bgp local convergence
設定
物理:192.168.xy.0/24
Loopback:x.x.x.x/32
AS100・200間でroute-targetを書き換え
before
iosv-7#sh ip ro | b Gate
Gateway of last resort is not set
7.0.0.0/32 is subnetted, 1 subnets
C 7.7.7.7 is directly connected, Loopback0
8.0.0.0/32 is subnetted, 1 subnets
O IA 8.8.8.8 [110/2] via 192.168.117.11, 00:00:47, GigabitEthernet0/3
[110/2] via 192.168.67.6, 00:00:03, GigabitEthernet0/1
O IA 192.168.58.0/24 [110/2] via 192.168.117.11, 00:00:47, GigabitEthernet0/3
[110/2] via 192.168.67.6, 00:00:03, GigabitEthernet0/1
192.168.67.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.67.0/24 is directly connected, GigabitEthernet0/1
L 192.168.67.7/32 is directly connected, GigabitEthernet0/1
192.168.79.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.79.0/24 is directly connected, GigabitEthernet0/2
L 192.168.79.7/32 is directly connected, GigabitEthernet0/2
O IA 192.168.108.0/24
[110/2] via 192.168.117.11, 00:00:47, GigabitEthernet0/3
[110/2] via 192.168.67.6, 00:00:03, GigabitEthernet0/1
192.168.117.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.117.0/24 is directly connected, GigabitEthernet0/3
L 192.168.117.7/32 is directly connected, GigabitEthernet0/3
iosv-7#ping 8.8.8.8 repeat 3000
Type escape sequence to abort.
Sending 3000, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
<略>
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.................
*Aug 13 06:02:57.210: %OSPF-5-ADJCHG: Process 100, Nbr 192.168.67.6 on GigabitEthernet0/1 from FULL to DOWN, Neighbor Down: Dead timer expired...!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
<略>
Success rate is 99 percent (2139/2160), round-trip min/avg/max = 8/27/68 msiosv-7のping爆撃中にiosv-6のGi0/1をshutする。
通信断が発生するものの、しばらくすると復旧する。
after1
設定
iosv-11(config)#vrf def A
iosv-11(config-vrf)#add ipv4
iosv-11(config-vrf-af)#protection local-prefixes
iosv-6#sh ip vrf detail
VRF A (VRF Id = 1); default RD 100:1; default VPNID <not set>
New CLI format, supports multiple address-families
Flags: 0x180C
Interfaces:
Gi0/1
Address family ipv4 unicast (Table ID = 0x1):
Flags: 0x4000
Export VPN route-target communities
RT:100:1
Import VPN route-target communities
RT:100:1
No import route-map
No global export route-map
No export route-map
VRF label distribution protocol: not configured
VRF label allocation mode: per-prefix
Local prefix protection enabled <<<enabledになっていることを確認結果
iosv-7#ping 8.8.8.8 repeat 3000
Type escape sequence to abort.
Sending 3000, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!....................
*Aug 13 06:12:47.011: %OSPF-5-ADJCHG: Process 100, Nbr 192.168.67.6 on GigabitEthernet0/1 from FULL to DOWN, Neighbor Down: Dead timer expired...!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!変化なしどころかむしろ復旧までに時間がかかってる。
iosv-0とiosv-6をiBGPピアで結ぶ
iosv-7#ping 8.8.8.8 repeat 1000
Type escape sequence to abort.
Sending 1000, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!..................
*Aug 13 06:54:41.506: %OSPF-5-ADJCHG: Process 100, Nbr 192.168.67.6 on GigabitEthernet0/1 from FULL to DOWN, Neighbor Down: Dead timer expired...!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!変わらず。
after2
protection local-prefixesなし
iosv-8#ping 7.7.7.7 repeat 1000
Type escape sequence to abort.
Sending 1000, 100-byte ICMP Echos to 7.7.7.7, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!...!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!protection local-prefixesあり
iosv-8#ping 7.7.7.7 repeat 1000
Type escape sequence to abort.
Sending 1000, 100-byte ICMP Echos to 7.7.7.7, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!...!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!反対方向からping爆撃しただけ、特に変わらず。
う~ん
The MPLS VPN BGP Local Convergence feature reduces loss of connectivity time by sending the broken link’s traffic over a backup path (as shown in the figure below) instead of waiting for total network convergence.
バックアップPEにトラフィックを転送することでロスしてる時間を減らすみたいなことが書かれてあるから、ping爆撃での切断時間に変化があると思ってたんだけど違うのかな。
おそらく自分の検証方法が間違っている気がする。いったんパス。
参考
Chapter: MPLS VPN BGP Local Convergence