BGP Configuration Guide for Cisco NCS 5500 Series Routers, IOS XR Release 7.11.x
Bias-Free Language
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This feature is now supported on routers that have Cisco NC57 line
cards installed and operate in the native mode.
Table 2. Feature History Table
Feature Name
Release Information
Feature Description
BGP PIC: Export of Backup Path Agnostic to its Multipath Eligibility
Release 7.3.2
Prior to this release, you could only import the backup path of a prefix to the respective VRFs only when the backup path
is multipath eligible. For a backup path to be multipath eligible, all the following attributes in the backup path must the
same as the best path: weight, local preference, autonomous system path, origin code, Multi Exit Discriminator (MED), and
Interior Gateway Protocol (iGP) distance. Also, the next hop router for each multipath must be different. This feature introduces
flexibility to allow import of a backup path to the VRF even if the said attributes are not the same as that of the best path.
Table 3. Feature History Table
Feature Name
Release Information
Feature Description
BGP PIC Backup Path when the Primary Path is a Static Route with the next hop as an IP Address.
Release 7.5.1
This feature is now supported on routers that have Cisco NC57 line cards installed and operate in native and compatibiltiy mode.
This feature enables BGP PIC backup path when the primary path is a static route with the next hop as an IP Address.
Restrictions:
Ensure that the Border Gateway Protocol (BGP) and the IP or Multiprotocol Label Switching (MPLS) network is up and running
at the customer site that is connected to the provider site by more than one path (multihomed).
BGP PIC does not support instances where the sum of number of primary paths and
backup paths is greater than 2. Hence, only one primary path and one backup path
are supported.
BGP PIC does not work when Label Distribution Protocol (LDP) and Segment Routing (SR) are enabled in IGP.
Ensure that the backup or alternate path has a unique next hop that is not the same as the next hop of the best path.
As a best practice, enable the Bidirectional Forwarding Detection (BFD) protocol to quickly detect link failures.
When paths of different technologies are resolved over ECMP, it results in heterogeneous ECMP, leading to severe network traffic issues. Don’t use ECMP for any combination of the following technologies:
LDP.
BGP-LU, including services over BGP-LU loopback peering or recursive services at Level-3.
VPNv4.
6PE and 6VPE.
EVPN.
Recursive static routing.
BGP PIC: Export of Backup Path Agnostic to its Multipath Eligibility
The BGP PIC: Export of Backup Path Agnostic to its Multipath Eligibility feature improves BGP convergence after a network
failure. This convergence applies to both core and edge failures. The BGP PIC pre-programs a backup path so that when a failure
is detected, the backup path can immediately take over, thus enabling fast failover. This feature enables BGP PIC on VPNv4
with additional paths or when the multiple paths that are ineligible to be multipath are received from the same neighbor.
For backup paths to be multipath eligible, all the following attributes in the backup paths must be the same: weight, local
preference, autonomous system path, origin code, Multi Exit Discriminator (MED), and Interior Gateway Protocol (iGP) distance.
Also, the next hop router for each multipath must be different. This feature introduces flexibility to allow the import of
backup paths to the VRF even if the said attributes are not the same.
TE, SR-TE, SRv6, flex-LSP in the core are not supported.
BGP PIC over BVI (core or edge) is not supported.
For labelled BGP loopback peering, the system supports only one primary and one backup path. No support for BGP PIC multipath
protect.
PIC EDGE is supported for all services, such as IPv4, IPv6, VPNv4, VPNv6, 6PE, 6VPE, VPWS, VPLS, and EVPN, over labelled
unicast address-family.
The system supports BGP PIC multipath protect only for unlabelled BGP IPv4 and IPv6 address family. The support is for both
loopback peering and interface peering mode.
The system supports BGP PIC multipath protect only for labelled BGP in interface peering mode.
Labelled BGP over IPv6 core BGP PIC is not supported.
By default, without primary and backup path
installation in the hardware, IPv4, IPv6, 6PE (per-vrf), 6VPE
(per-vrf/per-ce), L3VPN (per-vrf/per-ce) has good convergence.
When the mode
is a per-prefix by default, BGP-PIC does not give good convergence, hence
you must do hardware-assisted PIC. For this, configure the cef
encap-sharing disable command in XR Config mode.
