cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1671
Views
5
Helpful
12
Replies

BGP MED

WILLIAM STEGMAN
Level 4
Level 4

I'm trying to create a backup solution that uses a vpn tunnel as a backup to our WAN connection. We're running BGP, and basically I need to inject an alternative path into the WAN cloud to my networks via another site that will have a VPN tunnel to my networks. The idea is to use MED, but I'm not convinced this will work. I've attached a diagram to help illustrate. For this to work, MED would have to be communicated to all the iBGP members of the remote AS that my BGP router neighbors with. MED is optional non transitive. Does that mean it will propagate to all iBGP peers in the provider's AS, but not to my remote BGP peers? Referencing the diagram, will the Exton router have a alternative path in its BGP table? If not, and the metric I've modified is propagated to all the provider's BGP peers, does it even matter? Once the primary route goes down, won't the provider's network begin advertising the alternate path it learned using the adjusted metric and alternate path?

thank you,

Bill

1 Accepted Solution

Accepted Solutions

Hello William,

your provider is giving you an MPLS L3 VPN service.

See the following link:

http://www.cisco.com/en/US/docs/ios/12_2t/12_2t11/feature/guide/ft11bmpl.html

In this service model, every CE router will peer only with one (or two) ISP PE router.

The MPLS VPN signaling plane, an extension to BGP is spoken between the PE routers in order to propagate all the customer routes.

However, usually for scalability reasons PE router have actuallu direct iBGP sessions only with Route Reflector Servers.

Shortly, depending on ISP routers' configuration the backup route can be visible on all PE routers or not.

If the Route Reflector can compare the primary path and the backup path, only the primary will be propagated to all the PE routers.

If the two paths are not comparable (they have a different route distinguisher RD) both paths are propagated to all the PE routers (WAN1, , WAN3).

When the WAN has to prepare the updates to the exton router it will send only the primary path to you because it is the best path.

If the primary path fails the backup path should be advertised to all your CE routers.

Convergence is faster is the backup path is already in the PE router BGP tables otherwise the propagation time through the provider network is added.

So the answer to your last question is yes.

Hope to help

Giuseppe

View solution in original post

12 Replies 12

sdoremus33
Level 3
Level 3

bgp-deterministic med command

ok, so using my diagram, does that mean I should apply the bgp-deterministic command under the bgp process on the Exton router? And the MED, or metric, will carry across the provider's mpls network from the Harrisburg router to my other iBGP neighbors, even though a remote AS is in between us?

My understanding of bgp-deterministic is that it groups routes from a particular AS, compares, chooses the best from that group, and compares the best route from that group to the best route from other groups of routes from a an AS. But I can't make the connection on how that helps in my scenario.

Right now the Exton router has a route for all networks outside its own via eBGP because its only neighbor is the provider edge ATT router that is in a different AS than it is. So it will never see any networks tied to any AS other than the provider's.

BGP Deterministic command should be applied to the other router as well

When BGP receives multiple routes to a particular destination, it lists them in the reverse order that they were received, from the newest to the oldest. BGP then compares the routes in pairs, starting with the newest entry and moving toward the oldest entry (starting at top of the list and moving down).

Accordingto your diagram it should also be placed on Wan 1 Wan2 and Wan 3

wan1, wan2, and wan3 are the provider's routers. I was hoping for a solution that wouldn't require them to make any changes.

That's where all my questions about whether the MED will carry over or not. I don't know why we're using bgp, I think ATT required it to be used ove their mpls network, this was in place when I started working here. The way we're set up, is my office and all the other remote offices, Exton for example, are part of a private AS, 65000. We have no direct connection to any iBGP peers, and we have no IGP routes to any iBGP peers. For any of my routers to get to a network in my AS, Exton again as an example, I have to traverse an eBGP router and different AS, the ATT mpls network. I can't make much sense of it myself. I haven't seen any examples of BGP being used in this manner, and I'm hardly an authority on BGP. I'm trying to boil it down to basics, will the metric I forward to an eBGP neighbor propagate to my iBGP peers after it crosses a different AS, AT&T in this case? If not, will it at least propagate to the provider's iBGP peers so they can be aware of an alternate route in the event of a primary failure and begin advertising the new path to my remote offices?

Within any BGP autonomous system , every IBGP speaker must have a fully meshed peering rrangement with every other IBGP speaker because a BGP speaker will not advertise a route learned via another IBGP speaker to a third IBGP speaker

Is synchronization turned on this means that a BGP router with this enabled by default wil not advertise IBGP-leraned routes to other EBGP peers if it is not able to validate those routes in its IGP. HTH

From what I get base on yourt diagram is that you are EBGP peering with your ISP (T&t @ AS 13978) from there WAM 3 is IBGP peering to WAN 2 and WAN 3 , as far as applying med would be from WAN 3 --> WAN 1

WAN 2

then from there depending on the path based upon the MED value set.

What I meant earlier is to have something like this run bgp determinitic med on

WAN 3 --> WAN 1

WAN 2

and letting that take care of the path selection.HTH

ok, but I think the issue is, wan1, wan2, and wan3 are not my routers, so I can't set a med on them. All I can do is set the med on my salt lake and Harrisburg routers. What I'm trying to figure out is if the med I set on my Harrisburg and Salt Lake routers will carry over to wan1, wan2, wan3, and the Exton router.

I am assuming that the WAN provider routers have

1). IBGP Full mesh in there environment which will allow your EBGP updates to traverse ofver the provider network

If that is the case then yes the MED attributes qwill be carried over through the provider EBGP session to the Exton router sice the Exton has only one EBGP peering session to the provider (transit network)

I tried it today, but the additional route isn't showing up on the Exton router

BGP routing table entry for 10.250.0.0/16, version 1477

Paths: (1 available, best #1, table Default-IP-Routing-Table)

Not advertised to any peer

13979 13979

172.21.3.82 from 172.21.3.82 (10.0.2.239)

Origin IGP, localpref 100, valid, external, best

I really appreciate all your input. I'm going to try contacting AT&T, again, to see if I can get some input from their end.

Hello William,

your provider is giving you an MPLS L3 VPN service.

See the following link:

http://www.cisco.com/en/US/docs/ios/12_2t/12_2t11/feature/guide/ft11bmpl.html

In this service model, every CE router will peer only with one (or two) ISP PE router.

The MPLS VPN signaling plane, an extension to BGP is spoken between the PE routers in order to propagate all the customer routes.

However, usually for scalability reasons PE router have actuallu direct iBGP sessions only with Route Reflector Servers.

Shortly, depending on ISP routers' configuration the backup route can be visible on all PE routers or not.

If the Route Reflector can compare the primary path and the backup path, only the primary will be propagated to all the PE routers.

If the two paths are not comparable (they have a different route distinguisher RD) both paths are propagated to all the PE routers (WAN1, , WAN3).

When the WAN has to prepare the updates to the exton router it will send only the primary path to you because it is the best path.

If the primary path fails the backup path should be advertised to all your CE routers.

Convergence is faster is the backup path is already in the PE router BGP tables otherwise the propagation time through the provider network is added.

So the answer to your last question is yes.

Hope to help

Giuseppe

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco