Troubleshooting BGP: A Practical Guide to Understanding and Troubleshooting BGP(Networking Technology)

The definitive guide to troubleshooting today’s complex BGP networks This is today’s best single source for the techniques you need to troubleshoot BGP issues in modern Cisco IOS, IOS XR, and NxOS environments. BGP has expanded from being an Internet routing protocol and provides a scalable control plane for a variety of technologies, including MPLS VPNs and VXLAN. Bringing together content previously spread across multiple sources, Troubleshooting BGP describes BGP functions in today’s blended service provider and enterprise environments. Two expert authors emphasize the BGP-related issues you’re most likely to encounter in real-world deployments, including problems that have caused massive network outages. They fully address convergence and scalability, as well as common concerns such as BGP slow peer, RT constraint filtering, and missing BGP routes. For each issue, key concepts are presented, along with basic configuration, detailed troubleshooting methods, and clear illustrations. Wherever appropriate, OS-specific behaviors are described and analyzed. Troubleshooting BGP is an indispensable technical resource for all consultants, system/support engineers, and operations professionals working with BGP in even the largest, most complex environments. ·         Quickly review the BGP protocol, configuration, and commonly used features ·         Master generic troubleshooting methodologies that are relevant to BGP networks ·         Troubleshoot BGP peering issues, flapping peers, and dynamic BGP peering ·         Resolve issues related to BGP route installation, path selection, or route policies ·         Avoid and fix convergence problems ·         Address platform issues such as high CPU or memory usage ·         Scale BGP using route reflectors, diverse paths, and other advanced features ·         Solve problems with BGP edge architectures, multihoming, and load balancing ·         Secure BGP inter-domain routing with RPKI ·         Mitigate DDoS attacks with RTBH and BGP Flowspec ·         Understand common BGP problems with MPLS Layer 3 or Layer 2 VPN services ·         Troubleshoot IPv6 BGP for service providers, including 6PE and 6VPE ·         Overcome problems with VXLAN BGP EVPN data center deployments ·         Fully leverage BGP High Availability features, including GR, NSR, and BFD ·         Use new BGP enhancements for link-state distribution or tunnel setup This book is part of the Networking Technology Series from Cisco Press, which offers networking professionals valuable information for constructing efficient networks, understanding new technologies, and building successful careers.  

Table of Contents:
Foreword xxii Introduction xxiii Part I BGP Fundamentals Chapter 1 BGP Fundamentals 1 Border Gateway Protocol 1     Autonomous System Numbers 2     Path Attributes 3     Loop Prevention 3     Address Families 3     BGP Sessions 4 Inter-Router Communication 5 BGP Messages 6     OPEN 6         Hold Time 6         BGP Identifier 7     KEEPALIVE 7     UPDATE 7     NOTIFICATION Message 8 BGP Neighbor States 8     Idle 9     Connect 9     Active 10     OpenSent 10     OpenConfirm 10     Established 10 Basic BGP Configuration 11     IOS 11     IOS XR 12     NX-OS 13     Verification of BGP Sessions 14     Prefix Advertisement 17     BGP Best-Path Calculation 20 Route Filtering and Manipulation 21 IBGP 22     IBGP Full Mesh Requirement 24     Peering via Loopback Addresses 25 EBGP 26     EBGP and IBGP Topologies 28     Next-Hop Manipulation 30 IBGP Scalability 31     Route Reflectors 31 Loop Prevention in Route Reflectors 33 Out-of-Band Route Reflectors 33     Confederations 34 BGP Communities 37 Route Summarization 38     Aggregate-Address 39     Flexible Route Suppression 40         Selective Prefix Suppression 40         Leaking Suppressed Routes 40     Atomic Aggregate 40     Route Aggregation with AS_SET 42     Route Aggregation with Selective Advertisement of AS-SET 42     Default Route Advertisement 42     Default Route Advertisement per Neighbor 42 Remove Private AS 43 Allow AS 43 LocalAS 43 Summary 44 References 45 Part II Common BGP Troubleshooting Chapter 2 Generic Troubleshooting Methodologies 47 Identifying the Problem 47 Understanding Variables 48 Reproducing the Problem 49     Setting Up the Lab 49     Configuring Lab Devices 52     Triggering Events 56 Sniffer-Packet Capture 57     SPAN on Cisco IOS 58     SPAN on Cisco IOS XR 60     SPAN on Cisco NX-OS 62     Remote SPAN 63 Platform-Specific Packet Capture Tools 65     Netdr Capture 66     Embedded Packet Capture 68     Ethanalyzer 70 Logging 74 Event Monitoring/Tracing 77 Summary 81 Reference 81 Chapter 3 Troubleshooting Peering Issues 83 BGP Peering Down Issues 83     Verifying Configuration 84     Verifying Reachability 87         Find the Location and Direction of Packet Loss 88         Verify Whether Packets Are Being Transmitted 89         Use Access Control Lists to Verify Whether Packets Are Received 90         Check ACLs and Firewalls in Path 91         Verify TCP Sessions 94         Simulate a BGP Session 95     Demystifying BGP Notifications 96     Decode BGP Messages 99     Troubleshoot Blocked Process in IOS XR 103         Verify BGP and BPM Process State 104         Verify Blocked Processes 105         Restarting a Process 106     BGP Traces in IOS XR 106     BGP Traces in NX-OS 108     Debugs for BGP 110     Troubleshooting IPv6 Peers 112     Case Study–Single Session Versus Multisession 113         Multisession Capability 114         Single-Session Capability 115 BGP Peer Flapping Issues 115     Bad BGP Update 115     Hold Timer Expired 116         Interface Issues 116         Physical Connectivity 117         Physical Interface 117         Input Hold Queue 117         TCP Receive Queue 119     MTU Mismatch Issues 120     High CPU Causing Control-Plane Flaps 125     Control Plane Policing 127         CoPP on NX-OS 129         Local Packet Transport Services 134 Dynamic BGP Peering 138     Dynamic BGP Peer Configuration 139     Dynamic BGP Challenges 142         Misconfigured MD5 Password 142         Resource Issues in a Scaled Environment 142         TCP Starvation 142 Summary 143 References 143 Chapter 4 Troubleshooting Route Advertisement and BGP Policies 145 Troubleshooting BGP Route Advertisement 145     Local Route Advertisement Issues 145     Route Aggregation Issues 147     Route Redistribution Issues 150     BGP Tables 152     Receiving and Viewing Routes 154 Troubleshooting Missing BGP Routes 156     Next-Hop Check Failures 157     Bad Network Design 160     Validity Check Failure 162         AS-Path 162         Originator-ID/Cluster-ID 165     BGP Communities 167         BGP Communities: No-Advertise 167         BGP Communities: No-Export 169         BGP Communities: Local-AS (No Export SubConfed) 170         Mandatory EBGP Route Policy for IOS XR 172     Filtering of Prefixes by Route Policy 173 Conditional Matching 174     Access Control Lists (ACL) 174     Prefix Matching 175     Regular Expressions (Regex) 177         UnderScore _ 179         Caret ^ 180         Dollar Sign $ 181         Brackets [ ] 181         Hyphen - 182         Caret in Brackets [^] 182         Parentheses ( ) and Pipe | 183         Period . 183         Plus Sign + 183         Question Mark ? 