IGP/LDP/BGP Convergence Tuning (IOS/IOS-XE)

References:
https://www.cisco.com/c/en/us/td/docs/routers/asr920/configuration/guide/iproute/iri-xe-3s-asr920-book/iri-lfa-frr.html#task_E243B1E8E9714CB5BDB893C92AB1EAC1

Items to consider are:

  • Interface level: link up/down signalling delay (carrier delay), interface dampening. Loss-of-Signal/Link-loss-forwarding, BFD, IGP hello timers, LDP hello timers, IGP and LDP authentication.
  • IGP level: LSA/SPF timers, iSPF, prefix-supression, (un)ECMP limit, prefix-filters, prefix-priority, PIC core/H-FIB, graceful-restart, session protection
  • MPLS level: IP FRR (LFA/rFLA/TI-LFA), LDP session protection, LDP quick start/discovery, LDP-IGP sync, LDP-IGP metric tracking, LDP targetet hellos, LDP graceful-restart, label allocation filtering, RSVP reoptimize frequency, RSVP delay installation, RSVP auto-tunnel backup.
  • BGP Level: BGP hello timers, MRAI timer, BGP next-hop update delay, iBGP BFD, PIC edge/advertise best-external, add-path, optimal-route-reflection/unique RD per-next-hop.

 

This is a reference of commands, this is not a config to be applied verbatim:

conf t

! Pass link-down events directly to the IGP rather than to RIB which causes a CEF update which then triggers IGP recalculation and then RIB and CEF updates again!

ip routing protocol purge interface

! Set the global BFD control packet tx delay to 5 seconds

bfd slow-timers 5000
! Enable targeted LDP sessions to the unicast address of neighbours rather than multicasts to protect LDP sessions against link failure

mpls ldp session protection

! Enable the acceptance of targeted LDP hello requests (default is to ignore) mpls ldp discovery targeted-hello accept

! Enable the graceful recover of interruptions to the control-plane session

mpls ldp graceful-restart ! Optimise the LDP session initiation mpls ldp discovery quick-start ! This is default in some newer IOS/XE versions and the command is removed ! Limit the IGP LDP sync time (default is no limit) when IGP has re-convereged mpls ldp igp sync holddown 600000 ! Enabled LDP label allocation filtering - here we restrict label allocation to host routes (/32's) only mpls ldp label allocate global host-routes ! Further to the above - we can also restrict the IP prefixes we allocate labels for, so we will only allocate labels to /32s in the specified IP prefix list ip prefix-list PL-Core-Loopbacks seq 10 permit 10.0.0.0/16 ge 32 mpls ldp label allocate global prefix-list PL-Core-Loopbackps

! Log neighbour changes
mpls ldp logging neighbor-changes
mpls ldp logging password configuration
mpls ldp logging password rollover
interface gi0/0

! Change the interface carrier delay to 0 msec (from default 2 seconds or 10 msec for fibre?) so there is no delay between the interface being detected as down and telleing the RIB it's down

 carrier-delay down 0 up 2000

! On supported platforms the up and down delay can be seperate (msec) values, so BFD can signal a link down as soon as it's detected as down but this will delay the link being seen as up again incase it is flapping

! Some switches support the interface command "link debounce time" but this is configured by default so usually no need to change it.
! Enable interface IP event dampening to protext against rapid link flaps from the above dampening ! Set the BFD send and receive delay to be 50 msec and set the dead detection to be 3x 50msex == 150msec bfd interval 50 min_rx 50 multiplier 3 ! Enable BFD echo mode here so we send the control packets every slow-timers interval. This is enabled by default. bfd echo ! Disabel BFD echo mode (which switches to asynchronous mode) for platforms that don't support BFD hardware offload like ME3800 no bfd echo ! Disable DR/BDR election on point-to-point links where they aren't needed ip ospf network point-to-point ip router isis 1 ! Interface could also be configured at the process level
ipv6 router isis 1
isis circuit-type level-2-only ! Example BB link
isis metric 400 level-2 ! If not using auto-cost reference bandwidth
isis ipv6 metric 400 level-2
isis authentication mode md5 level-2
isis authentication key-chain isis-level2 level-2
isis network point-to-point ! Disable the DIS election isis bfd
! no hello padding ! IOS pads first 5 IIH to full MTU to discovery initial MTU issues, use with caution.
router isis
log-adjacency-changes

passive-interface Loopback0 ! Allow the loopback IP addresss to be advertised without adding it into the flooding process

