youtube.com/channel/UCymlH-AZgvxTaHtgp3-AmDQ>
That's true. But are you using per-packet load balance policy in your configuration? ________________________________ From: NANOG <nanog-bounces@nanog.org> on behalf of Josh Baird <joshbaird@gmail.com> Sent: Tuesday, May 15, 2018 5:56 PM To: Adam Kajtar Cc: nanog@nanog.org Subject: Re: Juniper BGP Convergence Time The MX104 has a notoriously slow PPC-based RE unfortunately. Josh On Tue, May 15, 2018 at 10:10 AM, Adam Kajtar <akajtar@wadsworthcity.org> wrote:
Hello:
I'm running two Juniper MX104s. Each MX has 1 ISP connected running BGP(full routes). iBGP is running between the routers via a two port 20G lag. When one of the ISPs fails, it can take upwards of 2 minutes for traffic to start flowing correctly. The router has the correct route in the routing table, but it doesn't install it in the forwarding table for the full two mins.
I have a few questions if anyone could answer them.
- What would a usual convergence time be for this setup? - Is there anything I could do speed this process up? (I tried Multipath) - Any tips and tricks would be much appreciated
Thanks in Advance -- Adam Kajtar Systems Administrator City of Wadsworth akajtar@wadsworthcity.org ----------------------------------------------------- http://www.wadsworthcity.com Wadsworth, OH | Official Website<http://www.wadsworthcity.com/> www.wadsworthcity.com Starting in February, the City of Wadsworth will be replacing water lines on both the north and south sides of Broad Street, between North Lyman and Summit Street.
Facebook <http://www.facebook.com/cityofwadsworth>* |* Twitter <https://twitter.com/CityOfWadsworth> *|* Instagram <https://www.instagram.com/cityofwadsworth/> *|* YouTube <https://www.youtube.com/channel/UCymlH-AZgvxTaHtgp3-AmDQ>
On 15 May 2018 at 07:10, Adam Kajtar <akajtar@wadsworthcity.org> wrote:
Hello:
I'm running two Juniper MX104s. Each MX has 1 ISP connected running BGP(full routes). iBGP is running between the routers via a two port 20G lag. When one of the ISPs fails, it can take upwards of 2 minutes for traffic to start flowing correctly. The router has the correct route in the routing table, but it doesn't install it in the forwarding table for the full two mins.
I have a few questions if anyone could answer them.
- What would a usual convergence time be for this setup?
With MX104, between 50 seconds and many minutes. The RE is not really dimensioned for full tables, unfortunately. - Is there anything I could do speed this process up? (I tried Multipath)
Covering floating static route.
- Any tips and tricks would be much appreciated
Thanks in Advance -- Adam Kajtar Systems Administrator City of Wadsworth akajtar@wadsworthcity.org ----------------------------------------------------- http://www.wadsworthcity.com
Facebook <http://www.facebook.com/cityofwadsworth>* |* Twitter <https://twitter.com/CityOfWadsworth> *|* Instagram <https://www.instagram.com/cityofwadsworth/> *|* YouTube <https://www.youtube.com/channel/UCymlH-AZgvxTaHtgp3-AmDQ>
You sure it doesn't have something to do with 60 seconds * 3 = 180 secs of BGP neighbor Time out before it believes neighbor is dead and remove routes to that neighbor? Aaron
On May 15, 2018, at 9:10 AM, Adam Kajtar <akajtar@wadsworthcity.org> wrote:
Hello:
I'm running two Juniper MX104s. Each MX has 1 ISP connected running BGP(full routes). iBGP is running between the routers via a two port 20G lag. When one of the ISPs fails, it can take upwards of 2 minutes for traffic to start flowing correctly. The router has the correct route in the routing table, but it doesn't install it in the forwarding table for the full two mins.
I have a few questions if anyone could answer them.
- What would a usual convergence time be for this setup? - Is there anything I could do speed this process up? (I tried Multipath) - Any tips and tricks would be much appreciated
Thanks in Advance -- Adam Kajtar Systems Administrator City of Wadsworth akajtar@wadsworthcity.org ----------------------------------------------------- http://www.wadsworthcity.com
Facebook <http://www.facebook.com/cityofwadsworth>* |* Twitter <https://twitter.com/CityOfWadsworth> *|* Instagram <https://www.instagram.com/cityofwadsworth/> *|* YouTube <https://www.youtube.com/channel/UCymlH-AZgvxTaHtgp3-AmDQ>
Do you need full routes? What about just a default route from BGP? Erich Kaiser The Fusion Network erich@gotfusion.net Office: 815-570-3101 On Tue, May 15, 2018 at 5:38 PM, Aaron Gould <aaron1@gvtc.com> wrote:
You sure it doesn't have something to do with 60 seconds * 3 = 180 secs of BGP neighbor Time out before it believes neighbor is dead and remove routes to that neighbor?
Aaron
On May 15, 2018, at 9:10 AM, Adam Kajtar <akajtar@wadsworthcity.org> wrote:
Hello:
I'm running two Juniper MX104s. Each MX has 1 ISP connected running BGP(full routes). iBGP is running between the routers via a two port 20G lag. When one of the ISPs fails, it can take upwards of 2 minutes for traffic to start flowing correctly. The router has the correct route in the routing table, but it doesn't install it in the forwarding table for the full two mins.
I have a few questions if anyone could answer them.
- What would a usual convergence time be for this setup? - Is there anything I could do speed this process up? (I tried Multipath) - Any tips and tricks would be much appreciated
Thanks in Advance -- Adam Kajtar Systems Administrator City of Wadsworth akajtar@wadsworthcity.org ----------------------------------------------------- http://www.wadsworthcity.com
Facebook <http://www.facebook.com/cityofwadsworth>* |* Twitter <https://twitter.com/CityOfWadsworth> *|* Instagram <https://www.instagram.com/cityofwadsworth/> *|* YouTube <https://www.youtube.com/channel/UCymlH-AZgvxTaHtgp3-AmDQ>
Have you checked your timeouts ? -Ben
On May 15, 2018, at 4:09 PM, Kaiser, Erich <erich@gotfusion.net> wrote:
Do you need full routes? What about just a default route from BGP?
Erich Kaiser The Fusion Network erich@gotfusion.net Office: 815-570-3101
On Tue, May 15, 2018 at 5:38 PM, Aaron Gould <aaron1@gvtc.com> wrote:
You sure it doesn't have something to do with 60 seconds * 3 = 180 secs of BGP neighbor Time out before it believes neighbor is dead and remove routes to that neighbor?
Aaron
On May 15, 2018, at 9:10 AM, Adam Kajtar <akajtar@wadsworthcity.org> wrote:
Hello:
I'm running two Juniper MX104s. Each MX has 1 ISP connected running BGP(full routes). iBGP is running between the routers via a two port 20G lag. When one of the ISPs fails, it can take upwards of 2 minutes for traffic to start flowing correctly. The router has the correct route in the routing table, but it doesn't install it in the forwarding table for the full two mins.
I have a few questions if anyone could answer them.
