> Of Mark Smith > Sent: Thursday, February 08, 2018 12:02 PM > > Hi list, > > Test topology below. 2x MX80 with dual ip transit (full table ~600k prefixes). > TRA1 preferred over TRA2 (Localpref 200 set by PE1 import policy). Plain > unlabeled inet.0, no mpls in use. In lab topology both transits belong to same > AS65502. > > What I'm trying to accomplish is somewhat faster failover time in case of > primary transit failure. In case of no tuning the failover (FIB > programming) can take up to 10 minutes. > > > -------- -------- > | TRA1 | | TRA2 | AS65502 > -------- -------- > | xe-1/3/0 | xe-1/3/0 > ------- ------- > | PE1 | --ae0-- | PE2 | AS65501 > ------- ------- > | > ----------- > | test pc | > ----------- > > In the lab PE1 and PE2 are MX80s running 15.1R6.7. > I have configured BGP add-path and PIC edge (routing-options protect > core) on both PEs.
Ok so first of all, In order to achieve (Cisco term BGP PIC Edge), which seems like what you are looking for in your setup you need to be using Juniper's "Provider Edge Link Protection" (that I know only the "for Layer 3 VPNs" and "for BGP Labeled Unicast Paths" incarnation -so seems like it's not supported for inet.0. This feature as to be combined with: 1) advertise-external on iBGP sessions on backup or both PEs -to allow backup PE advertise the external transit routes to primary PE even when those are not considered as overall best paths on the backup PE. 2) add-path on iBGP sessions from RRs to PEs (in inet.0) 3) eBGP protocol preference set to less than 170 -this is needed to avoid the looping of packets from backup PE back to primary PE (if per VRF label is used). How it works: Thanks to advertise-external and add-path primary PE gets to know about the alternative path via backup PE and thanks to "Provider Edge Link Protection" will install this path as backup (metric 0x4000) into FIB. Data-plane wise if primary PE loses connection to transit it will (in sub 50ms) start sending packets towards the backup PE once these packets arrive on backup PE either with VPN label defining egress interface or with VPN label defingin VRF in which case lookup in VRF table is done and thanks to eBGP path having a better preference the backup PE can forward the packets to transit -instead of looping them back to primary PE. Juniper PIC Edge (Cisco PIC Core) (routing-options protect core) Would be enabled on PE3 that is connected to both PE1 and PE2 in your setup. This would allow PE3 to install primary as well as backup path into FIB, again you need to enable advertise-external (and add-path in case of RRs) (no need to tweak protocol distance as you're comparing two iBGP paths). How it works: Thanks to advertise-external and add-path ingress PE3 gets to know about the alternative path via backup PE and thanks to " protect core" will install this path as backup (metric 0x4000) into FIB. If the whole primary PE goes down or is severed from the rest of the core, then IGP will notify PE3 that the BGP next-hop for the primary path is unavailable at which point PE3 can switch all affected iBGP prefixes (in sub 50ms) to point to backup PE. Hence you also need to tweak your IGP routing change propagation timers so that the information about the primary PE loopback is propagated across the network to all ingress PEs (PE3 in this case) as soon as possible to minimize the downtime. adam netconsultings.com ::carrier-class solutions for the telecommunications industry:: _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp