Bgp Keychains; Bgp Nonstop Routing - Cisco ASR 9000 Series Configuration Manual

Implementing BGP
• An Internet service provider (ISP) (By definition, an ISP does not provide VPN service.)
• A BGP/MPLS VPN service provider
You can configure a CSC network to enable BGP to transport routes and MPLS labels between the backbone
carrier provider edge (PE) routers and the customer carrier customer edge (CE) routers using multiple paths.
The benefits of using BGP to distribute IPv4 routes and MPLS label routes are:
• BGP takes the place of an Interior Gateway Protocol (IGP) and Label Distribution Protocol (LDP) in a
• BGP is the preferred routing protocol for connecting two ISPs, mainly because of its routing policies
For detailed information on configuring MPLS VPN CSC with BGP, see the Implementing MPLS Layer 3
VPNs on Cisco ASR 9000 Series Router module of the Cisco ASR 9000 Series Aggregation Services Router
MPLS Configuration Guide.

BGP Keychains

BGP keychains enable keychain authentication between two BGP peers. The BGP endpoints must both comply
with draft-bonica-tcp-auth-05.txt and a keychain on one endpoint and a password on the other endpoint does
not work.
See the Cisco ASR 9000 Series Aggregation Services Router System Security Configuration Guide for
information on keychain management.
BGP is able to use the keychain to implement hitless key rollover for authentication. Key rollover specification
is time based, and in the event of clock skew between the peers, the rollover process is impacted. The
configurable tolerance specification allows for the accept window to be extended (before and after) by that
margin. This accept window facilitates a hitless key rollover for applications (for example, routing and
management protocols).
The key rollover does not impact the BGP session, unless there is a keychain configuration mismatch at the
endpoints resulting in no common keys for the session traffic (send or accept).

BGP Nonstop Routing

The Border Gateway Protocol (BGP) Nonstop Routing (NSR) with Stateful Switchover (SSO) feature enables
all bgp peerings to maintain the BGP state and ensure continuous packet forwarding during events that could
interrupt service. Under NSR, events that might potentially interrupt service are not visible to peer routers.
Protocol sessions are not interrupted and routing states are maintained across process restarts and switchovers.
BGP NSR provides nonstop routing during the following events:
• Route processor switchover
• Process crash or process failure of BGP or TCP
OL-30423-03
VPN routing and forwarding (VRF) table. You can use BGP to distribute routes and MPLS labels. Using
a single protocol instead of two simplifies the configuration and troubleshooting.
and ability to scale. ISPs commonly use BGP between two providers. This feature enables those ISPs
to use BGP.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 5.1.x
BGP Keychains
51