- What would a usual convergence time be for this setup? - Is there anything I could do speed this process up? (I tried Multipath) - Any tips and tricks would be much appreciated
Thanks in Advance -- Adam Kajtar Systems Administrator City of Wadsworth akajtar@wadsworthcity.org ----------------------------------------------------- http://www.wadsworthcity.com
Facebook <http://www.facebook.com/cityofwadsworth>* |* Twitter <https://twitter.com/CityOfWadsworth> *|* Instagram <https://www.instagram.com/cityofwadsworth/> *|* YouTube <https://www.youtube.com/channel/UCymlH-AZgvxTaHtgp3-AmDQ>
I could use static routes but I noticed since I moved to full routes I have had a lot fewer customer complaints about latency(especially when it comes to Voice and VPN traffic). I wasn't using per-packet load balancing. I believe juniper default is per IP. My timers are as follows Active Holdtime: 90 Keepalive Interval: 30 Would I be correct in thinking I need to contact my ISP to lower these values? An interesting note is when I had both ISPs connected into a single MX104 the failover was just a few seconds. Thanks again. On Tue, May 15, 2018 at 8:42 PM Ben Cannon <ben@6by7.net> wrote:
Have you checked your timeouts ?
-Ben
On May 15, 2018, at 4:09 PM, Kaiser, Erich <erich@gotfusion.net> wrote:
Do you need full routes? What about just a default route from BGP?
Erich Kaiser The Fusion Network erich@gotfusion.net Office: 815-570-3101
On Tue, May 15, 2018 at 5:38 PM, Aaron Gould <aaron1@gvtc.com> wrote:
You sure it doesn't have something to do with 60 seconds * 3 = 180 secs of BGP neighbor Time out before it believes neighbor is dead and remove routes to that neighbor?
Aaron
On May 15, 2018, at 9:10 AM, Adam Kajtar <akajtar@wadsworthcity.org> wrote:
Hello:
I'm running two Juniper MX104s. Each MX has 1 ISP connected running BGP(full routes). iBGP is running between the routers via a two port 20G lag. When one of the ISPs fails, it can take upwards of 2 minutes for traffic to start flowing correctly. The router has the correct route in the routing table, but it doesn't install it in the forwarding table for the full two mins.
I have a few questions if anyone could answer them.
- What would a usual convergence time be for this setup? - Is there anything I could do speed this process up? (I tried Multipath) - Any tips and tricks would be much appreciated
Thanks in Advance -- Adam Kajtar Systems Administrator City of Wadsworth akajtar@wadsworthcity.org ----------------------------------------------------- http://www.wadsworthcity.com
Facebook <http://www.facebook.com/cityofwadsworth>* |* Twitter <https://twitter.com/CityOfWadsworth> *|* Instagram <https://www.instagram.com/cityofwadsworth/> *|* YouTube <https://www.youtube.com/channel/UCymlH-AZgvxTaHtgp3-AmDQ>
-- Adam Kajtar Systems Administrator, Safety Services City of Wadsworth Office 330.335.2865 Cell 330.485.6510 akajtar@wadsworthcity.org ----------------------------------------------------- http://www.wadsworthcity.com Facebook <http://www.facebook.com/cityofwadsworth>* |* Twitter <https://twitter.com/CityOfWadsworth> *|* Instagram <https://www.instagram.com/cityofwadsworth/> *|* YouTube <https://www.youtube.com/channel/UCymlH-AZgvxTaHtgp3-AmDQ>
A last resort route (default route) could still be good to take from your ISP(s) even if you still do full routes, as the propagation is happening on the internet side, you should at least have a path inbound through the other provider. The default route at least would send the traffic out if it does not see the route locally. Just an idea. On Wed, May 16, 2018 at 8:22 AM, Adam Kajtar <akajtar@wadsworthcity.org> wrote:
I could use static routes but I noticed since I moved to full routes I have had a lot fewer customer complaints about latency(especially when it comes to Voice and VPN traffic).
I wasn't using per-packet load balancing. I believe juniper default is per IP.
My timers are as follows Active Holdtime: 90 Keepalive Interval: 30
Would I be correct in thinking I need to contact my ISP to lower these values?
An interesting note is when I had both ISPs connected into a single MX104 the failover was just a few seconds.
Thanks again.
On Tue, May 15, 2018 at 8:42 PM Ben Cannon <ben@6by7.net> wrote:
Have you checked your timeouts ?
-Ben
On May 15, 2018, at 4:09 PM, Kaiser, Erich <erich@gotfusion.net> wrote:
Do you need full routes? What about just a default route from BGP?
Erich Kaiser The Fusion Network erich@gotfusion.net Office: 815-570-3101
On Tue, May 15, 2018 at 5:38 PM, Aaron Gould <aaron1@gvtc.com> wrote:
You sure it doesn't have something to do with 60 seconds * 3 = 180 secs of BGP neighbor Time out before it believes neighbor is dead and remove routes to that neighbor?
Aaron
On May 15, 2018, at 9:10 AM, Adam Kajtar <akajtar@wadsworthcity.org> wrote:
Hello:
I'm running two Juniper MX104s. Each MX has 1 ISP connected running BGP(full routes). iBGP is running between the routers via a two port 20G lag. When one of the ISPs fails, it can take upwards of 2 minutes for traffic to start flowing correctly. The router has the correct route in the routing table, but it doesn't install it in the forwarding table for the full two mins.
I have a few questions if anyone could answer them.
- What would a usual convergence time be for this setup? - Is there anything I could do speed this process up? (I tried Multipath) - Any tips and tricks would be much appreciated
Thanks in Advance -- Adam Kajtar Systems Administrator City of Wadsworth akajtar@wadsworthcity.org ----------------------------------------------------- http://www.wadsworthcity.com
Facebook <http://www.facebook.com/cityofwadsworth>* |* Twitter <https://twitter.com/CityOfWadsworth> *|* Instagram <https://www.instagram.com/cityofwadsworth/> *|* YouTube <https://www.youtube.com/channel/UCymlH-AZgvxTaHtgp3-AmDQ>
-- Adam Kajtar Systems Administrator, Safety Services City of Wadsworth Office 330.335.2865 Cell 330.485.6510 akajtar@wadsworthcity.org ----------------------------------------------------- http://www.wadsworthcity.com
Facebook <http://www.facebook.com/cityofwadsworth>* |* Twitter <https://twitter.com/CityOfWadsworth> *|* Instagram <https://www.instagram.com/cityofwadsworth/> *|* YouTube <https://www.youtube.com/channel/UCymlH-AZgvxTaHtgp3-AmDQ>
Erich, Good Idea. I can't believe I didn't think of that earlier. Simple and effective. I will go ahead and request the defaults from my ISP and update the thread of the findings. Thanks! On Wed, May 16, 2018 at 10:03 AM Kaiser, Erich <erich@gotfusion.net> wrote:
A last resort route (default route) could still be good to take from your ISP(s) even if you still do full routes, as the propagation is happening on the internet side, you should at least have a path inbound through the other provider. The default route at least would send the traffic out if it does not see the route locally. Just an idea.
On Wed, May 16, 2018 at 8:22 AM, Adam Kajtar <akajtar@wadsworthcity.org> wrote:
I could use static routes but I noticed since I moved to full routes I have had a lot fewer customer complaints about latency(especially when it comes to Voice and VPN traffic).
I wasn't using per-packet load balancing. I believe juniper default is per IP.
My timers are as follows Active Holdtime: 90 Keepalive Interval: 30
Would I be correct in thinking I need to contact my ISP to lower these values?
An interesting note is when I had both ISPs connected into a single MX104 the failover was just a few seconds.
Thanks again.
On Tue, May 15, 2018 at 8:42 PM Ben Cannon <ben@6by7.net> wrote:
Have you checked your timeouts ?
-Ben
On May 15, 2018, at 4:09 PM, Kaiser, Erich <erich@gotfusion.net> wrote:
Do you need full routes? What about just a default route from BGP?