With
hardware-assisted BGP PIC that is configured using the cef encap-sharing
disable command, separate hardware resources (FEC/EEDB) are
allocated for every prefix. Cisco recommends you to make sure that the
router has sufficient hardware resources for the resource allocation.
Caution
This CLI reprograms the CEF completely and impacts traffic. We recommend that you do it in the maintenance window.
Note
The cef encap-sharing disable command does not take effect in the SRv6 core.
Reload the router for the cef encap-sharing disable command to take effect.
Step 2
router bgpas-number
Example:
RP/0/RP0/CPU0:router(config)# router bgp 100
Specifies the autonomous system number and enters the BGP configuration mode, allowing you to configure the BGP routing process.
Configures extra paths selection mode for a prefix.
Note
Use the additional-paths selection command with an appropriate route-policy to calculate backup paths and to enable Prefix-Independent Convergence (PIC) functionality.
The route-policy configuration is a prerequisite for configuring the additional-paths selection mode for a prefix. This is
an example route-policy configuration to use with additional-selection command:
route-policy ap1
set path-selection backup 1 install
end-policy
Configure BGP PIC Multipath
For multipath bgp-pic, configure the route-policy as following:
route-policy ap1
set path-select backup 1 install multipath-protect [advertise]
!
BGP-LU Multipath PIC with Auto Protection
Table 4. Feature History Table
Feature Name
Release Information
Feature Description
BGP-LU Multipath PIC with Auto Protection
Release 7.5.2
BGP-LU multipath prefix independent convergence (PIC) supports auto protection. Each active path has a backup path, ensuring
almost immediate restoration of multicast traffic when a path fails.
In earlier releases, multipath configuration supports primary and backup path with a limitation that backup path can support
only one failed path at a time.
From Cisco IOS XR Release 7.5.2, the BGP-LU multipath PIC with auto protection is supported only with multipath protect configuration. When you configure
multipath, every active path is assigned with a backup path to improve the convergence.
Configure BGP-LU Multipath
Consider the topology BGP-LU multipath with PIC, where PE2 (R4) peering with R1, R2, and R5 by eBGP interfaces. R1, R2 and
R5 peering with R6 by eBGP interfaces, and R6 and R3 peering by iBGP loopback via IGP instance.
In the topology, consider the IP addresses of routers as, R1 (14.1.1.2), R2 (14.2.1.2), R5 (14.5.1.2), R6 (15.4.1.2) and R4
(192.0.2.1).
Note
BGP-Labeled Unicast (LU) Prefix-Independent Convergence (PIC) auto-protection feature may cause equal cost multipath (ECMP)
FEC NPU resource exhaustion on BGP peering devices for IPv4/IPv6 addresses. From Cisco IOS XR
Release 7.8.2Release 7.9.1 onwards, the auto-protection feature for BGP-LU multipath PIC is disabled by default. To enable this feature, use the hw-module fib bgp-mp-pic auto-protect enable command. After executing the command, you must reload the router. For more information, see BGP-LU Multipath PIC with Auto Protection section in BGP Prefix Independent Convergence chapter in BGP Configuration Guide for Cisco NCS 5500 Series Routers.
Without multipath protect:
The following example shows how to configure BGP-LU multipath with route policy, without multipath protect.
The following example shows the maximum-paths configured under BGP address-family and BGP-LU multipath with route policy,
without multipath protect. Here there’s no PIC path. Perform the following from the R4 (PE2) router.
RP/0/RP0/CPU0:R4#show run route-policy INSTALL_BACKUP
Wed Apr 13 05:41:59.455 UTC
route-policy INSTALL_BACKUP
set path-selection multipath advertise
end-policy
!
/* To display current routes for BGP in the Routing Information Base (RIB) */
RP/0/RP0/CPU0:R4#show route 192.0.2.1
Wed Apr 13 05:42:04.515 UTC
Routing entry for 192.0.2.0/24
Known via "bgp 300", distance 20, metric 0, [ei]-bgp, labeled unicast (3107)
Tag 400, type external
Installed Apr 13 05:40:45.811 for 00:01:18
Routing Descriptor Blocks
14.1.1.2, from 14.1.1.2, BGP external, BGP multi path
Route metric is 0
14.2.1.2, from 14.2.1.2, BGP external, BGP multi path
Route metric is 0
14.5.1.2, from 14.5.1.2, BGP external, BGP multi path
Route metric is 0
15.4.1.2, from 15.4.1.2, BGP external, BGP multi path
Route metric is 0
No advertising protos.
/* To display information about packets forwarded by Cisco Express Forwarding (CEF) */
RP/0/RP0/CPU0:R4#show cef 192.0.2.1
Wed Apr 13 05:42:10.781 UTC
192.0.2.0/24, version 204023, internal 0x5000001 0x40 (ptr 0xae10fbf0) [1], 0x600 (0xa753d558), 0xa08 (0xa57515c8)
Updated Apr 13 05:40:46.013
Prefix Len 24, traffic index 0, precedence n/a, priority 4
gateway array (0xa6819bb8) reference count 2856, flags 0x78, source rib (7), 0 backups
[953 type 5 flags 0x8441 (0x912908c8) ext 0x0 (0x0)]
LW-LDI[type=5, refc=3, ptr=0xa753d558, sh-ldi=0x912908c8]
gateway array update type-time 1 Apr 9 22:03:22.505
LDI Update time Apr 9 22:03:22.590
LW-LDI-TS Apr 13 05:40:46.013
via 14.1.1.2/32, 7 dependencies, recursive, bgp-ext, bgp-multipath [flags 0x60a0]
path-idx 0 auto-bkup-idx 1 NHID 0x0 [0xe3b2b398 0x0], Internal 0xb62a8370
recursion-via-/32
next hop 14.1.1.2/32 via 24008/0/21
local label 25420
next hop 14.1.1.2/32 BE500 labels imposed {ImplNull 24210}
via 14.2.1.2/32, 7 dependencies, recursive, bgp-ext, bgp-multipath [flags 0x60a0]
path-idx 1 auto-bkup-idx 2 NHID 0x0 [0x905fcdd8 0x0], Internal 0xb62a6750
recursion-via-/32
next hop 14.2.1.2/32 via 24006/0/21
local label 25420
next hop 14.2.1.2/32 BE510 labels imposed {ImplNull 24211}
via 14.5.1.2/32, 7 dependencies, recursive, bgp-ext, bgp-multipath [flags 0x60a0]
path-idx 2 auto-bkup-idx 3 NHID 0x0 [0x905fef08 0x0], Internal 0xb62a6c00
recursion-via-/32
next hop 14.5.1.2/32 via 24005/0/21
local label 25420
next hop 14.5.1.2/32 Hu0/7/0/11 labels imposed {ImplNull 24211}
via 15.4.1.2/32, 5 dependencies, recursive, bgp-ext, bgp-multipath [flags 0x60a0]
path-idx 3 auto-bkup-idx 0 NHID 0x0 [0xe3b2b530 0x0], Internal 0xb62a7740
recursion-via-/32
next hop 15.4.1.2/32 via 24007/0/21
local label 25420
next hop 15.4.1.2/32 Te0/7/0/29/3.100 labels imposed {ImplNull 24210}
With multipath protect:
The following example shows the maximum-paths configured under BGP address-family and BGP-LU multipath PIC with multipath
protect using route-policy. Here, an additional backup path created with PIC auto protection. Perform the following from the
R4 (PE2) router.
By default, BGP-LU multipath PIC with auto protection is enabled when you configure multipath using route-policy.
RP/0/RP0/CPU0:R4#show run route-policy INSTALL_BACKUP
Wed Apr 13 06:00:08.384 UTC
route-policy INSTALL_BACKUP
set path-selection multipath advertise multipath-protect
end-policy
!
/* To display current routes for BGP in the Routing Information Base (RIB) */
RP/0/RP0/CPU0:R4#show route 192.0.2.1
Wed Apr 13 06:00:23.365 UTC
Routing entry for 192.0.2.0/24
Known via "bgp 300", distance 20, metric 0, [ei]-bgp, labeled unicast (3107)
Tag 400
Number of pic paths 1 , type external
Installed Apr 13 06:00:01.885 for 00:00:21
Routing Descriptor Blocks
14.1.1.2, from 14.1.1.2, BGP external, BGP multi path
Route metric is 0
14.2.1.2, from 14.2.1.2, BGP external, BGP multi path
Route metric is 0
14.5.1.2, from 14.5.1.2, BGP external, BGP multi path
Route metric is 0
14.6.1.2, from 14.6.1.2, BGP external, BGP backup path
Route metric is 0
15.4.1.2, from 15.4.1.2, BGP external, BGP multi path
Route metric is 0
No advertising protos.
