Jan 21 2009
BGP peer-groups and dynamic update peer groups
One of many optimizations for BGP is the peer-groups feature.
BGP peer-groups allow you to group BGP peers which have the same outbound policy. There are 2 obvious benefits for doing this.
- Reduced the amount of configuration required.
- BGP can send a single update to many peers.
Both of these need some clarification.
Consider the topology below.
Lets look at the first benefit ie reducing the amount of configuration required.
If we did not use peer-group then we would have to configure additional lines of configuration to acheive the same thing. Take the simple example below.
neighbor ipv4-iBGP peer-group
neighbor ipv4-iBGP remote-as 1
neighbor ipv4-iBGP update-source Loopback0
to then provision a new bgp peer we need to simple add the config below.
neighbor 2.2.2.2 peer-group ipv4-iBGP
lets talk numbers, suppose we had 20 iBGP peers in total we need 20 + 3 ie 23 line of config. Without peer-groups we would need 20 *2 = 40 lines of config.
Now lets talk about the 2nd benefit ie the ability to generate a single update for multiple peers.
For BGP to send an update to its neighbor it first walks through the entire BGP table. BGP tables can easily have over 100,000 prefixes. Without peer-groups BGP must walk through the entire BGP table for each peer. Assume you have 20 neighbors that amounts to walking through 100,000 * 20 = 2,000,000 prefixes, Ouch!. Wouldn’t it be great if we could walk through the BGP table once and then replicate the update to all the peers. Well thats were peer-groups come in handy. If you have 20 peers in the same peer-group, BGP walks through the BGP table once and then replicates the update for all neighbors saving a lot of CPU cycles.
The downside of peer-groups is its lack of flexibility ie it is unlikely your vpnv4 sessions will share the same policy as your ipv4 sessions. Ideally you would like to group your ipv4 sessions into one update group and your vpnv4 session into another group. This is where dynamic update peer groups come into play.
Lets suppose you have an ipv4 and vpnv4 session between r1, r2 and r3. ie a single session carrying multip AFI/SAFI pairs. you would want to group your ipv4 sessions using one update policy and your vpnv4 sessions using another policy. dynamic update peer groups lets you do just that.
There are some other benfits to using dynamic update peer policy – namely in the flexibility to modify policies as well as the fact that update groups are dynamically created by BGP.
The configuration used to configure dynamic update peer groups on R1 can be found below.
R1
!
router bgp 1
template peer-policy ipv4
send-community
exit-peer-policy
!
template peer-policy vpnv4
send-community extended
exit-peer-policy
!
template peer-session ipv4-iBGP
remote-as 1
update-source Loopback0
exit-peer-session
!
neighbor 2.2.2.2 inherit peer-session ipv4-iBGP
neighbor 3.3.3.3 inherit peer-session ipv4-iBGP
!
address-family ipv4
neighbor ipv4-iBGP send-community extended
neighbor 2.2.2.2 activate
neighbor 2.2.2.2 inherit peer-policy ipv4
neighbor 3.3.3.3 activate
neighbor 3.3.3.3 inherit peer-policy ipv4
!
exit-address-family
!
address-family vpnv4
neighbor 2.2.2.2 activate
neighbor 2.2.2.2 inherit peer-policy vpnv4
neighbor 3.3.3.3 activate
neighbor 3.3.3.3 inherit peer-policy vpnv4
exit-address-family
!
