Your browser failed to load CSS style sheets. Your browser or web proxy might not support elliptic-curve TLS

Building network automation solutions

9 module online course

Start now!
back to overview

Tuning BGP Convergence in High-Availability Firewall Cluster Design

Two weeks ago Nicola Modena explained how to design BGP routing to implement resilient high-availability network services architecture. The next step to tackle was obvious: how do you fine-tune convergence times, and how does BGP convergence compare to the more traditional FHRP-based design.

Please read our Blog Commenting Policy before writing a comment.

2 comments:

  1. What about the advertisement interval of EBGP? I mean 50 ms convergence time of BGP are ambitious. Was this solution tested? Here's a good summary from Petr: https://blog.ine.com/2010/11/22/understanding-bgp-convergence

    ReplyDelete
  2. The total convergence time is the sum of the detection time plus BGP state propagation delay. The detection time can be easily controlled with BFD while propagation requires much more attention, and can be different on BGP implementations that we can find in the different devices involved.
    The strategy I provide are the same as in the Petr article referring to BGP PIC: preparing a secondary path and minimizing the fault propagation delay. There are also other possibilities that fall into the "pe-ce link protection" category for the backbone side, that typically represents the most difficult element to optimize (this is very specific but can be the subject of a future post). However, the purpose of the article is broader because too often the only solution adopted for HA's firewall is Active/Standby with FHRP.
    And yes, the solution is tested and sucessfully adopted with different vendor combinations.

    ReplyDelete

Constructive courteous comments are most welcome. Anonymous trolling will be removed with prejudice.

Sidebar