Solved: influencing BGP attributes within MPLS network

Manoj Buddhika · ‎12-04-2011

pls take a look at my question and diagram is attached in the file. pls help me to fix this problem.

I have following requirement about traffic paths within the
MPLS network.MPLS network is running MP-BGP4.

1.Traffic from Europe branch to Asia branch go through London
router.

2.Traffic from America branch to Asia branch go through Los Angeles
router.

3.The two paths through London and Los Angeles should have redundancy.
That is if path through London is not accessible all the traffic must
go through Los Angeles. IF Los Angeles path go down all the traffic must
go through London.

4.Traffic from Asia to Europe and America is controlled by redistributing
BGP4 learned routes with different metrics at the London and Los Angeles
routers.So that trafic from Asia branch to Europe go through London and
traffic from Asia to America go through Los Angeles.

I have been using below configs on the PE routers. But it is not working.
In the MPLS network only one path is selected for both traffic from Europe
and America.Pls can anyone help me to fix this problem.

#PE3
ip vrf CUSTOMER
rd 1:10
route-target export 1:20
route-target import 1:40
export map EXPORT-ROUTE
import map IMPORT-ROUTE
!
interface FastEthernet0/0
description LONDON-GW
ip vrf forwarding CUSTOMER
ip address 1.1.1.2 255.255.255.252
!
router bgp 65400
!
address-family ipv4 vrf CUSTOMER
redistribute connected
neighbor 1.1.1.1 remote-as 65401
neighbor 1.1.1.1 activate
neighbor 1.1.1.1 next-hop-self
neighbor 1.1.1.1 soft-reconfiguration inbound
no auto-summary
no synchronization
exit-address-family
!
ip extcommunity-list 1 permit rt 1:10
!
ip extcommunity-list 2 permit rt 1:40
!
route-map EXPORT-ROUTE permit 10
description LONDON-GW
match extcommunity 1
set extcomm-list 1 delete
set extcommunity rt 1:20 additive
!
route-map IMPORT-ROUTE permit 10
description EU & US-BRANCH
match extcommunity 2

#PE4
ip vrf CUSTOMER
rd 1:10
route-target export 1:30
route-target import 1:40
export map EXPORT-ROUTE
import map IMPORT-ROUTE
!
interface FastEthernet0/0
description LA-GW
ip vrf forwarding CUSTOMER
ip address 2.2.2.2 255.255.255.252
!
router bgp 65400
!
address-family ipv4 vrf CUSTOMER
redistribute connected
neighbor 2.2.2.1 remote-as 65402
neighbor 2.2.2.1 activate
neighbor 2.2.2.1 next-hop-self
neighbor 2.2.2.1 soft-reconfiguration inbound
no auto-summary
no synchronization
exit-address-family
!
ip extcommunity-list 1 permit rt 1:10
!
ip extcommunity-list 2 permit rt 1:40
!
route-map EXPORT-ROUTE permit 10
description LA-GW
match extcommunity 1
set extcomm-list 1 delete
set extcommunity rt 1:30 additive
!
route-map IMPORT-ROUTE permit 10
description EU & US-BRANCH
match extcommunity 2

#PE1
ip vrf CUSTOMER
rd 1:10
route-target export 1:40
route-target import 1:20
route-target import 1:30
export map EXPORT-ROUTE
import map IMPORT-ROUTE
!
interface FastEthernet0/0
description EU-BRANCH
ip vrf forwarding CUSTOMER
ip address 3.3.3.2 255.255.255.252
!
router bgp 65400
!
address-family ipv4 vrf CUSTOMER
redistribute connected
redistribute static
no auto-summary
no synchronization
exit-address-family
!
ip route vrf CUSTOMER 172.16.1.0 255.255.255.0 FastEthernet0/0 3.3.3.1 name EU-BRANCH
!
ip extcommunity-list 1 permit rt 1:10
!
ip extcommunity-list 2 permit rt 1:20
!
ip extcommunity-list 3 permit rt 1:30
!
route-map EXPORT-ROUTE permit 10
description EU-BRANCH
match extcommunity 1
set extcomm-list 1 delete
set extcommunity rt 1:40 additive
!
route-map IMPORT-ROUTE permit 10
description LONDON-GW(MAIN)
match extcommunity 2
set metric 100
!
route-map IMPORT-ROUTE permit 20
description LA-GW(BACKUP)
match extcommunity 3
set metric 200
!
route-map IMPORT-ROUTE permit 30
description OTHER