Erich Kaiser The Fusion Network erich@gotfusion.net Office: 815-570-3101
On Tue, May 15, 2018 at 5:38 PM, Aaron Gould <aaron1@gvtc.com> wrote:
You sure it doesn't have something to do with 60 seconds * 3 = 180 secs of BGP neighbor Time out before it believes neighbor is dead and remove routes to that neighbor?
Aaron
On May 15, 2018, at 9:10 AM, Adam Kajtar <akajtar@wadsworthcity.org
wrote:
Hello:
I'm running two Juniper MX104s. Each MX has 1 ISP connected running BGP(full routes). iBGP is running between the routers via a two port
lag. When one of the ISPs fails, it can take upwards of 2 minutes for traffic to start flowing correctly. The router has the correct route in
routing table, but it doesn't install it in the forwarding table for
20G the the
full two mins.
I have a few questions if anyone could answer them.
- What would a usual convergence time be for this setup? - Is there anything I could do speed this process up? (I tried Multipath) - Any tips and tricks would be much appreciated
Thanks in Advance -- Adam Kajtar Systems Administrator City of Wadsworth akajtar@wadsworthcity.org ----------------------------------------------------- http://www.wadsworthcity.com
Facebook <http://www.facebook.com/cityofwadsworth>* |* Twitter <https://twitter.com/CityOfWadsworth> *|* Instagram <https://www.instagram.com/cityofwadsworth/> *|* YouTube <https://www.youtube.com/channel/UCymlH-AZgvxTaHtgp3-AmDQ>
-- Adam Kajtar Systems Administrator, Safety Services City of Wadsworth Office 330.335.2865 Cell 330.485.6510 akajtar@wadsworthcity.org ----------------------------------------------------- http://www.wadsworthcity.com
Facebook <http://www.facebook.com/cityofwadsworth>* |* Twitter <https://twitter.com/CityOfWadsworth> *|* Instagram <https://www.instagram.com/cityofwadsworth/> *|* YouTube <https://www.youtube.com/channel/UCymlH-AZgvxTaHtgp3-AmDQ>
-- Adam Kajtar Systems Administrator, Safety Services City of Wadsworth Office 330.335.2865 Cell 330.485.6510 akajtar@wadsworthcity.org ----------------------------------------------------- http://www.wadsworthcity.com Facebook <http://www.facebook.com/cityofwadsworth>* |* Twitter <https://twitter.com/CityOfWadsworth> *|* Instagram <https://www.instagram.com/cityofwadsworth/> *|* YouTube <https://www.youtube.com/channel/UCymlH-AZgvxTaHtgp3-AmDQ>
Just be aware of the impact a default route can have on your infrastructure, such as uRPF no longer works as expected as everything has a valid route. ----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest-IX http://www.midwest-ix.com ----- Original Message ----- From: "Adam Kajtar" <akajtar@wadsworthcity.org> To: erich@gotfusion.net Cc: nanog@nanog.org Sent: Wednesday, May 16, 2018 9:32:27 AM Subject: Re: Juniper BGP Convergence Time Erich, Good Idea. I can't believe I didn't think of that earlier. Simple and effective. I will go ahead and request the defaults from my ISP and update the thread of the findings. Thanks! On Wed, May 16, 2018 at 10:03 AM Kaiser, Erich <erich@gotfusion.net> wrote:
A last resort route (default route) could still be good to take from your ISP(s) even if you still do full routes, as the propagation is happening on the internet side, you should at least have a path inbound through the other provider. The default route at least would send the traffic out if it does not see the route locally. Just an idea.
On Wed, May 16, 2018 at 8:22 AM, Adam Kajtar <akajtar@wadsworthcity.org> wrote:
I could use static routes but I noticed since I moved to full routes I have had a lot fewer customer complaints about latency(especially when it comes to Voice and VPN traffic).
I wasn't using per-packet load balancing. I believe juniper default is per IP.
My timers are as follows Active Holdtime: 90 Keepalive Interval: 30
Would I be correct in thinking I need to contact my ISP to lower these values?
An interesting note is when I had both ISPs connected into a single MX104 the failover was just a few seconds.
Thanks again.
On Tue, May 15, 2018 at 8:42 PM Ben Cannon <ben@6by7.net> wrote:
Have you checked your timeouts ?
-Ben
On May 15, 2018, at 4:09 PM, Kaiser, Erich <erich@gotfusion.net> wrote:
Do you need full routes? What about just a default route from BGP?
Erich Kaiser The Fusion Network erich@gotfusion.net Office: 815-570-3101
On Tue, May 15, 2018 at 5:38 PM, Aaron Gould <aaron1@gvtc.com> wrote:
You sure it doesn't have something to do with 60 seconds * 3 = 180 secs of BGP neighbor Time out before it believes neighbor is dead and remove routes to that neighbor?
Aaron
On May 15, 2018, at 9:10 AM, Adam Kajtar <akajtar@wadsworthcity.org
wrote:
Hello:
I'm running two Juniper MX104s. Each MX has 1 ISP connected running BGP(full routes). iBGP is running between the routers via a two port
lag. When one of the ISPs fails, it can take upwards of 2 minutes for traffic to start flowing correctly. The router has the correct route in
routing table, but it doesn't install it in the forwarding table for
20G the the
full two mins.
I have a few questions if anyone could answer them.
- What would a usual convergence time be for this setup? - Is there anything I could do speed this process up? (I tried Multipath) - Any tips and tricks would be much appreciated
Thanks in Advance -- Adam Kajtar Systems Administrator City of Wadsworth akajtar@wadsworthcity.org ----------------------------------------------------- http://www.wadsworthcity.com
Facebook <http://www.facebook.com/cityofwadsworth>* |* Twitter <https://twitter.com/CityOfWadsworth> *|* Instagram <https://www.instagram.com/cityofwadsworth/> *|* YouTube <https://www.youtube.com/channel/UCymlH-AZgvxTaHtgp3-AmDQ>
-- Adam Kajtar Systems Administrator, Safety Services City of Wadsworth Office 330.335.2865 Cell 330.485.6510 akajtar@wadsworthcity.org ----------------------------------------------------- http://www.wadsworthcity.com
Facebook <http://www.facebook.com/cityofwadsworth>* |* Twitter <https://twitter.com/CityOfWadsworth> *|* Instagram <https://www.instagram.com/cityofwadsworth/> *|* YouTube <https://www.youtube.com/channel/UCymlH-AZgvxTaHtgp3-AmDQ>
-- Adam Kajtar Systems Administrator, Safety Services City of Wadsworth Office 330.335.2865 Cell 330.485.6510 akajtar@wadsworthcity.org ----------------------------------------------------- http://www.wadsworthcity.com Facebook <http://www.facebook.com/cityofwadsworth>* |* Twitter <https://twitter.com/CityOfWadsworth> *|* Instagram <https://www.instagram.com/cityofwadsworth/> *|* YouTube <https://www.youtube.com/channel/UCymlH-AZgvxTaHtgp3-AmDQ>
Thomas, Thanks for the info. This is probably why my multipath configuration wasn't working as I thought it would. I will give this a test run also. Mike, Interesting thought. This would mean rpf-check wouldn't work on my outside interfaces. Good to know. On Thu, May 17, 2018 at 8:55 AM Mike Hammett <nanog@ics-il.net> wrote:
Just be aware of the impact a default route can have on your infrastructure, such as uRPF no longer works as expected as everything has a valid route.
