Thursday, February 14, 2013

BGP - Maximum-path - hidden command

Two is better than one -- More is better or is it? Well I guess we can ruminate on semantics but I think we would rather see how we can implement equal cost multi-path (ECMP) routing using eBGP. By default BGP only installs THE BEST PATH after going through the BGP Bestpath selection algorithm (Cisco).

Consider the simple topology and let's dive in.
Complete config can be found here.

In order to get multi-path routing to work with eBGP the two paths must be identical to some extent. The restrictions are as follows.

The two paths must have the:
  • Same weight *Although this is Cisco proprietary, others are also starting to implement it such as Arista*
  • Identical local preference. Note that by default all routes have a local preference of a 100.
  • AS-Path needs be the same.
  • Same origin.
  • Same MED.
There is actually couple of more restrictions, however it's unlikely to run into them.

As always let's get interfaces, eBGP configured and observe the behavior. We will then go back and complete our objective.

 hostname R1  
 !  
 interface Serial1/0  
  description connected to r2  
  ip address 2.2.2.1 255.255.255.0  
  serial restart-delay 0  
 !  
 interface Serial1/1  
  description connected to r3  
  ip address 1.1.1.1 255.255.255.0  
  serial restart-delay 0  
 !  
 router bgp 65111  
  no synchronization  
  bgp log-neighbor-changes  
  neighbor 1.1.1.3 remote-as 65113  
  neighbor 2.2.2.2 remote-as 65112  
  maximum-paths 2  
  no auto-summary  
  !  
  address-family nsap  
  maximum-paths 2  
  no synchronization  
  exit-address-family  

 hostname R2  
 !  
 interface Loopback1  
  ip address 10.10.10.1 255.255.255.0  
 !  
 interface Serial1/0  
  description connected to r1  
  ip address 2.2.2.2 255.255.255.0  
  serial restart-delay 0  
 !  
 router bgp 65112  
  no synchronization  
  bgp log-neighbor-changes  
  network 10.10.10.0 mask 255.255.255.0  
  neighbor 2.2.2.1 remote-as 65111  
  no auto-summary  
 !  

 hostname R3  
 !  
 interface Loopback1  
  ip address 10.10.10.1 255.255.255.0  
 !  
 interface Serial1/1  
  description connected to r1  
  ip address 1.1.1.3 255.255.255.0  
  serial restart-delay 0  
 !  
 router bgp 65113  
  no synchronization  
  bgp log-neighbor-changes  
  network 10.10.10.0 mask 255.255.255.0  
  neighbor 1.1.1.1 remote-as 65111  
  no auto-summary  
 !  

  • As you can see there are 2 routes in the BGP Table. One from R2 and another from R3.
  • maximum-paths 2 is also configured under BGP.
So why is there only one route in the routing table??? Well because in order for two identical routes to be installed the AS_PATH Sequence must be the same.

Here is the official jargon from a Cisco guide.

 If the following conditions are all true, insert the route for this path into the IP routing table:   
 – Both the best route and this route are external.  
 – Both the best route and this route are from the same neighboring autonomous system.  
 – The maximum-paths router configuration command is enabled.  

So the question is how do we get around this? Well we could simply use a hidden command. 

bgp bestpath as-path multipath-relax -- just relax let the engineer work his magic!!


 R1(config)#router bgp 65111  
 R1(config-router)#bgp bestpath  
 R1(config-router)#bgp bestpath ?  
  compare-routerid Compare router-id for identical EBGP paths  
  cost-community  cost community  
  med        MED attribute  
 R1(config-router)#bgp bestpath as-path ?  
 % Unrecognized command  
 R1(config-router)#bgp bestpath as-path multipath-relax?  
 % Unrecognized command  
 R1(config-router)#bgp bestpath as-path multipath-relax  

Notice that although the context help is giving you "% Unrecognized command" when you put the entire command and hit enter it takes it.

 R1#show run | sec bgp  
 router bgp 65111  
  no synchronization  
  bgp log-neighbor-changes  
  bgp bestpath as-path multipath-relax  
  neighbor 1.1.1.3 remote-as 65113  
  neighbor 2.2.2.2 remote-as 65112  
  maximum-paths 2  
  no auto-summary  
  !  
  address-family nsap  
  maximum-paths 2  
  no synchronization  
  exit-address-family  

Clear the bgp *Obviously not recommended to clear bgp peers during production hours* and there you have it two "almost" identical eBGP routes in the routing table.

R1#clear ip bgp * 
R1#show ip route | beg Gateway  
 Gateway of last resort is not set  
    1.0.0.0/24 is subnetted, 1 subnets  
 C    1.1.1.0 is directly connected, Serial1/1  
    2.0.0.0/24 is subnetted, 1 subnets  
 C    2.2.2.0 is directly connected, Serial1/0  
    10.0.0.0/24 is subnetted, 1 subnets  
 B    10.10.10.0 [20/0] via 2.2.2.2, 00:02:53  
                 [20/0] via 1.1.1.3, 00:02:53  

Conclusion:

Neat trick, however it may not apply unless you are doing something peculiar.

Many more articles to come so stay tuned.

Please subscribe/comment/+1 if you like my posts as it keeps me motivated to write more and spread the knowledge.

Addendum: 

From Luciano Barros

 "Problems are:  
 - Hidden commands are not supported by Cisco or Cisco TAC, in general.  
 - You have no guarantees Cisco will still include the hidden command in 
   future versions/updates of IOS  
 - You have to make sure your router has the memory and capacity of handling 
   all the extra prefixes that it will be installing in the routing table 
   and FIB. This means you have to study the new memory requirements, etc. 
   for the BGP processes before implementing the command.  
   
   So it works but use at your own risk :)"  

6 comments:

  1. That is nice but because this command is undocumented, unofficial etc etc - how can we make sure it won't disappear in the next IOS update?!

    ReplyDelete
  2. AFAIK, this command works on all the BGP supported 12 TRAIN IOS. I have not confirmed whether this works with the 15 TRAIN. Here is what you can do if you do not want to use this hidden command. "neighbor x.x.x.x local-as no-prepend replace-as". For example you would use that command on both R2 and R3. So from R1's persepective the routes will have the same AS-PATH (from R2 and R3) :).

    Here is an article I wrote a while ago that talks about "neighbor x.x.x.x local-as ".

    http://ithitman.blogspot.com/2012/06/configuring-bgp-local-as-one-router.html

    ReplyDelete
  3. Super! Realy nice of you.

    ReplyDelete
  4. What kind of flow logic would the traffic have, if you were sending from a host behind R1 towards the 10.10.10.0/24 network? Is the flow on a basis of per-packet or src/dst hash, or ?? How do you minimize out-of-order packets?

    ReplyDelete
    Replies
    1. The logic depends on the platform. Once you get the routes in the routing table then its up to your router configuration. For example, in a CEF world you can set it to per-packet or per destination.

      http://www.cisco.com/en/US/products/hw/modules/ps2033/prod_technical_reference09186a00800afeb7.html#wp16233

      On the cisco nexus it's done using a XOR has based on source-port-destination-port or other combinations.

      Nexus3548# show routing hash 1.1.1.1 2.2.2.2
      Load-share parameters used for software forwarding:
      load-share mode: address source-destination port source-destination
      Universal-id seed: 0xfec
      No IPv4 protocol specified, defaulting to UDP
      Hash for VRF "default"
      Hashing to path *Vlan198, attached
      For route:
      2.2.2.0/24, ubest/mbest: 1/0, attached
      *via 2.2.2.1, Vlan198, [0/0], 4w5d, direct

      Delete