Some time ago, I wrote about BGP Dampening and how this feature can improve the stability of the network. A lot happened since then and during my experience with different service providers I have seen that BGP dampening can help in the same measure at it can harm your network. An endless discussion can be started on this topic, but this is not what I want to do here.
One thing that I did learn is that fine tuning of any feature can help a lot in some cases making the difference between stable network and a total disaster. In regard to BGP dampening, I have the following scenario. Imagine that you would like to use BGP dampening, but only for some networks, which are proven to be more stable than others. I will base my example on the following scenario:
Task
Router 1 in the above scenario has three networks that are advertised into BGP:
L0 – 1.1.1.0 /24
L1 – 11.11.11.0 /24
L2 – 111.111.111.0 /24
Imagine this are being remote networks and that 11.11.11.0 /24 is very unstable. To simulate an unstable network that triggers BGP, shut / no shut multiple times.
On Router 2, we want to use the BGP Dampening feature, but only for this network. We know already that we can do something like:
conf t router bgp 200 bgp dampening |
This will enable the BGP dampening feature. We can even fine tune some parameters like:
conf t router bgp 200 bgp dampening 15 750 5000 30 |
In this way we increase the limit at which a route will be dampened (5000) and decrease the maximum dampening time to 30 minutes. Unfortunately this parameters are applied globally and all routes (stable and unstable) will play by this rules.
Solution
Going back to the idea of this post, use of selective BGP Dampening, we can configure Router 2 like this:
conf t access-list 11 permit 11.11.11.0 0.0.0.255 ! route-map DAM permit 10 match ip address 11 set dampening 15 750 2000 60 ! route-map DAM deny 1000 |
What we just did is to match the unstable prefix in an ACL. Use the ACL in a route-map with permit policy. Mandatory set the dampening parameters. They can be the same as original values, but if you don’t set anything here, you will meet the following error when trying to apply the BGP dampening.
%BGP-3-BADROUTEMAP: Bad parameters in the route-map DAM applied for Dampening |
At the end we have a deny policy in the same route-map to avoid matching any other prefixes. We can not apply it to BGP:
conf t router bgp 200 bgp dampening route-map DAM |
We want to check that BGP Dampening feature is activated:
R2#sh ip bgp dampening parameters dampening 15 750 2000 60 (route-map DAM 10) Half-life time : 15 mins Decay Time : 2320 secs Max suppress penalty: 12000 Max suppress time: 60 mins Suppress penalty : 2000 Reuse penalty : 750 |
By the way, if you check the output immediately after applying the BGP dampening feature, you might see the following error:
% dampening reconfiguration in progress for IPv4 Unicast
Verification
Let us see if there are any flaps on going:
R2#sh ip bgp dampening flap-statistics R2# |
Now we can shut / no shut L1 interface on R1 to create an instability of this network. After doing so couple of times we can see that the BGP dampening is active:
R2#sh ip bgp dampening flap-statistics | b Net Network From Flaps Duration Reuse Path h 11.11.11.0/24 10.1.12.1 1 00:00:22 100 |
If we continue to play with shut / no shut, soon we will see that 11.11.11.0 /24 is marked as dampened:
R2#sh ip bgp dampening dampened-paths | b Net Network From Reuse Path *d 11.11.11.0/24 10.1.12.1 00:06:29 100 i |
Now I want to prove that the same BGP dampening policies does NOT apply to other networks like 111.111.111.0 /24. I will try to play the same shut / no shut game with L2 on R1. After 5 minutes of this game I can see the following:
R2#sh ip bgp dampening dampened-paths | b Net Network From Reuse Path *d 11.11.11.0/24 10.1.12.1 00:02:09 100 i R2#sh ip bgp dampening flap-statistics | b Net Network From Flaps Duration Reuse Path *d 11.11.11.0/24 10.1.12.1 3 00:07:51 00:01:49 100 R2#sh ip bgp | b Net Network Next Hop Metric LocPrf Weight Path *> 2.2.2.0/24 0.0.0.0 0 32768 i *> 3.3.3.0/24 10.1.23.3 0 0 300 i *d 11.11.11.0/24 10.1.12.1 0 0 100 i *> 111.111.111.0/24 10.1.12.1 0 0 100 i |
You can see that 111.111.111.0 /24 does not appear in any dampening report.
I tried this in multiple scenarios and every time I got the expected result. If you test this and get different results, please let me know in comments and we can discuss.