! Syncronise LDP and IGP convergence so that new links aren't used by the IGP until LDP is ready

mpls ldp sync

! When this device starts up, use the maximum metric for type 1 LSAs until BGP has converged

set-overload-bit on-startup wait-for-bgp

! Drop LS packets with a bad checksum rather than "ignore" which causes the sender to regenerate, which could cause a loop
ignore-lsp-errors

metric-style wide ! Required for IPv6

! Graceful restart

nsf ietf

! Increase LSP lifetime so that LSPs aren't refreshed regularly if they aren't changing
max-lsp-lifetime 65535

! Reduce the frequency of periodic LSP flooding of the topology
lsp-refresh-interval 65000

! Customise the SFP throttling timers, when used with BFD (these are ASR1000 timers)
bfd all-interfaces
spf-interval 5 40 200
prc-interval 5 40 200
sp-gen-interval 5 40 200

! For ASR920 these timers are recommended
! bfd-all-interfaces
! spf-interval 5 100 1000
! prc-interval 5 100 1000
! lsp-gen-interval 5 100 1000

! The 1ms delay in the ASR1000 timers is very low if not using FRR-LFA, if a node has failed more LSP updates maybe required (or yet to arrive) so a subsequent SPF run may still occur.

! Enable fast flooding of 10 LSPs before running the SPF
fast-flood 10
router ospf 1

log-adjacency-changes detail

! Increase the default event log size

event-log size 1000 ! Enable OSPF only where we need to passive-interface default

! When this device starts up, use the maximum metric for type 1 LSAs until BGP has converged

max-metric router-lsa on-startup wait-for-bgp ! Enabled BFD for IGP integration bfd all-interfaces ! Enable incremental SPF ispf ! Thottle LSA generation timers throttle lsa 5 100 1000 ! Thorrtle SPF runs on received LSAs and locally triggered events timers throttle spf 5 100 1000

! Limit LSA processing when receiving the same LSA

 timers lsa arrival 10 ! Group "pace" LSA flooding timers pacing flood 15 ! Limit LSA retransmition to be greater than the minimum receive interval above timers pacing retransmission 30
! Suppress advertisements for transit link IPs (Loopbacks and seconadry IPs are still advertised) by removing the type 3 LSAs, to reduce IGP table size prefix-suppression ! Limit the number of ECMP to 1 effectively disabling ECMP (if for example the ECMPs are via different PE rather than multiple links to the same next-hop PE, this can give predictable forwarding and failover behvaiour) maximum-paths 1 ! Syncronise LDP and IGP convergence so that new links aren't used by the IGP until LDP is ready mpls ldp sync
router bgp XXXXX

! Enabled BGP slow peer detection (at least to log slow peers)

 neighbor x.x.x.x slow-peer detection

! Enable dynamic BGP update group splitting when a slow peer is detected so that the rest of the BGP update group isn't hindered by the transmission cache is full. Unless the "permanent" keyword is given the peer will dynamically move back to it's normal update group once it "passes" the slow-peer detection again

neighbor x.x.x.x slow-peer split-update-group dynamic

! Lower the default update advertisement interval for BGP neighbours (default is 5 seconds for iBGP, 30 seconds for eBGP in GRT and 30 seconds for eBGP in VRF - newer IOS versions have iBGP default to 0 and eBGP in VRF default to 0)
 
 neighbor x.x.x.x advertisement-interval 0

! Enabled BFD for directly connected iBGP neighbours (no dampening for fall-over, link flap caution!)

! ! neighbor x.x.x.x fall-over bfd

! We can track the next-hop address for multi-hop iBGP neighbours by removing the BFD keyword (no dampening for fall-over, loss of next hop means immediate session tear down!)

! neighbor x.x.x.x fall-over

! BGP NHT would be preferable over fall-over for stability: BGP Next-Hop Tracking is enabled by default in supporting images, lower the BGP trigger event to 1 second (default 5) to react quicker to the tunned IGP which is updating the RIB with details relating to BGP next hop address

! ! bgp nexthop trigger enable ! Enabled by default on newer versions
! ! bgp nexthop trigger delay 1


! Lower BGP timers if BFD or similar isn't available

 neighbor x.x.x.x timers 15 30 ! No point in aggressive tuning BFD/IGP should support BGP

! For directly connected eBGP neighbours use interface tracking for session tear down (default enabled)

 bgp fast-external-fallover

 


Previous page: BFD
Next page: LAG, ECMP, MPLS-TE: Tech Overview