Juniper MX BGP with BFD and load balancing.

The scenario:



scenario


In addition to an EBGP session, the following is configured as well:
    • load balancing
    • multihop, enabling a session between the loopback addresses
    • authentication
    • multiprotocol, enabling the exchange of routing information for IPv4 and IPv6
    • a BGP hold-time of 0 and BFD to detect
    • routing table exchange delay

Load balancing:

In this scenario, traffic is load balanced across two links using 1 BGP session. To enable this, several configuration statements have been entered. Let’s look at the following commands that were entered on the Trajan router:

set protocols bgp group ebgp neighbor 1.1.1.1 multihop ttl 1
set protocols bgp group ebgp neighbor 1.1.1.1 local-address 1.1.1.2
set protocols bgp group ebgp neighbor 1.1.1.1 authentication-key "$9$.5Q3At0O1ElK-bs4GU"
set protocols bgp group ebgp neighbor 1.1.1.1 peer-as 1
set routing-options static route 1.1.1.1/32 next-hop 2.0.0.13
set routing-options static route 1.1.1.1/32 next-hop 2.0.0.6
set routing-options autonomous-system 2
                

These configuration commands will enable a multihop session between the two routers. The two static routes are required to tell the router that the neighbor IP is to be found behind both of the links. After this, the router needs to be configured to do some actual load-balancing. This is done with the following configuration commands:

set policy-options policy-statement load-balance then load-balance per-packet
set routing-options forwarding-table export load-balance
                

These commands tell the system to install multiple next-hops into the forwarding table. To have the BGP session exchange routing information for IPV4 and IPV4, the following configuration commands were entered:

set protocols bgp group ebgp neighbor 1.1.1.1 family inet unicast
set protocols bgp group ebgp neighbor 1.1.1.1 family inet6 unicast
set protocols bgp group ebgp neighbor 1.1.1.1 export bgp-export
                

In this example, I am using the following export policy:

set policy-options policy-statement bgp-export term direct from protocol direct
set policy-options policy-statement bgp-export term direct from prefix-list direct-lo0
set policy-options policy-statement bgp-export term direct then accept
set policy-options policy-statement bgp-export term inet6-direct from protocol direct
set policy-options policy-statement bgp-export term inet6-direct from prefix-list inet6-direct-lo0
set policy-options policy-statement bgp-export term inet6-direct then next-hop 2001::2
set policy-options policy-statement bgp-export term inet6-direct then accept
set policy-options prefix-list direct-lo0 apply-path " interfaces lo0 unit <*> family inet address <*>"
set policy-options prefix-list inet6-direct-lo0 apply-path " interfaces lo0 unit <*> family inet6 address <*>"                   
                

This will make the router advertise all addresses configured under the loopback interface. In the case of the IPv6 addresses, there is an additional statement that telling the router what value next-hop should have. In our case, it will use one of the IPv6 addresses configured under the loopback interface. Because this is done on both sides, we need to deploy static routes on both routers as well, telling them were to find the other routers’ loopback interface. The following configuration is from the Aurelius router. These static routes are required to be able to route the packets to Trajan’s loopback interface:

set routing-options rib inet6.0 static route 2001::1/128 next-hop 2001:2:5::1
set routing-options rib inet6.0 static route 2001::1/128 next-hop 2001:2:13::1
                

The following commands can be used to verify the load-balancing part. First, we verify that we are learning prefixes from our EBGP neighbor. After that, we verify if the all the destionations are installed in the forwarding table:

play@MX480-TEST:TRAJAN> show route receive-protocol bgp 1.1.1.1

inet.0: 9 destinations, 10 routes (9 active, 0 holddown, 0 hidden)
  Prefix                  Nexthop              MED     Lclpref    AS path
  1.1.1.1/32              1.1.1.1                                 1 I
* 50.0.0.0/24             1.1.1.1                                 1 I

inet6.0: 12 destinations, 14 routes (12 active, 0 holddown, 0 hidden)
  Prefix                  Nexthop              MED     Lclpref    AS path
  2001::1/128             2001::1                                 1 I
* 2001::5001/128          2001::1                                 1 I

play@MX480-TEST:TRAJAN> show route forwarding-table matching 50.0.0.0
Logical system: TRAJAN
Routing table: default.inet
Internet:
Destination        Type RtRef Next hop           Type Index NhRef Netif
50.0.0.0/24        user     0                    indr 1048580     2
                                                 ulst 1048576     4
                              2.0.0.13           ucst  1390     2 xe-0/2/0.4
                              2.0.0.6            ucst  1389     3 xe-0/3/0.2

