This article explains how to configure Graceful Restart in AutoVPN with BGP.
An AutoVPN solution with the BGP routing protocol uses the “Unconfigured BGP Peers” feature to allow the dynamic addition of Spokes without the need to reconfigure the Hub.
A special allow statement is used in the BGP configuration, specifying the IP range used by Spokes. Any newly added Spoke within this range can establish a BGP session with the Hub.
To enable the Graceful Restart feature in this topology, a special configuration statement should be used.
Note: A configuration example of the AutoVPN solution with iBGP is available in the Related Links section below.
Consider a typical AutoVPN solution built with SRX Chassis Clusters, using iBGP as a routing protocol.
This topology is the recommended way to enable Graceful Restart. It will minimize the effect of any device failure, as well as allow In-Service Software Upgrade of either the Hub or the Spoke.
The snippet below shows a typical iBGP configuration on the Hub cluster that matches the topology above:
{primary:node0}[edit] root@srx-hub# show protocols bgp group autovpn { type internal; local-address 10.10.10.1; export lan_hub; cluster 1.2.3.4; peer-as 10; allow 10.10.10.0/24; }
To enable Graceful Restart on this Hub, it is not sufficient to simply add a graceful-restart statement because this statement does not apply to BGP peers that match the allow statement (so-called “Unconfigured BGP Peers”). An additional configuration statement should be used: unconfigured-peer-graceful-restart.
An example of the correct configuration for this Hub cluster is as follows:
{primary:node0}[edit] root@srx-hub# show protocols bgp group autovpn { type internal; local-address 10.10.10.1; export lan_hub; cluster 1.2.3.4; peer-as 10; unconfigured-peer-graceful-restart; <---- graceful-restart; <---- allow 10.10.10.0/24; }
It is important to also enable Graceful Restart on all the Spoke clusters. But, because BGP configuration on the Spoke clusters does not include the allow statement, unconfigured-peer-graceful-restart is also not required. Thus, the Graceful Restart on the Spoke clusters is configured normally:
{primary:node0}[edit] root@srx-spoke# show protocols bgp group autovpn { type internal; local-address 10.10.10.2; export lan_spoke; neighbor 10.10.10.1; }
The Graceful Restart feature is now enabled for this AutoVPN solution.