184         Asterisk * 184         Looking Glass and Route Servers 185     Conditionally Matching BGP Communities 185 Troubleshooting BGP Router Policies 185     IOS and NX-OS Prefix-Lists 186     IOS and NX-OS AS-Path ACLs 188     Route-Map Processing 191     IOS and NX-OS Route-Maps 192     IOS XR Route-Policy Language 196     Incomplete Configuration of Routing Policies 198 Conditional BGP Debugs 199 Summary 203 Further Reading 204 References in This Chapter 204 Chapter 5 Troubleshooting BGP Convergence 205 Understanding BGP Route Convergence 205     BGP Update Groups 207     BGP Update Generation 212 Troubleshooting Convergence Issues 216     Faster Detection of Failures 218         Jumbo MTU for Faster Convergence 219         Slow Convergence due to Periodic BGP Scan 219         Slow Convergence due to Default Route in RIB 222         BGP Next-Hop Tracking 223         Selective Next-Hop Tracking 225         Slow Convergence due to Advertisement Interval 226         Computing and Installing New Path 226     Troubleshooting BGP Convergence on IOS XR 227         Verifying Convergence During Initial Bring Up 227         Verifying BGP Reconvergence in Steady State Network 228     Troubleshooting BGP Convergence on NX-OS 234 BGP Slow Peer 237     BGP Slow Peer Symptoms 238         High CPU due to BGP Router Process 238         Traffic Black Hole and Missing Prefixes in BGP table 238     BGP Slow Peer Detection 239         Verifying OutQ value 240         Verifying SndWnd 240         Verifying Cache Size and Pending Replication Messages 241     Workaround 242         Changing Outbound Policy 242         Advertisement Interval 243         BGP Slow Peer Feature 245         Static Slow Peer 245         Dynamic Slow Peer Detection 245         Slow Peer Protection 246     Slow Peer Show Commands 246 Troubleshooting BGP Route Flapping 246 Summary 250 Reference 250 Part III BGP Scalability Issues Chapter 6 Troubleshooting Platform Issues Due to BGP 251 Troubleshooting High CPU Utilization due to BGP 251     Troubleshooting High CPU due to BGP on Cisco IOS 252         High CPU due to BGP Scanner Process 253         High CPU due to BGP Router Process 255         High CPU Utilization due to BGP I/O Process 256     Troubleshooting High CPU due to BGP on IOS XR 258         Troubleshooting High CPU due to BGP on NX-OS 262         Capturing CPU History 265         Troubleshooting Sporadic High CPU Condition 265     Troubleshooting Memory Issues due to BGP 267         TCAM Memory 269         Troubleshooting Memory Issues on Cisco IOS Software 269         Troubleshooting Memory Issues on IOS XR 274         Troubleshooting Memory Issues on NX-OS 278         Restarting Process 281 Summary 281 References 282 Chapter 7 Scaling BGP 283 The Impact of Growing Internet Routing Tables 283 Scaling Internet Table on Various Cisco Platforms 285 Scaling BGP Functions 288     Tuning BGP Memory 290         Prefixes 290         Managing the Internet Routing Table 290         Paths 292         Attributes 293     Tuning BGP CPU 295         IOS Peer-Groups 295         IOS XR BGP Templates 295         NX-OS BGP Peer Templates 296         BGP Peer Templates on Cisco IOS 297         Soft Reconfiguration Inbound Versus Route Refresh 298         Dynamic Refresh Update Group 302         Enhanced Route Refresh Capability 305     Outbound Route Filtering (ORF) 309         Prefix-Based ORF 309         Extended Community—Based ORF 309         BGP ORF Format 310         BGP ORF Configuration Example 312     Maximum Prefixes 316     BGP Max AS 318     BGP Maximum Neighbors 322 Scaling BGP with Route Reflectors 322     BGP Route Reflector Clusters 324         Hierarchical Route Reflectors 331         Partitioned Route Reflectors 332         BGP Selective Route Download 339         Virtual Route Reflectors 342     BGP Diverse Path 346         Shadow Route Reflectors 349         Shadow Sessions 355 Route Servers 357 Summary 364 References 365 Chapter 8 Troubleshooting BGP Edge Architectures 367 BGP Multihoming and Multipath 367     Resiliency in Service Providers 370     EBGP and IBGP Multipath Configuration 370     EIBGP Multipath 372         R1 373         R2 374         R3 374         R4 375         R5 376     AS-Path Relax 377 Understanding BGP Path Selection 377     Routing Path Selection Longest Match 377     BGP Best-Path Overview 379         Weight 380         Local Preference 380         Locally