Monday, September 9, 2013

BGP table received only (demonstration)

A  junior  engineer asked me one day, a question about paths in the BGP table, & those marked received-only and why? 

In this example, I will try to demo just this action. But let’s look at a common bgp configuration that influence this.                                     
 "Soft-reconfiguration inbound "

This command is used by so many, but yet most don’t know the impact. When this command is applied to a  bgp neighbor, the  router must apply a copy of the bgp path b4,  and after any local policies are applied.

This will cause extra consumption of memory/cpu, due to the BGP path is stored in memoryfor both  pre & post bgp importing.

That this bgp cmd that will show you the original bgp path information per neighbor;

show bgp neighbors  received ?
  prefix-filter  Display the prefixlist filter
  routes         Display routes from this neighbor before inbound policy

Notice that command shows the BGP paths learned b4 your bgp import policy? Yes, we can see the path b4 you apply any route-policies against any prefixes.

Take this topology;

Okay R2 will be sending prefixes to R1 who has soft reconfiguration inbound applied. Also R2  has deploy bgp policies via  route-map.

R2 config

R1  bgp configuration applies a route-map  to manipulate BGP information "inbound".

Okay good so far, let's bring up the  BGP session and see what R1 does?

Okay, you see path #2 and the (received-only)? That's our BGP path B4 our local router manipulated the  BGP attributes. 

Clear ?

With out changing anything on R2, we will now take away the R1 soft reconfiguration inbound away and clear the session.

What do you think is going to happen with R1 BGP table , & after the bgp session has re-established?

Will let's see;

Okay you notice how the  (received-only) is gone? And we have just one BGP path in our table !

So with any neighbors or neighbors groups that have soft reconfiguration inbound, the local router has to maintain the "original"  path b4 our bgp importation and any path manipulations.

The opposite of this, is our "route-refresh" and if you remember a quite few post back, this capability is advertised during the BGP open and the  receiving router can always ask it's peer for a route-fresh.

Almost  ALL bgp speakers support route-refreshes. So unless you enable soft-reconfiguration inbound, you can ask even direct peer for a refresh. Be advise, if you don't have "soft reconfiguration inbound" set, you can clear the bgp peer without the risk of  dropping the neighborship;


Now let's look at memory consumption, so let's take a peek B4 soft reconfiguration is reapplied;

Okay nice, we have  3 network entries using 303bytes of memory for a total of 615 bytes of memory. So what happens after we re-apply the configuration?

and now we have;

I highlighted a few items and the main one is at the middle, we have 6 paths ( 6x received-only for the 3 prefixes ) and that the memory is now double. So picture a full-bgp-table and 400K+ prefixes and if you had soft-reconfiguration-inbound set. You now have the possibility to waste a lot of memory.

I hope you found this post useful and have a better understanding of what that command does and how it effects the bgp table and neighbors.

Ken Felix
Freelance Network / Security Engineer
kfelix  ----a---t---socpuppets ---d---o---t---com

     ^      ^
=(  @   @ )=
       /     \

1 comment: