Mailing List Archive

Newbie x Cisco IOS-XR x ROV: BCP to not harassing peer(s) and upstream(s)
Dear Guru(s),


We used to run our ‘Gateway Router’ with ROV turned on.
Then, we “upgraded” it to a Cisco NCS-55A1 (5500 Series) running IOS-XR
just a few weeks ago.

Consequently, during my rummage through Google for a (the?) best (ROV)
configuration template for the new router,
I found a tutorial by Philip Smith
[Reference: https://www.bgp4all.com/pfs/_media/workshops/02-rpki.pdf, Slide
#55]
which cautioned me of Cisco IOS-XR essentially “harassing” all peers and
upstreams with ‘Route Refresh’ whenever there is a VRP change.
The tutorial advised turning on ‘Soft Reconfiguration’ to help with the
problem.

On the one hand, we have a very special relationship with our upstream
[.they’re kind of community transit provider; we have an in-kind stake in
them as well], so we obviously don’t want to cause them grievances [their
grievance is our grievance].
On the other hand, we can't afford to just throw away a newly bought
gateway and buy a new one.

So, here goes the question:
Is setting 'Soft Reconfiguration' enough for me to keep ROV running?
If not, is there any other solution?
Or am I screwed anyway?

I would very much appreciate clarification and pointer(s) to the
solution(s).


Thank you in advance for the help,

Pirawat.
Re: Newbie x Cisco IOS-XR x ROV: BCP to not harassing peer(s) and upstream(s) [ In reply to ]
Hi!

In current versions I think enabling “soft-reconfiguration-inbound always”
(also described at
https://bgpfilterguide.nlnog.net/guides/reject_invalids/#cisco-ios-xr )
should be enough.

Make sure to enable it on every EBGP peer you apply ROV to, or just all
EBGP peers.

This knob slightly increase your own memory consumption, but makes your
router more “neighbourly”! :-)

Kind regards,

Job

On Wed, 11 May 2022 at 18:44, Pirawat WATANAPONGSE via NANOG <
nanog@nanog.org> wrote:

> Dear Guru(s),
>
>
> We used to run our ‘Gateway Router’ with ROV turned on.
> Then, we “upgraded” it to a Cisco NCS-55A1 (5500 Series) running IOS-XR
> just a few weeks ago.
>
> Consequently, during my rummage through Google for a (the?) best (ROV)
> configuration template for the new router,
> I found a tutorial by Philip Smith
> [Reference: https://www.bgp4all.com/pfs/_media/workshops/02-rpki.pdf,
> Slide #55]
> which cautioned me of Cisco IOS-XR essentially “harassing” all peers and
> upstreams with ‘Route Refresh’ whenever there is a VRP change.
> The tutorial advised turning on ‘Soft Reconfiguration’ to help with the
> problem.
>
> On the one hand, we have a very special relationship with our upstream
> [.they’re kind of community transit provider; we have an in-kind stake in
> them as well], so we obviously don’t want to cause them grievances [their
> grievance is our grievance].
> On the other hand, we can't afford to just throw away a newly bought
> gateway and buy a new one.
>
> So, here goes the question:
> Is setting 'Soft Reconfiguration' enough for me to keep ROV running?
> If not, is there any other solution?
> Or am I screwed anyway?
>
> I would very much appreciate clarification and pointer(s) to the
> solution(s).
>
>
> Thank you in advance for the help,
>
> Pirawat.
>
>
Re: Newbie x Cisco IOS-XR x ROV: BCP to not harassing peer(s) and upstream(s) [ In reply to ]
On 5/11/22 18:53, Job Snijders via NANOG wrote:

> Hi!
>
> In current versions I think enabling “soft-reconfiguration-inbound
> always” (also described at
> https://bgpfilterguide.nlnog.net/guides/reject_invalids/#cisco-ios-xr
> ) should be enough.
>
> Make sure to enable it on every EBGP peer you apply ROV to, or just
> all EBGP peers.
>
> This knob slightly increase your own memory consumption, but makes
> your router more “neighbourly”! :-)

Just to add that this is useful on all eBGP speakers based on IOS XR.

It's not required in Junos, because Junos does this implicitly.

A draft RFC we co-authored attempts to offer a solution:

https://www.ietf.org/archive/id/draft-ietf-sidrops-rov-no-rr-01.txt

Mark.
Re: Newbie x Cisco IOS-XR x ROV: BCP to not harassing peer(s) and upstream(s) [ In reply to ]
Hi,

If you are running "soft-reconfiguration inbound rpki-droppped-only" on IOS-XR7, please note CSCwb17937. We had a terrible time with this.

Best regards,

takez

> 2022/05/12 1:43?Pirawat WATANAPONGSE via NANOG <nanog@nanog.org>????:
>
> Dear Guru(s),
>
>
> We used to run our ‘Gateway Router’ with ROV turned on.
> Then, we “upgraded” it to a Cisco NCS-55A1 (5500 Series) running IOS-XR just a few weeks ago.
>
> Consequently, during my rummage through Google for a (the?) best (ROV) configuration template for the new router,
> I found a tutorial by Philip Smith
> [Reference: https://www.bgp4all.com/pfs/_media/workshops/02-rpki.pdf, Slide #55]
> which cautioned me of Cisco IOS-XR essentially “harassing” all peers and upstreams with ‘Route Refresh’ whenever there is a VRP change.
> The tutorial advised turning on ‘Soft Reconfiguration’ to help with the problem.
>
> On the one hand, we have a very special relationship with our upstream [.they’re kind of community transit provider; we have an in-kind stake in them as well], so we obviously don’t want to cause them grievances [their grievance is our grievance].
> On the other hand, we can't afford to just throw away a newly bought gateway and buy a new one.
>
> So, here goes the question:
> Is setting 'Soft Reconfiguration' enough for me to keep ROV running?
> If not, is there any other solution?
> Or am I screwed anyway?
>
> I would very much appreciate clarification and pointer(s) to the solution(s).
>
>
> Thank you in advance for the help,
>
> Pirawat.
>
Re: Newbie x Cisco IOS-XR x ROV: BCP to not harassing peer(s) and upstream(s) [ In reply to ]
Wed, May 11, 2022 at 07:29:04PM +0200, Mark Tinka:
> On 5/11/22 18:53, Job Snijders via NANOG wrote:
> > In current versions I think enabling “soft-reconfiguration-inbound
> > always” (also described at
> > https://bgpfilterguide.nlnog.net/guides/reject_invalids/#cisco-ios-xr
> > ) should be enough.
> >
> > Make sure to enable it on every EBGP peer you apply ROV to, or just
> > all EBGP peers.
> >
> > This knob slightly increase your own memory consumption, but makes
> > your router more “neighbourly”! :-)
>
> Just to add that this is useful on all eBGP speakers based on IOS XR.

any IOS, not just XR.
Re: Newbie x Cisco IOS-XR x ROV: BCP to not harassing peer(s) and upstream(s) [ In reply to ]
On 5/11/22 10:53 AM, Job Snijders via NANOG wrote:
> This knob slightly increase your own memory consumption, but makes your
> router more “neighbourly”! :-)

I question how accurate "slightly" is.

My understanding is that soft reconfiguration inbound (whatever the
syntax for a given IOS is) causes a full copy of the received prefix
list to be retained in memory for each of the peers with soft
reconfiguration enabled.

So, to me, the amount of impact to memory will be based on both the
number of prefixes advertised and the number of peers that soft
reconfiguration is enabled on.

Please enlighten me if I'm wrong / misunderstanding something.



--
Grant. . . .
unix || die
Re: Newbie x Cisco IOS-XR x ROV: BCP to not harassing peer(s) and upstream(s) [ In reply to ]
On Wed, 11 May 2022 at 21:22, Grant Taylor via NANOG <nanog@nanog.org> wrote:
>
> On 5/11/22 10:53 AM, Job Snijders via NANOG wrote:
> > This knob slightly increase your own memory consumption, but makes your
> > router more “neighbourly”! :-)
>
> I question how accurate "slightly" is.
>
> My understanding is that soft reconfiguration inbound (whatever the
> syntax for a given IOS is) causes a full copy of the received prefix
> list to be retained in memory for each of the peers with soft
> reconfiguration enabled.
>
> So, to me, the amount of impact to memory will be based on both the
> number of prefixes advertised and the number of peers that soft
> reconfiguration is enabled on.
>
> Please enlighten me if I'm wrong / misunderstanding something.

True and the amount of memory used per prefix also depends on things
like BGP communities.

When I tested this, on 32 bit XR I had a memory increase of about 400
MB for a full feed 2 years ago.


But with or without soft-reconfig inbound always, your memory usage
increases with more prefixes. I don't see any drastic change in
scaling numbers because of this on today's HW.


Lukas
Re: Newbie x Cisco IOS-XR x ROV: BCP to not harassing peer(s) and upstream(s) [ In reply to ]
On Wed, May 11, 2022 at 01:22:32PM -0600, Grant Taylor via NANOG wrote:
> On 5/11/22 10:53 AM, Job Snijders via NANOG wrote:
> > This knob slightly increase your own memory consumption, but makes your
> > router more “neighbourly”! :-)
>
> I question how accurate "slightly" is.
>
> My understanding is that soft reconfiguration inbound (whatever the syntax
> for a given IOS is) causes a full copy of the received prefix list to be
> retained in memory for each of the peers with soft reconfiguration enabled.
>
> So, to me, the amount of impact to memory will be based on both the number
> of prefixes advertised and the number of peers that soft reconfiguration is
> enabled on.
>
> Please enlighten me if I'm wrong / misunderstanding something.

How much memory exactly is consumed, will depend on the architecture of
the application (whether duplicity of information such as path
attributes is avoided as much as possible). Indeed, YMMV.

From experience at a previous employer I recall that
'soft-reconfiguration inbound' on routers (with multiple full routing
tables) was problematic on 32-bit versions of the operating system; but
not an issue on 64-bit.

If unsure, test on a few peers and monitor memory usage! Its also a
valid question to the Technical Assistance Center "hey, will enabling
this soft-reconfiguration feature land me in hot water?"

Kind regards,

Job
Re: Newbie x Cisco IOS-XR x ROV: BCP to not harassing peer(s) and upstream(s) [ In reply to ]
Wed, May 11, 2022 at 09:36:36PM +0200, Lukas Tribus:
> True and the amount of memory used per prefix also depends on things
> like BGP communities.
>
> When I tested this, on 32 bit XR I had a memory increase of about 400
> MB for a full feed 2 years ago.

it depends on the architechture, the variance in paths and attributes,
and how much your policy alters those, what is being sent vs filtered,
AND the number of peers and add-path, etc etc. eg: if your policy
alters attributes, space for both the old and new attributes is needed.

Whether you need 64bit depends on the total memory usage exceeding,
iirc, 3.2GB.
Re: Newbie x Cisco IOS-XR x ROV: BCP to not harassing peer(s) and upstream(s) [ In reply to ]
> Is setting 'Soft Reconfiguration' enough for me to keep ROV running?

yes, should be.

> If not, is there any other solution?

yes. jakob says he has implemented
https://datatracker.ietf.org/doc/draft-ietf-sidrops-rov-no-rr/, though i
do not known in what xr image(s)

randy