----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com
Midwest-IX http://www.midwest-ix.com
------------------------------ *From: *"Adam Kajtar" <akajtar@wadsworthcity.org> *To: *erich@gotfusion.net *Cc: *nanog@nanog.org *Sent: *Wednesday, May 16, 2018 9:32:27 AM *Subject: *Re: Juniper BGP Convergence Time
Erich,
Good Idea. I can't believe I didn't think of that earlier. Simple and effective. I will go ahead and request the defaults from my ISP and update the thread of the findings.
Thanks!
On Wed, May 16, 2018 at 10:03 AM Kaiser, Erich <erich@gotfusion.net> wrote:
A last resort route (default route) could still be good to take from your ISP(s) even if you still do full routes, as the propagation is happening on the internet side, you should at least have a path inbound through the other provider. The default route at least would send the traffic out if it does not see the route locally. Just an idea.
On Wed, May 16, 2018 at 8:22 AM, Adam Kajtar <akajtar@wadsworthcity.org> wrote:
I could use static routes but I noticed since I moved to full routes I have had a lot fewer customer complaints about latency(especially when it comes to Voice and VPN traffic).
I wasn't using per-packet load balancing. I believe juniper default is per IP.
My timers are as follows Active Holdtime: 90 Keepalive Interval: 30
Would I be correct in thinking I need to contact my ISP to lower these values?
An interesting note is when I had both ISPs connected into a single MX104 the failover was just a few seconds.
Thanks again.
On Tue, May 15, 2018 at 8:42 PM Ben Cannon <ben@6by7.net> wrote:
Have you checked your timeouts ?
-Ben
On May 15, 2018, at 4:09 PM, Kaiser, Erich <erich@gotfusion.net> wrote:
Do you need full routes? What about just a default route from BGP?
Erich Kaiser The Fusion Network erich@gotfusion.net Office: 815-570-3101
On Tue, May 15, 2018 at 5:38 PM, Aaron Gould <aaron1@gvtc.com> wrote:
You sure it doesn't have something to do with 60 seconds * 3 = 180 secs of BGP neighbor Time out before it believes neighbor is dead and remove routes to that neighbor?
Aaron
> On May 15, 2018, at 9:10 AM, Adam Kajtar < akajtar@wadsworthcity.org
wrote: > > Hello: > > I'm running two Juniper MX104s. Each MX has 1 ISP connected running > BGP(full routes). iBGP is running between the routers via a two port 20G > lag. When one of the ISPs fails, it can take upwards of 2 minutes for > traffic to start flowing correctly. The router has the correct route in the > routing table, but it doesn't install it in the forwarding table for the > full two mins. > > I have a few questions if anyone could answer them. > > - What would a usual convergence time be for this setup? > - Is there anything I could do speed this process up? (I tried Multipath) > - Any tips and tricks would be much appreciated > > Thanks in Advance > -- > Adam Kajtar > Systems Administrator > City of Wadsworth > akajtar@wadsworthcity.org > ----------------------------------------------------- > http://www.wadsworthcity.com > > Facebook <http://www.facebook.com/cityofwadsworth>* |* Twitter > <https://twitter.com/CityOfWadsworth> *|* Instagram > <https://www.instagram.com/cityofwadsworth/> *|* YouTube > <https://www.youtube.com/channel/UCymlH-AZgvxTaHtgp3-AmDQ>
-- Adam Kajtar Systems Administrator, Safety Services City of Wadsworth Office 330.335.2865 Cell 330.485.6510 akajtar@wadsworthcity.org ----------------------------------------------------- http://www.wadsworthcity.com
Facebook <http://www.facebook.com/cityofwadsworth>* |* Twitter <https://twitter.com/CityOfWadsworth> *|* Instagram <https://www.instagram.com/cityofwadsworth/> *|* YouTube <https://www.youtube.com/channel/UCymlH-AZgvxTaHtgp3-AmDQ>
-- Adam Kajtar Systems Administrator, Safety Services City of Wadsworth Office 330.335.2865 Cell 330.485.6510 akajtar@wadsworthcity.org ----------------------------------------------------- http://www.wadsworthcity.com
Facebook <http://www.facebook.com/cityofwadsworth>* |* Twitter <https://twitter.com/CityOfWadsworth> *|* Instagram <https://www.instagram.com/cityofwadsworth/> *|* YouTube <https://www.youtube.com/channel/UCymlH-AZgvxTaHtgp3-AmDQ>
-- Adam Kajtar Systems Administrator, Safety Services City of Wadsworth Office 330.335.2865 Cell 330.485.6510 akajtar@wadsworthcity.org ----------------------------------------------------- http://www.wadsworthcity.com Facebook <http://www.facebook.com/cityofwadsworth>* |* Twitter <https://twitter.com/CityOfWadsworth> *|* Instagram <https://www.instagram.com/cityofwadsworth/> *|* YouTube <https://www.youtube.com/channel/UCymlH-AZgvxTaHtgp3-AmDQ>
On Thu 2018-May-17 10:49:37 -0400, Adam Kajtar <akajtar@wadsworthcity.org> wrote:
Thomas,
Thanks for the info. This is probably why my multipath configuration wasn't working as I thought it would. I will give this a test run also.
Mike,
Interesting thought. This would mean rpf-check wouldn't work on my outside interfaces. Good to know.
Not necessarily that it doesn't work at all, but there are platform-specific differences in terms of loose vs. strict, whether the default route is considered in RPF evaluation, etc. From https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/...
# Unicast RPF Behavior with a Default Route
On all routers except those with MPCs and the MX80 router, unicast RPF behaves as follows if you configure a default route that uses an interface configured with unicast RPF:
* Loose mode—All packets are automatically accepted. For this reason, we recommend that you not configure unicast RPF loose mode on interfaces * that the default route uses. * Strict mode—The packet is accepted when the source address of the packet matches any of the routes (either default or learned) that can be reachable through the interface. Note that routes can have multiple destinations associated with them; therefore, if one of the destinations atches the incoming interface of the packet, the packet is accepted.
On all routers with MPCs and the MX80 router, unicast RPF behaves as follows if you configure a default route that uses an interface configured with unicast RPF:
* Loose mode—All packets except the packets whose source is learned from the default route are accepted. All packets whose source is learned from the default route are dropped at the Packet Forwarding Engine. The default route is treated as if the route does not exist. * Strict mode—The packet is accepted when the source address of the packet matches any of the routes (either default or learned) that can be reachable through the interface. Note that routes can have multiple destinations associated with them; therefore, if one of the destinations matches the incoming interface of the packet, the packet is accepted.
On all routers, the packet is not accepted when either of the following is true:
* The source address of the packet does not match a prefix in the routing table. * The interface does not expect to receive a packet with this source address prefix.
-- Hugo Slabbert | email, xmpp/jabber: hugo@slabnet.com pgp key: B178313E | also on Signal
Add a static default route on both routers. This will be invalidated as soon the interface goes down. Should be faster than relying on the BGP process on withdrawing the route. Also does not require any config changes at your upstreams. Regards Baldur ons. 16. maj 2018 18.52 skrev Adam Kajtar <akajtar@wadsworthcity.org>:
Erich,
Good Idea. I can't believe I didn't think of that earlier. Simple and effective. I will go ahead and request the defaults from my ISP and update the thread of the findings.
Thanks!
On Wed, May 16, 2018 at 10:03 AM Kaiser, Erich <erich@gotfusion.net> wrote:
A last resort route (default route) could still be good to take from your ISP(s) even if you still do full routes, as the propagation is happening on the internet side, you should at least have a path inbound through the other provider. The default route at least would send the traffic out if it does not see the route locally. Just an idea.