#PE2
ip vrf CUSTOMER
rd 1:10
route-target export 1:40
route-target import 1:20
route-target import 1:30
export map EXPORT-ROUTE
import map IMPORT-ROUTE
!
interface FastEthernet0/0
description US-BRANCH
ip vrf forwarding CUSTOMER
ip address 4.4.4.2 255.255.255.252
!
router bgp 65400
!
address-family ipv4 vrf CUSTOMER
redistribute connected
redistribute static
no auto-summary
no synchronization
exit-address-family
!
ip route vrf CUSTOMER 192.168.1.0 255.255.255.0 FastEthernet0/0 4.4.4.1 name US-BRANCH
!
ip extcommunity-list 1 permit rt 1:10
!
ip extcommunity-list 2 permit rt 1:20
!
ip extcommunity-list 3 permit rt 1:30
!
route-map EXPORT-ROUTE permit 10
description US-BRANCH
match extcommunity 1
set extcomm-list 1 delete
set extcommunity rt 1:40 additive
!
route-map IMPORT-ROUTE permit 10
description LONDON-GW(BACKUP)
match extcommunity 2
set metric 200
!
route-map IMPORT-ROUTE permit 20
description LA-GW(MAIN)
match extcommunity 3
set metric 100
!
route-map IMPORT-ROUTE permit 30
description OTHER

Vaibhava Varma · ‎12-24-2011

Hi Manoj

The config seems alright..However the output is little strange as when two different PEs are announcing the same route from Asia then why on PE1 and PE2 the prefix 10.0.2.0/24 is shown to be learnt from single PE only twice...

* i10.0.2.0/24 PE3-IP 0 110 0 65401 ?

*>i PE3-IP 0 110 0 65401 ?

I think its bcoz of RRs coming in between..The RRs are selecting PE3 as the best route intermediately and announcing only PE3's routes further to PE1 and PE2..Interesting Issue to be looked at as I did not think of this before that RR's will be doing intermediate bgp best path selection..Now to overcome this issue we need to ensure that the RR's keep both the copies of route learnt from PE3 and PE4 and advertise the same to PE1/PE2..To do so we need to change the RD of vrf CUSTOMER on PE4 to 1:20 so that now the IPv4 Prefix 10.0.2.0/24 becomes two unqiue vpnv4 prefixes and hence RR reflects both of them to PE1/PE2..Now using the same community route-map inwards on PE1/PE2 we can match the export RT values of PE3/PE4 and set the local preference to 110..This will solve our requirement,

But we should make a note that changing the RD config on an already running VRF will result in disruption of services as the vrf needs to deleted and redefined..

Also on a side note when we are matching on the RT values on PE1/PE2 there is no need to set standard community on PE3/PE4 so we can get rid of the route-map config on PE3/PE4

Hope this helps to answer your query.

Regards

Varma

Message was edited by: Vaibhava Varma

View solution in original post

Konstantin Dunaev · ‎12-05-2011

could you please post it here without a zip file? or at least attach only a test file without zip-compression?

Peter Paluch · ‎12-05-2011

Konstantin,

Sadly, the CSC is performing the ZIP compression automatically on most posted files (IMHO, quite an annoying feature). I don't think Manoj can do anything about it, apart from posting the contents of the text file directly into the body of his message.

Best regards,

Peter

Konstantin Dunaev · ‎12-05-2011

may be I'm mistaken, but I don't really see any TE configuration in your config, the traffic follow the best-bgp-routing path.

And in your particular case you don't really need a TE it would be enough to set a BGP attributes to prefer a certain BGP peers.

Manoj Buddhika · ‎12-05-2011

Yeah there is no TE configured . Actually what I want is to control traffic flow within the MPLS network so that it meets my requirement, which is traffic from Europe go through London Gateway and traffic from America go through Los Angeles gateway.

if you have any other questions regarding my configs and diagrams feel free to ask.

thank you

Peter Paluch · ‎12-07-2011

Hello Manoj,

My question is basically the same as Konstantin's - do you have a special need to solve this using MPLS TE? It seems that your need can be accomplished simply by properly influencing BGP's attributes and bestpath selection.