Originated via Network or Aggregate Advertisement 380         Accumulated Interior Gateway Protocol (AIGP) 381         Shortest AS-Path 383         Origin Type 383         Multi-Exit Discriminator (MED) 384         EBGP over IBGP 386         Lowest IGP Metric 386         Prefer the Oldest EBGP Path 387         Router ID 387         Minimum Cluster List Length 388         Lowest Neighbor Address 388 Troubleshooting BGP Best Path 389     Visualizing the Topology 390         Phase I–Initial BGP Edge Route Processing 391         Phase II–BGP Edge Evaluation of Multiple Paths 392         Phase III–Final BGP Processing State 394     Path Selection for the Routing Table 394 Common Issues with BGP Multihoming 395     Transit Routing 395     Problems with Race Conditions 397     Peering on Cross-Link 402         Expected Behavior 403         Unexpected Behavior 406         Secondary Verification Methods of a Routing Loop 409         Design Enhancements 411     Full Mesh with IBGP 412     Problems with Redistributing BGP into an IGP 413 Summary 417 References 418 Part IV Securing BGP Chapter 9 Securing BGP 419 The Need for Securing BGP 419 Securing BGP Sessions 420     Explicitly Configured Peers 421         IPv6 BGP Peering Using Link-Local Address 421     BGP Session Authentication 424         BGP Pass Through 426     EBGP-Multihop 427         BGP TTL Security 428         Filtering 429         Protecting BGP Traffic Using IPsec 431 Securing Interdomain Routing 431     BGP Prefix Hijacking 432     S-BGP 439         IPsec 439         Public Key Infrastructure 439         Attestations 441     soBGP 442         Entity Certificate 442         Authorization Certificate 443         Policy Certificate 443         BGP SECURITY Message 443     BGP Origin AS Validation 443         Route Origination Authorization (ROA) 445         RPKI Prefix Validation Process 446         Configuring and Verifying RPKI 449         RPKI Best-Path Calculation 460 BGP Remote Triggered Black-Hole Filtering 463 BGP Flowspec 467     Configuring BGP Flowspec 469 Summary 479 References 480 Part V Multiprotocol BGP Chapter 10 MPLS Layer 3 VPN (L3VPN) 481 MPLS VPNs 481 MPLS Layer 3 VPN (L3VPN) Overview 483     Virtual Routing and Forwarding 483     Route Distinguisher 485     Route Target 485     Multi-Protocol BGP (MP-BGP) 486     Network Advertisement Between PE and CE Routers 487 MPLS Layer 3 VPN Configuration 487     VRF Creation and Association 488         IOS VRF Creation 488         IOS XR VRF Creation 489         NX-OS VRF Creation 490     Verification of VRF Settings and Connectivity 492         Viewing VRF Settings and Interface IP Addresses 492         Viewing the VRF Routing Table 494         VRF Connectivity Testing Tools 495     MPLS Forwarding 495     BGP Configuration for VPNv4 and PE-CE Prefixes 497         IOS BGP Configuration for MPLS L3VPN 497         IOS XR BGP Configuration for MPLS L3VPN 499         NX-OS BGP Configuration for MPLS L3VPN 500         Verification of BGP Sessions and Routes 502 Troubleshooting MPLS L3VPN 506     Default Route Advertisement Between PE-CE Routers 508     Problems with AS-PATH 509     Suboptimal Routing with VPNv4 Route Reflectors 514     Troubleshooting Problems with Route Targets 520     MPLS L3VPN Services 524     RT Constraints 534     MPLS VPN Label Exchange 538     MPLS Forwarding 541 Summary 542 References 542 Chapter 11 BGP for MPLS L2VPN Services 543 L2VPN Services 543     Terminologies 545     Virtual Private Wire Service 548         Interworking 549         Configuration and Verification 550         VPWS BGP Signaling 558         Configuration 560     Virtual Private LAN Service 561         Configuration 562         Verification 564         VPLS Autodiscovery Using BGP 569         VPLS BGP Signaling 580         Troubleshooting 586 Summary 588 References 589 Chapter 12 IPv6 BGP for Service Providers 591 IPv6 BGP Features and Concepts 591     IPv6 BGP Next-Hop 591     