I'm looking to speed up our network's BGP convergence time in the event of an ISP failure.
Our topology is pretty simple: 2 border routers with 1 ISP circuit on each and basic IBGP between them. The issue is that both ISP circuits are delivered via on-site metro-E switches from the carriers, so unless those switches themselves crash, the physical ISP interfaces remain up.
We're using BFD for fast failure detection, which helps. The problem is that the routers (ASR1001-X with 8G RAM) still take time to withdraw a full BGP table from the RIB and from IBGP. During this time, all prefixes that were routing through the failed ISP are unreachable until their turn to get withdrawn comes along. This is causing dropped VoIP calls, VPN session timeouts, etc. if the prefixes to those services take a while to be withdrawn.
I want to use BGP best-external so both routers will have all backup paths "pre-loaded" for the failover, but the problem is that those damned physical interfaces remain up. Since the next-hop IP of the failed prefixes remains UP in the RIB, it remains reachable in OSPF, thus the backup router does not use its own paths until the failed primary router manages to withdraw all failed prefixes.
Is there a way to make BFD suppress the peering IP from OSPF (or better, from its own RIB) so that they will both immediately start using the other ISP while IBGP withdraws everything?
I'm playing around in GNS3 and I can make this work with EBGP multihop + multihop BFD
+ Static Route BFD doing fault detection on the EBGP peer loopback IP. That seems excessively complicated, and our ISPs may not even support such a configuration. Is there a way to get BFD to suppress the /30 connected route?
No comments:
Post a Comment