Thanks Mohammed

R2 and R5 are actually firewalls that pass the BGP traffic. i used routers instead to simulate them :-)

I knew that BGP advertises only the best prefix. I am not able to figure out how i should make sure that R7 always uses R3 and R1 for reaching the networks rather than using R4 and R6 using community strings.

What attribute is used normally in the ISPs if they have a scenario like this?

Narayan

Narayan,

You can play with the local-preference or the weight when the route is injected into the VRF via an import map on the VRF level, something like this:

!

ip vrf test

rd 1.1.1.1:1

import map test

route-target export 1:1

route-target import 1:1

!

!

route-map test permit 10

match ip address prefix-list test

match ip route-source prefix-list source

set weight 65535

!

route-map test permit 20

!

ip prefix-list test seq 5 permit x.x.x.x/y

ip prefix-list source seq 5 permit w.w.w.w/y

BR,

Mohammed Mahmoud.

Mohammed,

I dont think ip route-source is suuported when the route-map is inbound

I will try to use other attributes but the customer is very adamant in using only communities

Edit: i did try to set the BGP attributes on the addess-family but is not transported across the MPLS

eg

address-family ipv4 vrf abc

neighbor 20.20.20.1 route-map test in

Narayan

Hi Narayan

Could you not use MED to influence which route will be chosen. So if both CE's are advertising out the same networks apply a MED that favours the routes coming from R1 and then these would be the routes advertised to R7.

We do something similiar in our MPLS network where we have 2 sites that advertise their own and each other's networks out with MED's so if one site fails the other site can handle all the traffic. Obviously in our scenario we have a backup link between the 2 sites.

Jon

Jon,

we have another MPLS cloud that gives connectivity between R1 and R7 (something similar to your backup link)

Using MEDs might require that i need to do a always-compare-med on all the routers

Narayan

Narayan

Our backup link was just a P2P link ie. not MPLS so we only had one AS to worry about, so can't say for sure whether using MED across multiple AS's would get you what you want.

Like you say "always-compare-med" may be the solution but i have never used this.

Jon

Narayan,

I'll test a couple of thoughts and feed you back.

Jon,

Hope you are fine. I've tried to reply on your email a couple of days ago, but i get "Delivery to the following recipients failed due to a permanent error" "Remote host said: 550 This system has been configured to reject your mail (B)".

BR,

Mohammed Mahmoud.

Thanks Mohammed.

Let me know if you need more information, i can send you a seperate mail which includes the complete requirement

Narayan

Dear Narayan,

I've used an inbound route-map under the ipv4 VRF address-family and manipulated both local-preference and weight, and as expected local-preference value was sent via MBGP to the other PE router, and thus you can use local-preference to prefer a certain route all over the network.

In the attached setup, CE-6 is connected to PE-5 and PE-4 is connected to PE-5 (sorry that i couldn't simulate your exact topology as i am using a current setup in the lab).

Please tell me if i got the view correct, and please correct me if i missed something, and feel free to send more details directly to my email if you wish.

BR,

Mohammed Mahmoud.

Mohammed

That works as desired, but the only problem is that we do not own the MPLS.

This would mean any change that is required to be routed to the SP.

I will send you the complete requirement by weekend

Narayan

Narayan,

As Mohammed pointed out you can do set the local pref inbound when you receive the routes from your CE site, this will set the particular site as the site of preference for all other remote CE sites who want to access the subnets behind the firewall, and the other one would be backup.

If you dont want this and want to selectively load share between the 2 FW location then you can assign a different RD to both these sites with different import export RT values as compared to all the remote CE locations.

And you can have a import route map matching the RT values and setting a higher local pref at each client location PE for the FW location which is closest to that PE and other as backup.

Or if the customer need to have complete control of this manipulation at any given point in time then,

1) you can use the mpls as IGP and form direct IBGP peering over MPLS with your other sites.

2) Or create 2 subinterfaces at each remote client location PE, and poluate then with 2 different vrf's one for each FW location and then set the local pref on the CE BGP router as to which interface to take to go out for which location based on your community value.

HTH-Cheers,

Swaroop

Thanks Swaroop and Mohammed.

I just spoke to the carrier about the above suugestion and is ready to do this for us.

I think this solve all my problems except if there is any other strange requirement again:-)

Narayan