Routing

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



Expand all | Collapse all

Add routing policy to BGP Group peer cause peer flapping

  • 1.  Add routing policy to BGP Group peer cause peer flapping

    Posted 08-18-2021 05:19
    Hi! Experts

    If we add routing policy to a peer (the peer previously with no policy applied) in BGP group, this  will cause that peer's bgp status flapping. I heard this is expected behaviour but want to  know what's the logical behind this design.

    Thanks for your help


  • 2.  RE: Add routing policy to BGP Group peer cause peer flapping

     
    Posted 08-18-2021 05:20
    Changing policy on a peer does NOT flap the peer it does stay up.

    The policy does immediately apply and the prefixes are evaluated per that new or revised policy.

    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
    http://puluka.com/home
    ------------------------------



  • 3.  RE: Add routing policy to BGP Group peer cause peer flapping

    Posted 08-18-2021 11:13
    HI Chenjiang, 

    BGP on juniper supports a feature call refresh, this allows the session to not flap, while updating the policies for import and export. A flap will occur only when you update a feature or AFI/SAFI that is negotiated through the OPEN message, basically the question you have to ask when you are doing a change is "how is this setting negotiated?" if the answer is through an OPEN message then it will for sure flap.

    ------------------------------
    GABRIEL FLORES
    ------------------------------



  • 4.  RE: Add routing policy to BGP Group peer cause peer flapping

    Posted 08-18-2021 12:45
    No BGP flaps when adding a policy in the policy chain of BGP, but it does triggers a BGP Route-Refresh, which is expected.

    Elvin


  • 5.  RE: Add routing policy to BGP Group peer cause peer flapping

     
    Posted 08-19-2021 05:41
    The above statements are correct, however they are not mentioning 1 scenario in which a peer flap WILL occur:

    What Juniper does is that it puts all peers that have identical policies in a peer group (might not be the formal name). This is not necessarily the same as the group you configured under "protocols bgp", but any peer that shares identical policies gets virtually placed in such a group.
    If you then change the policies of 1 of the neighbors, while the other neighbors remain the same that basically splits that 1 neighbor out of that virtual group and that, as a result, will cause your BGP session to flap. This is because for the Juniper router you are "moving it into a new BGP group" so to say.

    If you expect to make neighbor specific changes in a group it would be recommended to have unique policies for each neighbor in order to ensure they are all in a virtual group of their own and never need to "split off" from the pack. Alternatively you can make sure you configure the policies at a group level to make sure they "stay together", and that will also make the session stay up.

    So for an individual neighbor, it is true that a policy change will not cause a flap to occur, but if there is a group of neighbors with identical policies, and you adjust 1 neighbor to no longer be identical, it will indeed flap because it gets moved out of the "group"


  • 6.  RE: Add routing policy to BGP Group peer cause peer flapping

    Posted 08-19-2021 05:37
    Thanks for your information, but we have tested it and it will actully trigger flapping. you could do a simple test to verity it.

    1. creat a bgp group and put 2-3 neighbors in it.
    2. apply a routing policy in one of the neighbors
    3. only the one with routing policy will reset bgp session with others.


  • 7.  RE: Add routing policy to BGP Group peer cause peer flapping

     
    Posted 08-20-2021 08:45
    That indeed sounds like exactly the scenario I'm describing below, so that would have to do with how Junos puts BGP peers with identical policies in a sort of virtual "peer group", and then when you change the policy on one of those (making it mismatch with the rest) it will "be moved out of the group" as far as the Junos perspective is concerned, causing BGP to flap as you describe.
    I've tried to find a document describing this feature but haven't been able to find it in a quick search, but this is at least how it has been explained to me by a variety of Juniper engineers (JTAC, and some other engineers I've had contact with in the past)


  • 8.  RE: Add routing policy to BGP Group peer cause peer flapping

    Posted 08-20-2021 16:16
    The interest of a peer-group is mutualisation between its neighbours:
    • mutualisation of the configuration
    • mutualisation of the OUTBOUND route filtering process
    and this is true for all OSes (not only JunOS).

    As wrote markw, if you add a specific EXPORT policy to a neighbour,  it «breaks» the peer-group: the by-design common outbound filtering process for all the neighbours in the peer-group cannot be let as is. Therefore, this neighbour is extracted from the peer-group and put in a specific dedicated new «virtual» peer-group and therefore, flaps. Same thing if you remove its specific export knob.
    But, no flap once it's in its own virtual peer-group (that is, if you change later the content of the export policy of this neighbour).

    Actually in the configuration, this neighbour continues to be displayed in the same common peer-group, BUT if you check what's happening under the hood, you will see that in reality it's in its own one:

    show bgp group

    This command doesn't show what's configured, but what's really active under the hood, with the neighbours and the policies.
    And you will see two different peer groups if you have one peer-group configured, in which one neighbour has its own specific export policy. With the same name, but not with the same index number (and not the same export policy chain and not the same neighbours of course).



    ------------------------------
    Olivier Benghozi
    ------------------------------



  • 9.  RE: Add routing policy to BGP Group peer cause peer flapping

    Posted 08-20-2021 16:58
    ... and actually Cisco did better about 20 years ago, with «BGP Dynamic Update Peer-Groups», where neighbours are automagically and dynamically put inside in-memory «update-groups» if they share the same outbound policy, independently of the configured peer-groups, without flaps/resets.

    ------------------------------
    Olivier Benghozi
    ------------------------------