Preventing Flapping Routes from being Advertised in BGP using Dampening Profiles

Preventing Flapping Routes from being Advertised in BGP using Dampening Profiles

49349
Created On 09/25/18 17:42 PM - Last Modified 06/02/22 21:12 PM


Symptom


  • In an unstable network, the routes can flap.
  • If these routes are advertised in BGP, the BGP routes also flap which can result in the active re-convergence of other stable networks advertised in BGP.
  • It is not a good practice to advertise flapping route to neighbor as it sacrifices the route convergence time for generally well behaved and stable routes.
  • Flapping may cause the peering to be lost and creates unwanted outage and traffic drops.
  • Flapping may also cause serious performance degradation as it consumes valuable CPU cycles.

Environment


  • Palo Alto Firewall.
  • Supported PAN-OS
  • BGP configured

Cause


  • Dampening Profiles have not been configured on the firewall
  • No optimal connection options

Resolution


Verify that the firewall has Dampening Profiles configured. Dampening Profiles on the Palo Alto Networks device is configured under:

  1. Go to GUI: Network > Virtual Routers > BGP > Advanced > Dampening Profiles.
  2. Click Add and enable the profile.
     

1.JPG

  1. Type in a Name and add the desired values. Default values of the Palo Alto Networks firewall is shown below.

2.JPG

  1. Click OK

3.JPG

  1. Click OK again and "Commit" the configuration
By configuring a Dampening Profile, when a route flap based upon the configured threshold values occurs, the route will be completely suppressed and a route update is not sent to its BGP peers. This results in no convergence.

Details of the Parameters of Dampening Profile are listed below:
  • The Cutoff value is expressed as the maximum number of route flaps that can occur before a route update will be suppressed.
  • The Reuse value is expressed as a minimum number of route flaps which need to occur in order to re-install a suppressed route back in the routing update. The reuse value must be always be less than the cutoff value.
  • The Max Hold Time is the maximum amount of time the route can be suppressed no matter how many times it flapped and became unstable earlier.
  • The Decay Half Life Reachable value specifies the time duration in minutes after which a routes stability metric is halved if the route is considered reachable.
  • The Decay Half Life Unreachable value specifies the time duration in minutes after which a routes stability metric is halved if the route is considered un-reachable.

 

 

Additional Information


To check if optimal connection options are specified on the firewall, go to
GUI: Network > Virtual Routers > Peer Group.
Click Add > (name) > Add > Connection Options

4.JPG

 

  • The Keep Alive Interval specifies an interval after which routes from a peer are suppressed according to the hold time setting.
  • The Open Delay Time specifies the delay time between opening the peer TCP connection and sending the first BGP open message.
  • The Hold Time specifies the period of time that may elapse between successive KEEPALIVE or UPDATE messages from a peer before the peer connection is closed.
  • Idle Hold Time specifies the time to wait in the idle state before retrying connection to the peer.

See also: Unable to Achive Subsecond failover with BGP in Active Passive Configuration
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClIyCAK&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language