/* To display information about packets forwarded by Cisco Express Forwarding (CEF) */
RP/0/RP0/CPU0:R4#show cef 192.0.2.1
Wed Apr 13 06:00:33.884 UTC
192.0.2.1/24, version 208786, internal 0x5000001 0x40 (ptr 0xae10fbf0) [1], 0x600 (0xa753d558), 0xa08 (0xae2dc188)
Updated Apr 13 06:00:02.034
Prefix Len 24, traffic index 0, precedence n/a, priority 4
gateway array (0xa6828928) reference count 2856, flags 0x100078, source rib (7), 0 backups
[953 type 5 flags 0x8441 (0x912990e8) ext 0x0 (0x0)]
LW-LDI[type=5, refc=3, ptr=0xa753d558, sh-ldi=0x912990e8]
gateway array update type-time 1 Apr 13 06:00:01.954
LDI Update time Apr 13 06:00:01.991
LW-LDI-TS Apr 13 06:00:02.034
via 14.1.1.2/32, 7 dependencies, recursive, bgp-ext, bgp-multipath [flags 0x60a0]
path-idx 0 auto-bkup-idx 1 NHID 0x0 [0xe3b2b398 0x0], Internal 0xb62a8370
recursion-via-/32
next hop 14.1.1.2/32 via 24008/0/21
local label 25420
next hop 14.1.1.2/32 BE500 labels imposed {ImplNull 24210}
via 14.2.1.2/32, 7 dependencies, recursive, bgp-ext, bgp-multipath [flags 0x60a0]
path-idx 1 auto-bkup-idx 2 NHID 0x0 [0x905fcdd8 0x0], Internal 0xb62a6750
recursion-via-/32
next hop 14.2.1.2/32 via 24006/0/21
local label 25420
next hop 14.2.1.2/32 BE510 labels imposed {ImplNull 24211}
via 14.5.1.2/32, 7 dependencies, recursive, bgp-ext, bgp-multipath [flags 0x60a0]
path-idx 2 auto-bkup-idx 4 NHID 0x0 [0x905fef08 0x0], Internal 0xb62a6c00
recursion-via-/32
next hop 14.5.1.2/32 via 24005/0/21
local label 25420
next hop 14.5.1.2/32 Hu0/7/0/11 labels imposed {ImplNull 24211}
via 14.6.1.2/32, 6 dependencies, recursive, bgp-ext, backup [flags 0x6120]
path-idx 3 NHID 0x0 [0xe3b2b968 0x0]
recursion-via-/32
next hop 14.6.1.2/32 via 24003/0/21
local label 25420
next hop 14.6.1.2/32 Te0/7/0/15/3 labels imposed {ImplNull 24362}
via 15.4.1.2/32, 6 dependencies, recursive, bgp-ext, bgp-multipath [flags 0x60a0]
path-idx 4 auto-bkup-idx 0 NHID 0x0 [0xe3b2b530 0x0], Internal 0xb62a7740
recursion-via-/32
next hop 15.4.1.2/32 via 24007/0/21
local label 25420
next hop 15.4.1.2/32 Te0/7/0/29/3.100 labels imposed {ImplNull 24210}
Usage Guidelines and Limitations
Multipath PIC for L3VPN over labeled unicast, over Interior Gateway Protocol (IGP) with sub-second convergence may not be
applicable.
BGP-LU multipath PIC with auto protection is supported for both interface and loopback peering.
TCAM Enhancement to Improve L3VPN Routing Capability
Table 5. Feature History Table
Feature Name
Release Name
Description
Ternary Content-Addressable Memory Enhancement to Improve L3VPN Routing Capability
Release 7.11.1
Introduced in this release on: NCS 5700 fixed port routers; NCS 5500 modular routers (NCS 5700 line cards [Mode: Native])
You can improve your router's performance by introducing two additional Ternary Content-Addressable Memory (TCAM) labels.
This enhancement removes the dependence on the Forwarding Equivalence Class (FEC) scale for handling more routes, which means
that the router's capacity is no longer limited by FEC capacity. As a result, we have significantly increased the number of
routes for L3VPN.
