BGP Communities on MPLS network

Answered Question
Feb 16th, 2007

Here's the scenario:

I have two main sites with a route to a remote network (over point to point T1's) and I have two other branches that need to access that network. All four of these sites are connected over an MPLS network. Both main sites are advertising a route to the remote network using eBGP. I need one of the branches to route through main site 1 and the other to route through main site 2. At the same time, I would like to have a secondary route for each of the branches in case one of the main sites goes down.

Well this is what I've got, can you tell me what we're doing wrong? We want router C to go out router B to access the host and router D to go out router A to access the host. Additionally, we would like the option of failing over to A or B respectively, if one of them should go down.

If I add the line "network 10.46.0.56 mask 255.255.255.255" to router B, then router D starts routing to router B instead of to router A which it is doing now.

Please note that we have two links to the MPLS network from router A and that we're using eBGP multihop to load balance those circuits. I've also cleared out the WAN addressing and renamed a few other things for privacy reasons.

Thanks in advance for your help.

I have this problem too.
0 votes
Correct Answer by mikedavi1 about 9 years 7 months ago

I don't think I have an answer you will like, though I hope it will be helpful in some way.

I don't think they are BSing you. BGP sounds like it is working as designed and implemented.

It's true, you are using eBGP and your configuration makes sense. But ATT, and indeed most providers will be using eBGP toward their MPLS VPN customers, and iBGP or a mix of eBGP and iBGP in their core network. When an update gets to a BGP router, it will make a decision which path is the best path based on algorithm + policy (like your route-maps) and it is that best path that is sent to peers. This process is followed across both AT&T and your BGP routers. The default is to select a single best path.

This single best path behavior can be modified. Three such featurs are iBGP Multipath, eBGP Multipath, and eiBGP Multipath. These feature allows the BGP router to select more than one "equal" best path. However, such features may break or adversely affect AT&Ts core in some fashion that you and I will never have visibility to.

So, in my opinion, it sounds like they cannot or will not modify their network for your use-case. The problem you are facing is not necessarily a technical problem on your end, but is likely a technical, a policy, a business ($$) or an implementation problem from AT&T. And while a say problem, I don't mean broken, but rather a problem for you.

HTH,

Mike

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
mikedavi1 Wed, 02/21/2007 - 13:04

When you look on routers C and D, are you seeing all four updates for the network in question?

Ie:

Router C:

10.46.0.56/32 via A, Community = 100

10.46.0.0/16 via A, Community = 100

10.46.0.56/32 via B, Community = 250

10.46.0.0/16 via B, Community = 250

Router D:

10.46.0.56/32 via A, Community = 100

10.46.0.0/16 via A, Community = 100

10.46.0.56/32 via B, Community = 250

10.46.0.0/16 via B, Community = 250

My guess is, you are not seeing all four updates. If I'm correct, sounds like your provider is not allowing iBGP multipath in their cloud. They are selecting a single best path for 10.46.0.0/16 and 10.46.0.56/32 and passing that best path to routers C & D. When you configure the bgp network 10.46.0.56 command, you change the origin and make it a better path than before.

Does this seem consistent with what you are seeing?

Mike

chalkspray Wed, 02/21/2007 - 13:38

You're correct, I only see the one route in the table to the networks in question. I don't see multiple routes. When I enter the network statement on router B, the new route is not placed into the table on router B. The route that I want it to use remains. As soon as I do a trace from router D however, the statement from router A disappears and is replaced with the route through router B.

I've been back and forth with AT&T over this but every time I call them they act as if they don't know what I'm trying to do and eventually say that there's nothing wrong. They don't want to support us because we are not a managed customer. We are using eBGP though, not iBGP. All along I've been thinking that they are somehow adjusting the routing process because my router would show the route it wants to take, but it wouldn't go there.

The last time I spoke with AT&T, they told me that their backbone is running BGP, and that regardless of what methods I use to try to influence the routing process, there's no guarantee that their backbone will route the packets that way. They claim that they have other customers with two T3's at one site and that only one is being used and they can't influence the BGP routing selection.

Are they feeding me a bunch of BS or is there some truth to this? I am new to BGP and have always used EIGRP or OSPF or RIP in the past, but once we moved to the MPLS network, it was either BGP or static routing, which is a no brainer.

Correct Answer
mikedavi1 Wed, 02/21/2007 - 14:05

I don't think I have an answer you will like, though I hope it will be helpful in some way.

I don't think they are BSing you. BGP sounds like it is working as designed and implemented.

It's true, you are using eBGP and your configuration makes sense. But ATT, and indeed most providers will be using eBGP toward their MPLS VPN customers, and iBGP or a mix of eBGP and iBGP in their core network. When an update gets to a BGP router, it will make a decision which path is the best path based on algorithm + policy (like your route-maps) and it is that best path that is sent to peers. This process is followed across both AT&T and your BGP routers. The default is to select a single best path.

This single best path behavior can be modified. Three such featurs are iBGP Multipath, eBGP Multipath, and eiBGP Multipath. These feature allows the BGP router to select more than one "equal" best path. However, such features may break or adversely affect AT&Ts core in some fashion that you and I will never have visibility to.

So, in my opinion, it sounds like they cannot or will not modify their network for your use-case. The problem you are facing is not necessarily a technical problem on your end, but is likely a technical, a policy, a business ($$) or an implementation problem from AT&T. And while a say problem, I don't mean broken, but rather a problem for you.

HTH,

Mike

chalkspray Wed, 02/21/2007 - 14:17

Thank you very much for the help, I appreciate it.

It's going to take some begging and a lot of paperwork, but I think we can "convince" the host provider (for the mainframe 10.46.0.56) to adjust their firewall policies to allow any of our networks to connect via any of their connections to us. Then once we're ready, we'll run EIGRP between us and them at two sites. Even if AT&T's BGP forces us to use only one path to the host, if their firewall allows it, it will work for us.

Thanks again for your help.

Actions

This Discussion