How to Prevent Flapping Routes being Advertised in BGP using Dampening Profiles

How to Prevent Flapping Routes being Advertised in BGP using Dampening Profiles

68719
Created On 09/25/18 17:42 PM - Last Modified 05/19/25 21:21 PM


Objective


  • In an unstable network, the routes can flap.
  • If these routes are advertised in BGP, the BGP routes also flap.
  • This article explains how to use dampening profiles to prevent flapping routes being advertised to BGP neighbors.

Environment


  • Palo Alto Firewall.
  • Supported PAN-OS
  • BGP configured

Procedure


Verify that the firewall has Dampening Profiles configured. Dampening Profiles on the Palo Alto Networks device is configured under:

  1. Go to GUI: Network > Virtual Routers > BGP > Advanced > Dampening Profiles.
  2. Click Add and enable the profile.
     1.JPG
  1. Type in a Name and add the desired values. Default values of the Palo Alto Networks firewall is shown below.

2.JPG

  1. Click OK

3.JPG

  1. Click OK again and "Commit" the configuration
By configuring a Dampening Profile, when a route flap based upon the configured threshold values occurs, the route will be completely suppressed and a route update is not sent to its BGP peers.

Details of the Parameters of Dampening Profile are listed below:
  • The Cutoff value is expressed as the maximum number of route flaps that can occur before a route update will be suppressed.
  • The Reuse value is expressed as a minimum number of route flaps which need to occur in order to re-install a suppressed route back in the routing update. The reuse value must be always be less than the cutoff value.
  • The Max Hold Time is the maximum amount of time the route can be suppressed no matter how many times it flapped and became unstable earlier.
  • The Decay Half Life Reachable value specifies the time duration in minutes after which a routes stability metric is halved if the route is considered reachable.
  • The Decay Half Life Unreachable value specifies the time duration in minutes after which a routes stability metric is halved if the route is considered un-reachable.

Additional Information


  • To check if optimal connection options are specified on the firewall, go to

GUI: Network > Virtual Routers > Peer Group.
Click Add > (name) > Add > Connection Options

4.JPG

 

  • The Keep Alive Interval specifies an interval after which routes from a peer are suppressed according to the hold time setting.
  • The Open Delay Time specifies the delay time between opening the peer TCP connection and sending the first BGP open message.
  • The Hold Time specifies the period of time that may elapse between successive KEEPALIVE or UPDATE messages from a peer before the peer connection is closed.
  • Idle Hold Time specifies the time to wait in the idle state before retrying connection to the peer.

See also: Unable to Achive Subsecond failover with BGP in Active Passive Configuration
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClIyCAK&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language