On Wed, May 16, 2018 at 8:22 AM, Adam Kajtar <akajtar@wadsworthcity.org> wrote:
I could use static routes but I noticed since I moved to full routes I have had a lot fewer customer complaints about latency(especially when it comes to Voice and VPN traffic).
I wasn't using per-packet load balancing. I believe juniper default is per IP.
My timers are as follows Active Holdtime: 90 Keepalive Interval: 30
Would I be correct in thinking I need to contact my ISP to lower these values?
An interesting note is when I had both ISPs connected into a single MX104 the failover was just a few seconds.
Thanks again.
On Tue, May 15, 2018 at 8:42 PM Ben Cannon <ben@6by7.net> wrote:
Have you checked your timeouts ?
-Ben
On May 15, 2018, at 4:09 PM, Kaiser, Erich <erich@gotfusion.net> wrote:
Do you need full routes? What about just a default route from BGP?
Erich Kaiser The Fusion Network erich@gotfusion.net Office: 815-570-3101
On Tue, May 15, 2018 at 5:38 PM, Aaron Gould <aaron1@gvtc.com> wrote:
You sure it doesn't have something to do with 60 seconds * 3 = 180 secs of BGP neighbor Time out before it believes neighbor is dead and remove routes to that neighbor?
Aaron
> On May 15, 2018, at 9:10 AM, Adam Kajtar < akajtar@wadsworthcity.org
wrote: > > Hello: > > I'm running two Juniper MX104s. Each MX has 1 ISP connected running > BGP(full routes). iBGP is running between the routers via a two port 20G > lag. When one of the ISPs fails, it can take upwards of 2 minutes for > traffic to start flowing correctly. The router has the correct route in the > routing table, but it doesn't install it in the forwarding table for the > full two mins. > > I have a few questions if anyone could answer them. > > - What would a usual convergence time be for this setup? > - Is there anything I could do speed this process up? (I tried Multipath) > - Any tips and tricks would be much appreciated > > Thanks in Advance > -- > Adam Kajtar > Systems Administrator > City of Wadsworth > akajtar@wadsworthcity.org > ----------------------------------------------------- > http://www.wadsworthcity.com > > Facebook <http://www.facebook.com/cityofwadsworth>* |* Twitter > <https://twitter.com/CityOfWadsworth> *|* Instagram > <https://www.instagram.com/cityofwadsworth/> *|* YouTube > <https://www.youtube.com/channel/UCymlH-AZgvxTaHtgp3-AmDQ>
-- Adam Kajtar Systems Administrator, Safety Services City of Wadsworth Office 330.335.2865 Cell 330.485.6510 akajtar@wadsworthcity.org ----------------------------------------------------- http://www.wadsworthcity.com
Facebook <http://www.facebook.com/cityofwadsworth>* |* Twitter <https://twitter.com/CityOfWadsworth> *|* Instagram <https://www.instagram.com/cityofwadsworth/> *|* YouTube <https://www.youtube.com/channel/UCymlH-AZgvxTaHtgp3-AmDQ>
-- Adam Kajtar Systems Administrator, Safety Services City of Wadsworth Office 330.335.2865 Cell 330.485.6510 akajtar@wadsworthcity.org ----------------------------------------------------- http://www.wadsworthcity.com
Facebook <http://www.facebook.com/cityofwadsworth>* |* Twitter <https://twitter.com/CityOfWadsworth> *|* Instagram <https://www.instagram.com/cityofwadsworth/> *|* YouTube <https://www.youtube.com/channel/UCymlH-AZgvxTaHtgp3-AmDQ>
“I'm running two Juniper MX104s. Each MX has 1 ISP connected running BGP(full routes). iBGP is running between the routers via a two port 20G lag. When one of the ISPs fails, it can take upwards of 2 minutes for traffic to start flowing correctly. The router has the correct route in the routing table, but it doesn't install it in the forwarding table for the full two mins.” I finished my testing and concluded that I would continue running full routes without any fanciness. I will detail some tests and what the outcomes were as well as explain why I decided to keep running full routes. *Receiving Full Routes* Convergence time was 180 seconds. The routing table updated and showed the correct path in under a minute but the forwarding table took 180 seconds for most the routes to update. *BGP Multipath* There was no effect on convergence speed. I think paths between eBGP neighbors are preferred over iBGP. Therefore, no routes are ever equal in this case. *BFD* The slower to converge ISP refused my request to setup BFD between our routers. This option is out of the question. *BGP Timers* I adjusted the BGP hold timer to 30 seconds and the stale route timer to 5 seconds. This change appeared to have no effect on convergence speed. *Receiving Full Routes with a Default* I suspected receiving a default route would fix the issue because the only route that would need to be updated in the forwarding table for traffic to flow. I assumed that it would process the lowest binary route first( 0.0.0.0/0) Once the full table was updated traffic would take the optimal path(This would avoid customer complaints due to latency with VPNs and Voice traffic). I also suspected exporting the default BGP default route into OSPF would speed up OSPF convergences avoiding a generated default route based on neighbor state. Unfortunately, it appears like the forwarding table of the MX104 converges abruptly instead of slowly as router processes them. Also, Traffic would fail as the ISP connection came back up due to BGP exporting the route into OSPF. *Receiving Full Routes with forwarding engine commands* After I completed the above tests, I concluded the forwarding engine would need to speed up, and some sort of hack was in order. I tested the following commands. https://www.juniper.net/documentation/en_US/junos/topics/concept/use-case-fo... https://www.juniper.net/documentation/en_US/junos/topics/topic-map/forwardin... With these commands enabled equal cost routes installed into the forwarding table. Failover on equal cost routes was 40 – 50 seconds and 180 seconds on non-equal-cost routes. This was unacceptable because most of the routes are preferred out one ISP over the other. I disabled ECMP and the router began installing all routes into the forwarding table including the secondary route. The router would dump sections of the forwarding table and act very flakey. *Receiving Default Only* I tested filtering out all routes besides the default route. The speed of convergence was 30 - 45 seconds depending on which upstream ISP connection I disconnected. This solution was unacceptable due to the traffic not taking the optimal path outbound. I concluded that 180 seconds was an acceptable failover time given that I exhausted all other resources. I would prefer to have a more reliable failover mechanism than a faster one. Also, everyday speed and usability are more important that failover speed(which rarely happens and almost never during peak hours) in my use case. Thank you to anyone who gave me suggestions on this issue. It helped me understand and accept the outcome. On Sat, May 26, 2018 at 12:15 PM Baldur Norddahl <baldur.norddahl@gmail.com> wrote:
Add a static default route on both routers. This will be invalidated as soon the interface goes down. Should be faster than relying on the BGP process on withdrawing the route. Also does not require any config changes at your upstreams.
Regards Baldur
ons. 16. maj 2018 18.52 skrev Adam Kajtar <akajtar@wadsworthcity.org>:
Erich,
Good Idea. I can't believe I didn't think of that earlier. Simple and effective. I will go ahead and request the defaults from my ISP and update the thread of the findings.
Thanks!
On Wed, May 16, 2018 at 10:03 AM Kaiser, Erich <erich@gotfusion.net> wrote:
A last resort route (default route) could still be good to take from your ISP(s) even if you still do full routes, as the propagation is happening on the internet side, you should at least have a path inbound through the other provider. The default route at least would send the traffic out if it does not see the route locally. Just an idea.
On Wed, May 16, 2018 at 8:22 AM, Adam Kajtar < akajtar@wadsworthcity.org> wrote:
I could use static routes but I noticed since I moved to full routes I have had a lot fewer customer complaints about latency(especially when it comes to Voice and VPN traffic).
I wasn't using per-packet load balancing. I believe juniper default is per IP.
My timers are as follows Active Holdtime: 90 Keepalive Interval: 30
Would I be correct in thinking I need to contact my ISP to lower these values?
An interesting note is when I had both ISPs connected into a single MX104 the failover was just a few seconds.
Thanks again.
On Tue, May 15, 2018 at 8:42 PM Ben Cannon <ben@6by7.net> wrote:
Have you checked your timeouts ?
-Ben
On May 15, 2018, at 4:09 PM, Kaiser, Erich <erich@gotfusion.net> wrote:
Do you need full routes? What about just a default route from BGP?
Erich Kaiser The Fusion Network erich@gotfusion.net Office: 815-570-3101
> On Tue, May 15, 2018 at 5:38 PM, Aaron Gould <aaron1@gvtc.com> wrote: > > You sure it doesn't have something to do with 60 seconds * 3 = 180 secs of > BGP neighbor Time out before it believes neighbor is dead and remove routes > to that neighbor? > > Aaron > >> On May 15, 2018, at 9:10 AM, Adam Kajtar < akajtar@wadsworthcity.org
> wrote: >> >> Hello: >> >> I'm running two Juniper MX104s. Each MX has 1 ISP connected running >> BGP(full routes). iBGP is running between the routers via a two port 20G >> lag. When one of the ISPs fails, it can take upwards of 2 minutes for >> traffic to start flowing correctly. The router has the correct route in > the >> routing table, but it doesn't install it in the forwarding table for the >> full two mins. >> >> I have a few questions if anyone could answer them. >> >> - What would a usual convergence time be for this setup? >> - Is there anything I could do speed this process up? (I tried > Multipath) >> - Any tips and tricks would be much appreciated >> >> Thanks in Advance >> -- >> Adam Kajtar >> Systems Administrator >> City of Wadsworth >> akajtar@wadsworthcity.org >> ----------------------------------------------------- >> http://www.wadsworthcity.com >> >> Facebook <http://www.facebook.com/cityofwadsworth>* |* Twitter >> <https://twitter.com/CityOfWadsworth> *|* Instagram >> <https://www.instagram.com/cityofwadsworth/> *|* YouTube >> <https://www.youtube.com/channel/UCymlH-AZgvxTaHtgp3-AmDQ> > >
-- Adam Kajtar Systems Administrator, Safety Services City of Wadsworth Office 330.335.2865 Cell 330.485.6510 akajtar@wadsworthcity.org ----------------------------------------------------- http://www.wadsworthcity.com
Facebook <http://www.facebook.com/cityofwadsworth>* |* Twitter <https://twitter.com/CityOfWadsworth> *|* Instagram <https://www.instagram.com/cityofwadsworth/> *|* YouTube <https://www.youtube.com/channel/UCymlH-AZgvxTaHtgp3-AmDQ>
-- Adam Kajtar Systems Administrator, Safety Services City of Wadsworth Office 330.335.2865 Cell 330.485.6510 akajtar@wadsworthcity.org ----------------------------------------------------- http://www.wadsworthcity.com
Facebook <http://www.facebook.com/cityofwadsworth>* |* Twitter <https://twitter.com/CityOfWadsworth> *|* Instagram <https://www.instagram.com/cityofwadsworth/> *|* YouTube <https://www.youtube.com/channel/UCymlH-AZgvxTaHtgp3-AmDQ>
-- Adam Kajtar Systems Administrator, Safety Services City of Wadsworth Office 330.335.2865 Cell 330.485.6510 akajtar@wadsworthcity.org ----------------------------------------------------- http://www.wadsworthcity.com Facebook <http://www.facebook.com/cityofwadsworth>* |* Twitter <https://twitter.com/CityOfWadsworth> *|* Instagram <https://www.instagram.com/cityofwadsworth/> *|* YouTube <https://www.youtube.com/channel/UCymlH-AZgvxTaHtgp3-AmDQ>
Hey Adam, On 30 May 2018 at 22:49, Adam Kajtar <akajtar@wadsworthcity.org> wrote:
*Receiving Full Routes*
Convergence time was 180 seconds. The routing table updated and showed the correct path in under a minute but the forwarding table took 180 seconds for most the routes to update.
How as this verified? Juniper is known to converge on software much faster than on hardware. You'd need to at least verify: - show krt queue => no updates queued - show system processes extensive |match rpd => state is 'kqread' not 'RUN' 180seconds seems unlikely for MX80/MX104, may in scenario where box doesn't have anything else to do, no where to sends routes out to, no inferior routes to replace with new superior routes etc. Like if you just have empty box not connected anywhere receiving eBGP from on peer, maybe. In actual box doing actual work, unlikely. We see 20-30min convergence times on large boxes at initial convergency, mostly due to full-mesh being chatty and causing lot of useless state changes as new data keeps coming in. -- ++ytti
Ask if they will configure BFD for you. I’ve not found many transit providers that will, but it’s worth a shot and it will lower failure detection to circa 1 second.
On 16 May 2018, at 17:49, Adam Kajtar <akajtar@wadsworthcity.org> wrote:
I could use static routes but I noticed since I moved to full routes I have had a lot fewer customer complaints about latency(especially when it comes to Voice and VPN traffic).
I wasn't using per-packet load balancing. I believe juniper default is per IP.
My timers are as follows Active Holdtime: 90 Keepalive Interval: 30
Would I be correct in thinking I need to contact my ISP to lower these values?
An interesting note is when I had both ISPs connected into a single MX104 the failover was just a few seconds.
Thanks again.
On Tue, May 15, 2018 at 8:42 PM Ben Cannon <ben@6by7.net> wrote:
Have you checked your timeouts ?
-Ben
On May 15, 2018, at 4:09 PM, Kaiser, Erich <erich@gotfusion.net> wrote:
Do you need full routes? What about just a default route from BGP?
Erich Kaiser The Fusion Network erich@gotfusion.net Office: 815-570-3101
On Tue, May 15, 2018 at 5:38 PM, Aaron Gould <aaron1@gvtc.com> wrote:
You sure it doesn't have something to do with 60 seconds * 3 = 180 secs of BGP neighbor Time out before it believes neighbor is dead and remove routes to that neighbor?
Aaron
On May 15, 2018, at 9:10 AM, Adam Kajtar <akajtar@wadsworthcity.org> wrote:
Hello:
I'm running two Juniper MX104s. Each MX has 1 ISP connected running BGP(full routes). iBGP is running between the routers via a two port 20G lag. When one of the ISPs fails, it can take upwards of 2 minutes for traffic to start flowing correctly. The router has the correct route in the routing table, but it doesn't install it in the forwarding table for the full two mins.
I have a few questions if anyone could answer them.