Logical system: TRAJAN
Routing table: __master.anon__.inet
Internet:

play@MX480-TEST:TRAJAN> show route forwarding-table matching 2001::5001
Logical system: TRAJAN
Routing table: default.inet6
Internet6:
Destination        Type RtRef Next hop           Type Index NhRef Netif
2001::5001/128     user     0                    indr 1048581     2
                                                 ulst 1048575     3
                              2001:2:13::1       ucst  1439     2 xe-0/2/0.4
                              2001:2:5::1        ucst  1441     2 xe-0/3/0.2

Logical system: TRAJAN
Routing table: __master.anon__.inet6
Internet6:
Destination        Type RtRef Next hop           Type Index NhRef Netif
default            perm     0                    rjct  1036     1
                

BFD:

BGP on a Juniper MX router supports BFD. This can be configured in the following way:

set protocols bgp group ebgp neighbor 1.1.1.1 bfd-liveness-detection version 1
set protocols bgp group ebgp neighbor 1.1.1.1 bfd-liveness-detection minimum-interval 500
set protocols bgp group ebgp neighbor 1.1.1.1 bfd-liveness-detection multiplier 3
                

Verifying BFD for BGP on Junos can be done by examining the BGP neighbor relationship and by examining the BFD session status.

The output of the BGP neighbor relatioship can provide us with the following information:

play@MX480-TEST:AURELIUS> show bgp neighbor | match bfd
  Options: <BfdEnabled>
  BFD: enabled, up

The ‘BfdEnabled’ and ‘enabled’ means that the local system has BFD enabled for BGP. The ‘up’ part displays the current status of the BFD session. Without BFD enabled on the router, the output would be as follows:

play@MX480-TEST:AURELIUS> show bgp neighbor | match bfd
  Options: <BfdEnabled>
  BFD: enabled, down

When both routers are configured correctly and the BFD session between the two routers is up, we can see the following information:

play@MX480-TEST:AURELIUS> show bfd session extensive
                                                  Detect   Transmit
Address                  State     Interface      Time     Interval  Multiplier
1.1.1.2                  Up                       1.500     0.500        3
 Client BGP, TX interval 0.500, RX interval 0.500
 Session up time 00:02:39
 Local diagnostic NbrSignal, remote diagnostic None
 Remote state Up, version 1
 Logical system 10, routing table index 42
 Min async interval 0.500, min slow interval 1.000
 Adaptive async TX interval 0.500, RX interval 0.500
 Local min TX interval 0.500, minimum RX interval 0.500, multiplier 3
 Remote min TX interval 0.500, min RX interval 0.500, multiplier 3
 Local discriminator 330, remote discriminator 331
 Echo mode disabled/inactive
 Remote is control-plane independent
 Multi-hop min-recv-TTL 255, route table 42, local-address 1.1.1.1
  Session ID: 0x500701

1 sessions, 1 clients
Cumulative transmit rate 2.0 pps, cumulative receive rate 2.0 pps

This output tells us several things. The session status is up, and has been up for more than 2 minutes now. The Client BGP part of the output tells us this session is used to check a BGP neighbor relationship. The addresses (in red) correlate to the addresses used in the BGP neighbor relationship. The ‘Detect Time’ is the time (in seconds) in which the system can detect the remote state. The Detect Time is the Transmit Interval multiplied with the Multiplier value.

Starting Junos OS Release 12.3, multihop BFD is run distributed mode by default. This is important to know since this means that it can be handled in hardware and the routing engine is not bothered with BFD packets. Multihop BFD control packets use UDP port 4784. This is indicated by the ‘Remote is control-plane independent’ part of the output.