Before this feature, the per-prefix label allocation mode for L3VPN prefixes at FIB for BGP PIC backup paths consumed two
Forwarding Equivalence Class (FEC) hierarchy two resources per prefix. As a result, when considering a unidimensional scale,
the NCS 5700 fixed port router in native mode equipped with a second-generation external TCAM (OP2) supported a limited scale
for BGP Prefix-Independent Convergence (PIC) limited by hierarchy two FEC resources present in the system.
This feature allocates space for two labels from the OP2 TCAM into the router that uses BGP PIC, optimizing the usage of FEC
hardware resources. This feature enables the router to significantly enhance unidimensional scaling by increasing the number
of L3VPN routes with BGP PIC. The number of routes that can be supported is entirely dependent on the capacity of the Knowledge-based
Processor (KBP) TCAM to hold route entries with 64-bit (two label) result.
This feature exclusively addresses BGP PIC Unipath scenarios. It is important to note that this feature is available on the
NCS 5700 fixed port router and NCS 5500 modular router in native mode.
Run the hw-module fib mpls two-label-tcam-optimized to enable this feature.
With this feature, the router is no longer dependent on Forwarding Equivalence Class (FEC) scale for L3VPN routes and improves
performance and removes any limitations previously imposed by the router's FEC capacity for L3VPN routes.
Removing the dependency on FEC resources, which restrict L3VPN route capacity, enables the router to efficiently manage a
significantly larger number of routes, overcoming previous limitations
This feature allows NCS 5700 fixed port routers to configure both primary and backup Multiprotocol Label Switching (MPLS)
labels in the KBP TCAM for a VPN route. Hence the routers can now effectively manage MPLS labels for VPN routes by setting
up both primary and backup label entries in the KBP TCAM.
This feature is disabled by default. The feature should be enabled only for the VRFs which receive prefixes in the per-prefix
mode from the remote edge router to optimize TCAM resources.
Restrictions for TCAM Enhancement to Improve L3VPN Routing Capability
The Quality of Service Policy Propagation for BGP (QPPB) functionality is not compatible with prefixes from a Layer 3 Virtual
Private Network (L3VPN) configured with Border Gateway Protocol (BGP) Prefix-Independent Convergence (PIC). However, other
types of prefixes, such as IPv6 Virtual Private Network (6VPE), Global unlabeled routes, and prefixes without PIC, can still
utilize QPPB configuration.
This feature is disabled for L3VPN prefixes that possess an associated local label, such as L3VPN Option-B routes.
L3VPN prefixes utilizing BGP-PIC with both primary and backup labels stored in KBP TCAM implement the TTL propagation. As
a result, the mpls ip-ttl-propagate command does not affect these specific prefixes. However, it continues to apply to all other prefixes this particular feature
does not affect.
This feature is enabled only for VPNv4 and VPNv6 BGP PIC unipath prefixes. This feature does not apply to multipath prefixes.
This feature can be enabled on NCS 5700 fixed port TCAM routers by applying the MDB SE profile for scaling purposes.
This feature can be enabled on NCS 5500 and NCS 5700 fixed port routers with external TCAM by applying the MDB SE profile
for scaling purposes.
This feature supports L3VPN prefixes in recursive level 2.
Configure TCAM Enhancement to Improve L3VPN Routing Capability
Configuration Example
Perform the following steps to configure TCAM Enhancement to Improve L3VPN Routing Capability. Depending on whether the scale
optimization is applied universally to all L3VPN prefixes or selectively to specific ones, two options can be realized using
the keywords: selective or all.
If you want to apply the scale optimization on all the L3VPN prefixes in a designated address family:
Use the hw-module fib mpls two-label-tcam-optimized command with the selective keyword to enable the two push labels to encapsulate traffic for a VPN in the knowledge-based processor (KBP) ternary content
access memory (TCAM).
Configure the designated VRF.
Configure the remote-bgp-label-mode-per-prefix command with either IPv4 or IPv6 keyword, or both, as required, under the global VRF configuration. You must configure the
remote-bgp-label-mode-per-prefix command after you configure the hw-module fib mpls two-label-tcam-optimized selective command, to optimize all prefixes in a designated VRF within a specific address family. All other prefixes outside this configuration
adhere to the default behavior.
Specify the route target values to control the distribution of routes among VPNs.
Reload the router for the configuration to take effect.
If you want to apply the scale optimization on all the L3VPN prefixes, regardless of the VRF instances, use the hw-module fib mpls two-label-tcam-optimized command with all keyword. Reload the router for the configuration to take effect.