- What would a usual convergence time be for this setup? - Is there anything I could do speed this process up? (I tried Multipath) - Any tips and tricks would be much appreciated
Thanks in Advance -- Adam Kajtar Systems Administrator City of Wadsworth akajtar@wadsworthcity.org ----------------------------------------------------- http://www.wadsworthcity.com
Facebook <http://www.facebook.com/cityofwadsworth>* |* Twitter <https://twitter.com/CityOfWadsworth> *|* Instagram <https://www.instagram.com/cityofwadsworth/> *|* YouTube <https://www.youtube.com/channel/UCymlH-AZgvxTaHtgp3-AmDQ>
-- Adam Kajtar Systems Administrator, Safety Services City of Wadsworth Office 330.335.2865 Cell 330.485.6510 akajtar@wadsworthcity.org ----------------------------------------------------- http://www.wadsworthcity.com
Facebook <http://www.facebook.com/cityofwadsworth>* |* Twitter <https://twitter.com/CityOfWadsworth> *|* Instagram <https://www.instagram.com/cityofwadsworth/> *|* YouTube <https://www.youtube.com/channel/UCymlH-AZgvxTaHtgp3-AmDQ>
I did exactly that when I called. One is looking into the other hasn't called yet. I will let you know what they say. On Wed, May 16, 2018 at 12:59 PM Phil Lavin <phil.lavin@cloudcall.com> wrote:
Ask if they will configure BFD for you. I’ve not found many transit providers that will, but it’s worth a shot and it will lower failure detection to circa 1 second.
On 16 May 2018, at 17:49, Adam Kajtar <akajtar@wadsworthcity.org> wrote:
I could use static routes but I noticed since I moved to full routes I have had a lot fewer customer complaints about latency(especially when it comes to Voice and VPN traffic).
I wasn't using per-packet load balancing. I believe juniper default is per IP.
My timers are as follows Active Holdtime: 90 Keepalive Interval: 30
Would I be correct in thinking I need to contact my ISP to lower these values?
An interesting note is when I had both ISPs connected into a single MX104 the failover was just a few seconds.
Thanks again.
On Tue, May 15, 2018 at 8:42 PM Ben Cannon <ben@6by7.net> wrote:
Have you checked your timeouts ?
-Ben
On May 15, 2018, at 4:09 PM, Kaiser, Erich <erich@gotfusion.net> wrote:
Do you need full routes? What about just a default route from BGP?
Erich Kaiser The Fusion Network erich@gotfusion.net Office: 815-570-3101
On Tue, May 15, 2018 at 5:38 PM, Aaron Gould <aaron1@gvtc.com> wrote:
You sure it doesn't have something to do with 60 seconds * 3 = 180 secs of BGP neighbor Time out before it believes neighbor is dead and remove routes to that neighbor?
Aaron
On May 15, 2018, at 9:10 AM, Adam Kajtar <akajtar@wadsworthcity.org> wrote:
Hello:
I'm running two Juniper MX104s. Each MX has 1 ISP connected running BGP(full routes). iBGP is running between the routers via a two port 20G lag. When one of the ISPs fails, it can take upwards of 2 minutes for traffic to start flowing correctly. The router has the correct route in the routing table, but it doesn't install it in the forwarding table for the full two mins.
I have a few questions if anyone could answer them.
- What would a usual convergence time be for this setup? - Is there anything I could do speed this process up? (I tried Multipath) - Any tips and tricks would be much appreciated
Thanks in Advance -- Adam Kajtar Systems Administrator City of Wadsworth akajtar@wadsworthcity.org ----------------------------------------------------- http://www.wadsworthcity.com
Facebook <http://www.facebook.com/cityofwadsworth>* |* Twitter <https://twitter.com/CityOfWadsworth> *|* Instagram <https://www.instagram.com/cityofwadsworth/> *|* YouTube <https://www.youtube.com/channel/UCymlH-AZgvxTaHtgp3-AmDQ>
-- Adam Kajtar Systems Administrator, Safety Services City of Wadsworth Office 330.335.2865 Cell 330.485.6510 akajtar@wadsworthcity.org ----------------------------------------------------- http://www.wadsworthcity.com
Facebook <http://www.facebook.com/cityofwadsworth>* |* Twitter <https://twitter.com/CityOfWadsworth> *|* Instagram <https://www.instagram.com/cityofwadsworth/> *|* YouTube <https://www.youtube.com/channel/UCymlH-AZgvxTaHtgp3-AmDQ>
-- Adam Kajtar Systems Administrator, Safety Services City of Wadsworth Office 330.335.2865 Cell 330.485.6510 akajtar@wadsworthcity.org ----------------------------------------------------- http://www.wadsworthcity.com Facebook <http://www.facebook.com/cityofwadsworth>* |* Twitter <https://twitter.com/CityOfWadsworth> *|* Instagram <https://www.instagram.com/cityofwadsworth/> *|* YouTube <https://www.youtube.com/channel/UCymlH-AZgvxTaHtgp3-AmDQ>
On 16/May/18 18:59, Phil Lavin wrote:
Ask if they will configure BFD for you. I’ve not found many transit providers that will, but it’s worth a shot and it will lower failure detection to circa 1 second. We've tended to shy away from it, but we have 2 customers we've done it for.
Mark.
Hello again: I've tried using the default route, adjusting bgp timers, and mutlipath. Unfortunately, these changes haven't helped much. Juniper support hasn't been very helpful also. Although, I think I might have found the solution. https://www.juniper.net/documentation/en_US/junos/topics/topic-map/forwardin... Let me know what you think. On Tue, May 22, 2018, 4:03 AM Mark Tinka <mark.tinka@seacom.mu> wrote:
On 16/May/18 18:59, Phil Lavin wrote:
Ask if they will configure BFD for you. I’ve not found many transit providers that will, but it’s worth a shot and it will lower failure detection to circa 1 second.
We've tended to shy away from it, but we have 2 customers we've done it for.
Mark.
Hey! This feature is already enabled on MX with MPC cards. -- Make it right before you make it faster. - The Elements of Programming Style (Kernighan & Plauger) ――――――― Original Message ――――――― From: Adam Kajtar <akajtar@wadsworthcity.org> Sent: 23 mai 2018 23:21 -0400 Subject: Re: Juniper BGP Convergence Time To: Mark Tinka Cc: nanog@nanog.org
Hello again:
I've tried using the default route, adjusting bgp timers, and mutlipath. Unfortunately, these changes haven't helped much. Juniper support hasn't been very helpful also. Although, I think I might have found the solution.
https://www.juniper.net/documentation/en_US/junos/topics/topic-map/forwardin...
Let me know what you think.
On Tue, May 22, 2018, 4:03 AM Mark Tinka <mark.tinka@seacom.mu> wrote:
On 16/May/18 18:59, Phil Lavin wrote:
Ask if they will configure BFD for you. I’ve not found many transit providers that will, but it’s worth a shot and it will lower failure detection to circa 1 second.
We've tended to shy away from it, but we have 2 customers we've done it for.
Mark.
I wonder if this convergence time issue wouldn't be a typical mission for «BGP PIC Edge for MPLS Layer 3 VPNs». But it would be necessary to migrate the DFZ to a VPN MPLS (and configure composite nexthop and BGP PIC / «Provider Edge Link Protection»).
Le 24 mai 2018 à 09:20, Vincent Bernat <bernat@luffy.cx> a écrit :
This feature is already enabled on MX with MPC cards.
――――――― Original Message ――――――― From: Adam Kajtar <akajtar@wadsworthcity.org> Sent: 23 mai 2018 23:21 -0400 Subject: Re: Juniper BGP Convergence Time To: Mark Tinka Cc: nanog@nanog.org
Hello again:
I've tried using the default route, adjusting bgp timers, and mutlipath. Unfortunately, these changes haven't helped much. Juniper support hasn't been very helpful also. Although, I think I might have found the solution.
https://www.juniper.net/documentation/en_US/junos/topics/topic-map/forwardin...
Let me know what you think.
On Tue, May 22, 2018, 4:03 AM Mark Tinka <mark.tinka@seacom.mu> wrote:
On 16/May/18 18:59, Phil Lavin wrote:
Ask if they will configure BFD for you. I’ve not found many transit providers that will, but it’s worth a shot and it will lower failure detection to circa 1 second.
We've tended to shy away from it, but we have 2 customers we've done it for.
❦ 24 mai 2018 12:36 +0200, Olivier Benghozi <olivier.benghozi@wifirst.fr> :
I wonder if this convergence time issue wouldn't be a typical mission for «BGP PIC Edge for MPLS Layer 3 VPNs». But it would be necessary to migrate the DFZ to a VPN MPLS (and configure composite nexthop and BGP PIC / «Provider Edge Link Protection»).
BGP PIC is also available with IP now: https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/... I've asked the question two years ago on j-nsp. Here is the thread: https://lists.gt.net/nsp/juniper/57149 There is a step by step guide about in the middle of the guide. I didn't have the right version to test at the time. I didn't try again since then. -- Make sure comments and code agree. - The Elements of Programming Style (Kernighan & Plauger)
Yep, feature naming in JunOS... In fact I meant «Provider Edge Link Protection», which is only for VPN (and Labeled Unicast), and that applies here (eBGP paths are protected using iBGP paths).
Le 24 mai 2018 à 13:39, Vincent Bernat <bernat@luffy.cx> a écrit :
❦ 24 mai 2018 12:36 +0200, Olivier Benghozi <olivier.benghozi@wifirst.fr> :
I wonder if this convergence time issue wouldn't be a typical mission for «BGP PIC Edge for MPLS Layer 3 VPNs». But it would be necessary to migrate the DFZ to a VPN MPLS (and configure composite nexthop and BGP PIC / «Provider Edge Link Protection»).
BGP PIC is also available with IP now: https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/...
I've asked the question two years ago on j-nsp. Here is the thread: https://lists.gt.net/nsp/juniper/57149
There is a step by step guide about in the middle of the guide. I didn't have the right version to test at the time. I didn't try again since then.
On 2018-05-16 15:22, Adam Kajtar wrote:
I wasn't using per-packet load balancing. I believe juniper default is per IP.
The Juniper default is to not do ECMP at all. Only a single route is programmed into the FIB for each prefix in your RIB. If you e.g. have routes to 198.51.100.0/24 pointing to ten different ports, all traffic to that entire /24 will go out over a single port, unless you have explicitly enabled ECMP. To enable ECMP, you need this: policy-options { policy-statement ecmp { then { load-balance per-packet; } } } routing-options { forwarding-table { export ecmp; } } in your configuration. Note also that "per-packet" is a mis-nomer; it is really "per flow", based on a hash of the L3/L4 headers. 'show route forwarding-table destination 198.51.100.0/24' shows if you actually have multiple routes in your FIB. /Bellman
While we are on ECMP topic... In L3VPN, when I've learned say, 3 different routes all using different MPLS tags to the 3 remote PE's, is there a way to ECMP hash across all of the paths to load balance? Aaron
On May 16, 2018, at 6:32 PM, Thomas Bellman <bellman@nsc.liu.se> wrote:
On 2018-05-16 15:22, Adam Kajtar wrote:
I wasn't using per-packet load balancing. I believe juniper default is per IP.
The Juniper default is to not do ECMP at all. Only a single route is programmed into the FIB for each prefix in your RIB. If you e.g. have routes to 198.51.100.0/24 pointing to ten different ports, all traffic to that entire /24 will go out over a single port, unless you have explicitly enabled ECMP.
To enable ECMP, you need this:
policy-options { policy-statement ecmp { then { load-balance per-packet; } } } routing-options { forwarding-table { export ecmp; } }
in your configuration. Note also that "per-packet" is a mis-nomer; it is really "per flow", based on a hash of the L3/L4 headers.
'show route forwarding-table destination 198.51.100.0/24' shows if you actually have multiple routes in your FIB.
/Bellman
You shouldn't need to contact your ISP on the lowered BGP timers as BGP should establish based on the lowest value. That said, they may have a value limit where anything lower than that, is set at your own risk. You can look at running BFD over the BGP session as well. Technically it has nothing to do with convergence, but it can quickly detect a down issue and drop BGP right away. On Wed, May 16, 2018 at 9:22 AM, Adam Kajtar <akajtar@wadsworthcity.org> wrote:
I could use static routes but I noticed since I moved to full routes I have had a lot fewer customer complaints about latency(especially when it comes to Voice and VPN traffic).
I wasn't using per-packet load balancing. I believe juniper default is per IP.
My timers are as follows Active Holdtime: 90 Keepalive Interval: 30
Would I be correct in thinking I need to contact my ISP to lower these values?
An interesting note is when I had both ISPs connected into a single MX104 the failover was just a few seconds.
Thanks again.
On Tue, May 15, 2018 at 8:42 PM Ben Cannon <ben@6by7.net> wrote:
Have you checked your timeouts ?
-Ben
On May 15, 2018, at 4:09 PM, Kaiser, Erich <erich@gotfusion.net> wrote:
Do you need full routes? What about just a default route from BGP?
Erich Kaiser The Fusion Network erich@gotfusion.net Office: 815-570-3101
On Tue, May 15, 2018 at 5:38 PM, Aaron Gould <aaron1@gvtc.com> wrote:
You sure it doesn't have something to do with 60 seconds * 3 = 180 secs of BGP neighbor Time out before it believes neighbor is dead and remove routes to that neighbor?
Aaron
On May 15, 2018, at 9:10 AM, Adam Kajtar <akajtar@wadsworthcity.org> wrote:
Hello:
I'm running two Juniper MX104s. Each MX has 1 ISP connected running BGP(full routes). iBGP is running between the routers via a two port 20G lag. When one of the ISPs fails, it can take upwards of 2 minutes for traffic to start flowing correctly. The router has the correct route in the routing table, but it doesn't install it in the forwarding table for the full two mins.
I have a few questions if anyone could answer them.
- What would a usual convergence time be for this setup? - Is there anything I could do speed this process up? (I tried Multipath) - Any tips and tricks would be much appreciated
Thanks in Advance -- Adam Kajtar Systems Administrator City of Wadsworth akajtar@wadsworthcity.org ----------------------------------------------------- http://www.wadsworthcity.com
Facebook <http://www.facebook.com/cityofwadsworth>* |* Twitter <https://twitter.com/CityOfWadsworth> *|* Instagram <https://www.instagram.com/cityofwadsworth/> *|* YouTube <https://www.youtube.com/channel/UCymlH-AZgvxTaHtgp3-AmDQ>
-- Adam Kajtar Systems Administrator, Safety Services City of Wadsworth Office 330.335.2865 Cell 330.485.6510 akajtar@wadsworthcity.org ----------------------------------------------------- http://www.wadsworthcity.com
Facebook <http://www.facebook.com/cityofwadsworth>* |* Twitter <https://twitter.com/CityOfWadsworth> *|* Instagram <https://www.instagram.com/cityofwadsworth/> *|* YouTube <https://www.youtube.com/channel/UCymlH-AZgvxTaHtgp3-AmDQ>
participants (17)
-
Aaron Gould
-
Adam Kajtar
-
Baldur Norddahl
-
Ben Cannon
-
Eric Sieg
-
Hugo Slabbert
-
Josh Baird
-
Kaiser, Erich
-
lobna gouda
-
Mark Tinka
-
Mike Hammett
-
Olivier Benghozi
-
Phil Lavin
-
Ruairi Carroll
-
Saku Ytti
-
Thomas Bellman
-
Vincent Bernat