IPv6 Reachability over IPv4 Transport 596     IPv4 Routes over IPv6 Next-Hop 601     IPv6 BGP Policy Accounting 604 IPv6 Provider Edge Routers (6PE) over MPLS 607     6PE Configuration 611     6PE Verification and Troubleshooting 615 IPv6 VPN Provider Edge (6VPE) 620     IPv6-Aware VRF 622     6VPE Next-Hop 623         Route Target 624         6VPE Control Plane 624     6VPE Data Plane 626     6VPE Configuration 627     6VPE Control-Plane Verification 629     6VPE Data Plane Verification 633 Summary 639 References 639 Chapter 13 VxLAN BGP EVPN 641 Understanding VxLAN 641     VxLAN Packet Structure 643     VxLAN Gateway Types 645 VxLAN Overlay 645     VxLAN Flood-and-Learn Mechanism 645         Configuration and Verification 647         Ingress Replication 652 Overview of VxLAN BGP EVPN 653     Distributed Anycast Gateway 654     ARP Suppression 655     Integrated Route/Bridge (IRB) Modes 656         Asymmetric IRB 657         Symmetric IRB 658     Multi-Protocol BGP 658     Configuring and Verifying VxLAN BGP EVPN 661 Summary 690 References 691 Part VI High Availability Chapter 14 BGP High Availability 693 BGP Graceful-Restart 693 BGP Nonstop Routing 700 Bidirectional Forwarding Detection 712     Asynchronous Mode 713     Asynchronous Mode with Echo Function 715     Configuration and Verification 715     Troubleshooting BFD Issues 724         BFD Session Not Coming Up 724         BFD Session Flapping 725 BGP Fast-External-Fallover 726 BGP Add-Path 726 BGP best-external 738 BGP FRR and Prefix-Independent Convergence 741     BGP PIC Core 742     BGP PIC Edge 745         Scenario 1–IP PE-CE Link/Node Protection on CE Side 745         Scenario 2–IP MPLS PE-CE Link/Node Protection for Primary/Backup 748         BGP Recursion Host 752 Summary 753 References 753 Part VII BGP: Looking Forward Chapter 15 Enhancements in BGP 755 Link-State Distribution Using BGP 755     BGP-LS NLRI 759     BGP-LS Path Attributes 762     BGP-LS Configuration 762         IGP Distribution 763         BGP Link-State Session Initiation 763 BGP for Tunnel Setup 771 Provider Backbone Bridging: Ethernet VPN (PBB-EVPN) 773     EVPN NLRI and Routes 776     EVPN Extended Community 777     EVPN Configuration and Verification 778 Summary 787 References 788     9781587144646   TOC   11/21/2016  

About the Author :
Vinit Jain, CCIE No. 22854 (R&S, SP, Security & DC), is a High Touch Technical Support (HTTS) engineer with Cisco providing support to premium customers of Cisco on complex routing technologies. Before joining Cisco, Vinit worked as a CCIE trainer and a network consultant. In addition to his expertise in networks, he has experience with software development, with which he began his career. Vinit holds certifications for multiple vendors, such as Cisco, Microsoft, Sun Microsystems, VMware, and Oracle, and also is a Certified Ethical Hacker. Vinit is a speaker at Cisco Live and various other forums, including NANOG. Vinit pursued his graduation from Delhi University in Mathematics and earned his Masters in Information Technology from Kuvempu University in India. Vinit is married and is presently based out of RTP, North Carolina. Vinit can be found on Twitter @vinugenie. Brad Edgeworth, CCIE No. 31574 (R&S & SP), has been with Cisco working as a systems engineer and a technical leader. Brad is a distinguished speaker at Cisco Live, where he has presented on multiple topics. Before joining Cisco, Brad worked as a network architect and consulted for various Fortune 500 companies. Brad’s other certifications include Cisco Certified Design Professional (CCDP) and Microsoft Certified Systems Engineer (MCSE). Brad has been working in the IT field with an emphasis on enterprise and service provider environments from an architectural and operational perspective. Brad holds a Bachelor of Arts degree in Computer Systems Management from St. Edward’s University in Austin, Texas. Brad can be found on Twitter @BradEdgeworth.