BGP neighbor/configuration testing

• Previous message (by thread): BGP neighbor/configuration testing
• Next message (by thread): Dynamic routing through firewall
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 11/20/13, 11:53 AM, Eric A Louie wrote:
> Scenario: a regional ISP preparing to cutover to a new upstream BGP provider at one of my POPs.  Want minimal or no network disruption, and want to ensure everything is ready to go prior to the cutover.
> 
>  I'm planning to use the following order of operations:
> 1. Establish IP connectivity to the new ISP (already done)
> 2. Configure my BGP router and shutdown the new neighbor (ISP says their side is already configured and ready)

normally you just bring up the session with restrictive import/export
e.g. reject all and see what they send you. that was you can verify
what's copacetic before you employ it.

> 3. During the maintenance window for this change, activate the new BGP connection (remove neighbor shutdown)
> 4. Do the appropriate tests (sh bgp nei, login to my upstream's route server and check route advertisements, sign in to looking glass and/or route servers from other providers to see if my routes from the new ISP are being advertised, and I'm open to any other tests)

Apply the export policy associated with sending your prefix to them.
assume they're using rpf and they'll blackhole any traffic from you
until they receive a prefix that it's coming from and install it in
their fib

If they're sending you a full table (and you also have a full table from
your other provider), then alter the import policy to accept routes from
them.

> 5. Turn down the old connection (neighbor shutdown)

once the above has been stable for a while...

apply new import export policy (e.g. reject all) and clear soft in out
the session.

once there's no  traffic on it and everything else hasn't caught fire
shut down the bgp session

> 6. Watch the old connection get removed from route servers/looking glasses from step 4



> A. Does that order make sense or does it need some tweaking, additions, or "other"?
> 
> B. I'd like to test the new upstream BGP configuration without passing traffic to and through it.  What can I do (if anything) on my configuration end to put up the BGP configuration, establish a neighbor connection, and NOT actually pass any traffic through it?  After putting my configuration up, I'd like to do a show bgp nei 1.1.1.1 advertised-routes to ensure my routes are going out, and then shut the neighbor down until the cutover.
> 
> 
> 
> thanks for your input
> Eric
> 
> 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 308 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20131120/acb26c1d/attachment.sig>

• Previous message (by thread): BGP neighbor/configuration testing
• Next message (by thread): Dynamic routing through firewall
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]