By relying on BFD to detect the state of the BGP neighbor, the hold time for the BGP neighbor relationship can be changed to 0. This can be done with the following configuration command:

set protocols bgp group ebgp neighbor 1.1.1.1 hold-time 0

The complete configuration that was used in this scenario:

Aurelius:
set interfaces xe-0/2/0 flexible-vlan-tagging
set interfaces xe-0/2/0 mtu 9000
set interfaces xe-0/2/0 encapsulation flexible-ethernet-services
set interfaces xe-0/2/0 unit 2 description TRAJAN
set interfaces xe-0/2/0 unit 2 vlan-id 2
set interfaces xe-0/2/0 unit 2 family inet mtu 1500
set interfaces xe-0/2/0 unit 2 family inet address 2.0.0.6/30
set interfaces xe-0/2/0 unit 2 family inet6 mtu 1500
set interfaces xe-0/2/0 unit 2 family inet6 address fe80::0002:0000:0000:0001/64
set interfaces xe-0/2/0 unit 2 family inet6 address 2001:2:5::1/64
set interfaces xe-0/3/0 flexible-vlan-tagging
set interfaces xe-0/3/0 mtu 9000
set interfaces xe-0/3/0 encapsulation flexible-ethernet-services
set interfaces xe-0/3/0 unit 4 description TRAJAN
set interfaces xe-0/3/0 unit 4 vlan-id 4
set interfaces xe-0/3/0 unit 4 family inet mtu 1500
set interfaces xe-0/3/0 unit 4 family inet address 2.0.0.13/30
set interfaces xe-0/3/0 unit 4 family inet6 mtu 1500
set interfaces xe-0/3/0 unit 4 family inet6 address fe80::0004:0000:0000:0001/64
set interfaces xe-0/3/0 unit 4 family inet6 address 2001:2:13::1/64
set interfaces lo0 unit 1 family inet address 1.1.1.1/32
set interfaces lo0 unit 1 family inet address 50.0.0.1/24
set interfaces lo0 unit 1 family inet6 address 2001::1/128
set interfaces lo0 unit 1 family inet6 address 2001::5001/128
set protocols bgp group ebgp type external
set protocols bgp group ebgp out-delay 2
set protocols bgp group ebgp log-updown
set protocols bgp group ebgp export bgp-export
set protocols bgp group ebgp neighbor 1.1.1.2 multihop ttl 1
set protocols bgp group ebgp neighbor 1.1.1.2 local-address 1.1.1.1
set protocols bgp group ebgp neighbor 1.1.1.2 hold-time 0
set protocols bgp group ebgp neighbor 1.1.1.2 family inet unicast
set protocols bgp group ebgp neighbor 1.1.1.2 family inet6 unicast
set protocols bgp group ebgp neighbor 1.1.1.2 authentication-key "$9$.5Q3At0O1ElK-bs4GU"
set protocols bgp group ebgp neighbor 1.1.1.2 peer-as 2
set protocols bgp group ebgp neighbor 1.1.1.2 bfd-liveness-detection version 1
set protocols bgp group ebgp neighbor 1.1.1.2 bfd-liveness-detection minimum-interval 500
set protocols bgp group ebgp neighbor 1.1.1.2 bfd-liveness-detection multiplier 3
set policy-options prefix-list direct-lo0 apply-path "interfaces lo0 unit <*> family inet address <*>"
set policy-options prefix-list inet6-direct-lo0 apply-path "interfaces lo0 unit <*> family inet6 address <*>"
set policy-options policy-statement bgp-export term direct from protocol direct
set policy-options policy-statement bgp-export term direct from prefix-list direct-lo0
set policy-options policy-statement bgp-export term direct then accept
set policy-options policy-statement bgp-export term inet6-direct from protocol direct
set policy-options policy-statement bgp-export term inet6-direct from prefix-list inet6-direct-lo0
set policy-options policy-statement bgp-export term inet6-direct then next-hop 2001::1
set policy-options policy-statement bgp-export term inet6-direct then accept
set policy-options policy-statement load-balance then load-balance per-packet
set routing-options rib inet6.0 static route 2001::2/128 next-hop 2001:2:5::2
set routing-options rib inet6.0 static route 2001::2/128 next-hop 2001:2:13::2
set routing-options static route 1.1.1.2/32 next-hop 2.0.0.14
set routing-options static route 1.1.1.2/32 next-hop 2.0.0.5
set routing-options autonomous-system 1
set routing-options forwarding-table export load-balance

