Selective BGP Dampening and parameters tuning

Some time ago, I wrote about BGP Dampening and how this feature can improve the stability of the network. A lot happened since then and during my experience with different service providers I have seen that BGP dampening can help in the same measure at it can harm your network. An endless discussion can be started on this topic, but this is not what I want to do here.

One thing that I did learn is that fine tuning of any feature can help a lot in some cases making the difference between stable network and a total disaster. In regard to BGP dampening, I have the following scenario. Imagine that you would like to use BGP dampening, but only for some networks, which are proven to be more stable than others. I will base my example on the following scenario:

Task

Router 1 in the above scenario has three networks that are advertised into BGP:
L0 – 1.1.1.0 /24
L1 – 11.11.11.0 /24
L2 – 111.111.111.0 /24
Imagine this are being remote networks and that 11.11.11.0 /24 is very unstable. To simulate an unstable network that triggers BGP, shut / no shut multiple times.

On Router 2, we want to use the BGP Dampening feature, but only for this network. We know already that we can do something like:

conf t
router bgp 200
bgp dampening

This will enable the BGP dampening feature. We can even fine tune some parameters like:

conf t
router bgp 200
bgp dampening 15 750 5000 30

In this way we increase the limit at which a route will be dampened (5000) and decrease the maximum dampening time to 30 minutes. Unfortunately this parameters are applied globally and all routes (stable and unstable) will play by this rules.

Solution

Going back to the idea of this post, use of selective BGP Dampening, we can configure Router 2 like this:

conf t
access-list 11 permit 11.11.11.0 0.0.0.255
!
route-map DAM permit 10
match ip address 11
set dampening 15 750 2000 60
!
route-map DAM deny 1000

What we just did is to match the unstable prefix in an ACL. Use the ACL in a route-map with permit policy. Mandatory set the dampening parameters. They can be the same as original values, but if you don’t set anything here, you will meet the following error when trying to apply the BGP dampening.

%BGP-3-BADROUTEMAP: Bad parameters in the route-map DAM applied for Dampening

At the end we have a deny policy in the same route-map to avoid matching any other prefixes. We can not apply it to BGP:

conf t
router bgp 200
bgp dampening route-map DAM

We want to check that BGP Dampening feature is activated:

R2#sh ip bgp dampening parameters
 dampening 15 750 2000 60 (route-map DAM 10)
  Half-life time      : 15 mins       Decay Time       : 2320 secs
  Max suppress penalty: 12000         Max suppress time: 60 mins
  Suppress penalty    :  2000         Reuse penalty    : 750

By the way, if you check the output immediately after applying the BGP dampening feature, you might see the following error:

% dampening reconfiguration in progress for IPv4 Unicast

Verification

Let us see if there are any flaps on going:

R2#sh ip bgp dampening flap-statistics 
 
R2#

Now we can shut / no shut L1 interface on R1 to create an instability of this network. After doing so couple of times we can see that the BGP dampening is active:

R2#sh ip bgp dampening flap-statistics | b Net
   Network          From            Flaps Duration Reuse    Path
 h 11.11.11.0/24    10.1.12.1       1     00:00:22          100

If we continue to play with shut / no shut, soon we will see that 11.11.11.0 /24 is marked as dampened:

R2#sh ip bgp dampening dampened-paths | b Net
   Network          From             Reuse    Path
*d 11.11.11.0/24    10.1.12.1        00:06:29 100 i

Now I want to prove that the same BGP dampening policies does NOT apply to other networks like 111.111.111.0 /24. I will try to play the same shut / no shut game with L2 on R1. After 5 minutes of this game I can see the following:

R2#sh ip bgp dampening dampened-paths | b Net
   Network          From             Reuse    Path
*d 11.11.11.0/24    10.1.12.1        00:02:09 100 i
 
R2#sh ip bgp dampening flap-statistics | b Net
   Network          From            Flaps Duration Reuse    Path
*d 11.11.11.0/24    10.1.12.1       3     00:07:51 00:01:49 100 
 
R2#sh ip bgp | b Net  
   Network          Next Hop            Metric LocPrf Weight Path
*> 2.2.2.0/24       0.0.0.0                  0         32768 i
*> 3.3.3.0/24       10.1.23.3                0             0 300 i
*d 11.11.11.0/24    10.1.12.1                0             0 100 i
*> 111.111.111.0/24 10.1.12.1                0             0 100 i

You can see that 111.111.111.0 /24 does not appear in any dampening report.

I tried this in multiple scenarios and every time I got the expected result. If you test this and get different results, please let me know in comments and we can discuss.


Cisco: How to improve BGP table stability with route dampening

[UPDATE Feb 13, 2013]
After gaining some more years of experience, playing more with BGP also from SP perspective, I would recommend to be careful with this feature. It can help in your enterprise environment, where you have access to BGP routers and can clean the dampened prefixes. If you have your Service Provider involved in routing your prefixes, I would prefer that the SP does not enable this feature. Imagine that because of some flaps your provider dampen all your prefixes. Or negotiate your SLA in such way that the provider can support if the BGP dampening feature is active and you need support.

———-

One of the issues that can affect BGP table stability is link flapping. Imagine that if a link to a network is flapping very often, BGP process has to remove the route to that network from the BGP table and implicit from the routing table and then we the link is available again to re-introduce the prefix in these tables. All this means some BGP operations that consume CPU and memory of the machine.

A way to improve the BGP table stability is to use route dampening. This BGP feature monitor the prefixes in the BGP table and when a route to some prefixes flaps more than BGP dampening is set to allow, it will take out the prefixes from the BGP table. In the following tutorial I will show you a way to configure BGP dampening with some explanations.

For this tutorial we will use the same topology like in the post “Cisco: BGP path selection for outgoing traffic” where we have already a working BGP environment. I took out the configuration for BGP path selection, so we have a simple BGP config running. If you do not have the topology, you can download it here and the initial configuration files here.

Please see the tutorial below: