BGP Route Reflector Update Groups (technical details)

One of the readers of my BGP Route Reflectors article spotted an “obvious deviation from how we always though the route reflectors work”:

An IBGP route received from a route-reflector client is sent to all IBGP peers, including the client from which it was received.

A quick lab test confirmed the validity of my claims: a BGP route reflector does send an update back to the client from which it was received (and it’s perfectly legal according to the updated BGP Route Reflector RFC).

Why Are We Discussing This?

The traditional BGP route reflector (RR) rules (specified in RFC 1966) stipulated that a BGP RR shall not send an update received from a RR client back to the same client. The RR thus had to treat each RR client individually and could not reuse outbound BGP updates sent to one RR client for other RR clients, resulting in significant performance degradation in scenarios where a RR had numerous RR clients.

RFC 4456 has relaxed the update propagation requirements of RFC 1966 and specifies that a RR sends the same update to all RR clients (even if the original route was received from an RR client). The ORIGINATOR ID BGP attribute is used by the RR clients to detect propagation loops. The relaxed rules of RFC 4456 allow a route reflector to group all the RR clients into a single update group, resulting in significant performance improvements, as the RR computes a single outbound BGP update which is sent to all RR clients.

Test Network Diagram

The behavior of Cisco IOS BGP Route Reflector code was tested in the following network. All routers were running IOS release 12.2(33)SRC3 (other recent IOS releases exhibit the same behavior).

Route Reflector testbed

Route Reflector testbed

Router Configurations

The following printouts include relevant parts of configurations of R1 and RR.

Configuration of the BGP route reflector (RR)
hostname RR
!
interface Loopback0
 ip address 10.0.1.2 255.255.255.255
!
interface FastEthernet0/0
 description LAN 1 (R1)
 ip address 10.2.1.1 255.255.255.0
 speed auto
 duplex auto
!
interface Serial1/0
 description Link to POP(ROUTER) s1/0
 ip address 10.0.7.2 255.255.255.252
 encapsulation ppp
 serial restart-delay 0
!
router ospf 1
 log-adjacency-changes
 passive-interface default
 no passive-interface FastEthernet0/0
 no passive-interface Serial1/0
 network 0.0.0.0 255.255.255.255 area 0
!
router bgp 64500
 no synchronization
 bgp log-neighbor-changes
 neighbor 10.0.7.1 remote-as 64500
 neighbor 10.0.7.1 route-reflector-client
 neighbor 10.2.1.2 remote-as 64500
 neighbor 10.2.1.2 route-reflector-client
 no auto-summary
Configuration of the RR client with an EBGP session (R1)
hostname R1
!
interface Loopback0
 ip address 10.0.1.3 255.255.255.255
!
interface FastEthernet0/0
 description LAN 1 (RR)
 ip address 10.2.1.2 255.255.255.0
 speed auto
 duplex auto
!
interface Serial1/1
 description Link to Customer
 ip address 10.0.7.9 255.255.255.252
 encapsulation ppp
 serial restart-delay 0
!
router ospf 1
 log-adjacency-changes
 passive-interface default
 no passive-interface FastEthernet0/0
 network 0.0.0.0 255.255.255.255 area 0
!
router bgp 64500
 no synchronization
 bgp log-neighbor-changes
 neighbor 10.0.7.10 remote-as 65100
 neighbor 10.2.1.1 remote-as 64500
 no auto-summary

Test results

The show ip bgp update-groups command executed on RR clearly indicates that the BGP update process computes a single outbound BGP update for both RR clients:

RR#show ip bgp update-group 
BGP version 4 update-group 2, internal, Address Family: IPv4 Unicast
  BGP Update version : 7/0, messages 0
  Route-Reflector Client
  Update messages formatted 6, replicated 6
  Number of NLRIs in the update sent: max 1, min 0
  Minimum time between advertisement runs is 0 seconds
  Has 2 members (* indicates the members currently being sent updates): 
   10.0.7.1         10.2.1.2        

The printouts of the debug ip bgp updates command on R1 also demonstrate the low-level details of IBGP update processing. When R1 receives an update from the EBGP peer, it propagates the update to RR:

19:58:28.151: BGP(0): 10.0.7.10 rcvd UPDATE w/ attr: nexthop 10.0.7.10,↲
origin i, metric 0, path 65100
19:58:28.155: BGP(0): 10.0.7.10 rcvd 10.9.9.0/24
19:58:28.171: BGP(0): Revise route installing 1 of 1 routes↲
for 10.9.9.0/24 -> 10.0.7.10(global) to main IP table
19:58:28.171: BGP(0): 10.2.1.1 NEXT_HOP is on same subnet↲
as the bgp peer and set to 10.0.7.10 for net 10.9.9.0/24
19:58:28.171: BGP(0): 10.2.1.1 send UPDATE (format) 10.9.9.0/24, ↲
next 10.0.7.10, metric 0, path 65100

Almost immediately, the same route is received back from the route reflector, but R1 ignores it because the RR inserted R1’s router ID into the ORIGINATOR ID attribute of the route:

19:58:28.191: BGP: 10.2.1.1 Local router is the Originator; ↲
Discard update
19:58:28.191: BGP(0): 10.2.1.1 rcv UPDATE w/ attr: nexthop 10.0.7.10, ↲
origin i, localpref 100, metric 0, originator 10.0.1.3, ↲
clusterlist 10.0.1.2, path 65100
19:58:28.191: BGP(0): 10.2.1.1 rcv UPDATE about 10.9.9.0/24↲
 -- DENIED due to: ORIGINATOR is us;
Add comment
Sidebar