Trajan:
set interfaces xe-0/2/0 flexible-vlan-tagging
set interfaces xe-0/2/0 mtu 9000
set interfaces xe-0/2/0 encapsulation flexible-ethernet-services
set interfaces xe-0/2/0 unit 4 description AURELIUS
set interfaces xe-0/2/0 unit 4 vlan-id 4
set interfaces xe-0/2/0 unit 4 family inet mtu 1500
set interfaces xe-0/2/0 unit 4 family inet address 2.0.0.14/30
set interfaces xe-0/2/0 unit 4 family inet6 mtu 1500
set interfaces xe-0/2/0 unit 4 family inet6 address fe80::0004:0000:0000:0002/64
set interfaces xe-0/2/0 unit 4 family inet6 address 2001:2:13::2/64
set interfaces xe-0/3/0 flexible-vlan-tagging
set interfaces xe-0/3/0 mtu 9000
set interfaces xe-0/3/0 encapsulation flexible-ethernet-services
set interfaces xe-0/3/0 unit 2 description AURELIUS
set interfaces xe-0/3/0 unit 2 vlan-id 2
set interfaces xe-0/3/0 unit 2 family inet mtu 1500
set interfaces xe-0/3/0 unit 2 family inet address 2.0.0.5/30
set interfaces xe-0/3/0 unit 2 family inet6 mtu 1500
set interfaces xe-0/3/0 unit 2 family inet6 address fe80::0002:0000:0000:0004/64
set interfaces xe-0/3/0 unit 2 family inet6 address 2001:2:5::2/64
set interfaces lo0 unit 2 family inet address 1.1.1.2/32
set interfaces lo0 unit 2 family inet address 100.0.0.1/32
set interfaces lo0 unit 2 family inet6 address 2001::2/128
set interfaces lo0 unit 2 family inet6 address 2001::2001/128
set protocols bgp group ebgp type external
set protocols bgp group ebgp out-delay 2
set protocols bgp group ebgp log-updown
set protocols bgp group ebgp neighbor 1.1.1.1 multihop ttl 1
set protocols bgp group ebgp neighbor 1.1.1.1 local-address 1.1.1.2
set protocols bgp group ebgp neighbor 1.1.1.1 hold-time 0
set protocols bgp group ebgp neighbor 1.1.1.1 family inet unicast
set protocols bgp group ebgp neighbor 1.1.1.1 family inet6 unicast
set protocols bgp group ebgp neighbor 1.1.1.1 authentication-key "$9$.5Q3At0O1ElK-bs4GU"
set protocols bgp group ebgp neighbor 1.1.1.1 export bgp-export
set protocols bgp group ebgp neighbor 1.1.1.1 peer-as 1
set protocols bgp group ebgp neighbor 1.1.1.1 bfd-liveness-detection version 1
set protocols bgp group ebgp neighbor 1.1.1.1 bfd-liveness-detection minimum-interval 500
set protocols bgp group ebgp neighbor 1.1.1.1 bfd-liveness-detection multiplier 3
set policy-options prefix-list direct-lo0 apply-path " interfaces lo0 unit <*> family inet address <*>"
set policy-options prefix-list inet6-direct-lo0 apply-path " interfaces lo0 unit <*> family inet6 address <*>"
set policy-options policy-statement bgp-export term direct from protocol direct
set policy-options policy-statement bgp-export term direct from prefix-list direct-lo0
set policy-options policy-statement bgp-export term direct then accept
set policy-options policy-statement bgp-export term inet6-direct from protocol direct
set policy-options policy-statement bgp-export term inet6-direct from prefix-list inet6-direct-lo0
set policy-options policy-statement bgp-export term inet6-direct then next-hop 2001::2
set policy-options policy-statement bgp-export term inet6-direct then accept
set policy-options policy-statement load-balance then load-balance per-packet
set routing-options rib inet6.0 static route 2001::1/128 next-hop 2001:2:5::1
set routing-options rib inet6.0 static route 2001::1/128 next-hop 2001:2:13::1
set routing-options static route 1.1.1.1/32 next-hop 2.0.0.13
set routing-options static route 1.1.1.1/32 next-hop 2.0.0.6
set routing-options router-id 1.1.1.2
set routing-options autonomous-system 2
set routing-options forwarding-table export load-balance

8-1-2015