Best regards,

Peter

Manoj Buddhika · ‎12-07-2011

Yes I dont need to have MPLS TE. I was wrong naming the topic ass traffic engineering. Actuall as you can see from my config file I was trying to influence path selection using BGP's attributes. But it is not working for me at the moment and I dont know where I am wrong. What I want is to give a idea about ho should I set bgp attributes within the MPLS network and a example configuration or something.

Thank you.

Manoj Buddhika · ‎12-08-2011

I have put my question without zip file. pls every body have a look . thanks

Konstantin Dunaev · ‎12-09-2011

Hi Manoj,

are those PE's router under your controll?

are there only 4 routers?

How PE routers are BGP-interconnected, are there Route-reflectors?

Manoj Buddhika · ‎12-09-2011

HI Konstantin,

Yes those PE's are under my control.

yes there are two Route-reflectors in the MPLS network. Each PE has a IBGP peering with the each Route-reflectors.

those IBGP peering works fine and so I haven't showed those configs because show run will include other customers configs also. I want to know is whether the way I am trying to influence routing within the MPLS network is right or wrong. If wrong where I am wrong .If you have any other questions pls feel free to ask.

Thank you.

Vaibhava Varma · ‎12-09-2011

HI Manoj

So the problem here is that when Europe or America tries to send traffic to Asia they only exit via one path either London or LA Gateway Router..Is that

Correct ?

How about traffic moving from Asia to Europe or America..Is the same happening here also that it follows only 1 exit path same as above..I don't think so..This is a case of Assyemtric Routing due to the underlying MPLS Network Topology and default BGP behaviour.

You have mentioned above that there is a controlled redistribution happening at London and LA Gateway Routers for BGP4 routes with different metrics.But this would only help to control the routing path from Asia to Europe or America and not the reverse traffic.

Now since when we talk of Asia Subnets lets take example of 10.0.1.0/24.This will be learnt via OSPF at both London and LA Gateway routers and sent via BGP4 to PE Routers and further across MPLS Domain. Now when the PE1 and PE2 receive the route 10.0.1.0/24 they will only select 1 Best Path per BGP best path rules and traffic from Europe/America can exit out via either London/LA..This is the deffault BGP Behaviuor inside MPLS Domain.

Now to solve the issue of desired routing paths what we need is a deterministic way to explicilty set the next-hop of all Asia routes at PE1 to PE3 MP-iBGP Loopback and on PE2 to PE4 MP-iBGP Loopback..Even MPLS TE will not solve this issue as the problem here is to select PE3 or PE4 as exit points when traffic is sourced from PE1 and PE2 for Asia Subnets..

So my solution will be as below:

1. Use Different BGP Community at PE3(64513:1111) and PE4(64513:2222) for Asia Subnets and advertise the same to PE1 and PE2

2. On PE3 and PE4 under vpnv4 config use an inbound route-map with two terms.

a) on PE3-Term 10 to match on the PE3's Asia BGP Community(64513:1111) and set the Local Preference to 110. Term 20 to allow anything else for normal unaltered routing.

b)on PE4-Term 10 to match on the PE4's Asia BGP Community(64513:2222) and set the Local Preference to 110. Term 20 to allow anything else for normal unaltered routing.

This will help to get the desired routing control required along with the redundancy in this scenario.

Hope this helps to answer your question. Please let me know for any clarifications.

Regards

Varma

Manoj Buddhika · ‎12-10-2011

Hi Varma,

Thank you very much for your advice.

>So the problem here is that when Europe or America tries to send traffic to Asia they only exit via one path either London or LA >Gateway Router..Is that Correct ?

yes you are correct . Exactly that is the problem I am facing.

about your solution how is it going to be configurtion of community in the routers PE1 and PE2. Could you pls give me a sample configuration of PE1,PE2,PE3,PE4 ?

Is it ok to use same vrf for all PE routers? will the PE1 and PE 2 have two BGP communitys like 64513:1111 and 64513:2222.

thank you

Vaibhava Varma · ‎12-10-2011

Hi Manoj

What we need here is to send the Asia Subnets from PE3 and PE4 with separate communities and we need to match them in same order at PE1 and PE2 ( PE1 & PE3 make a pair and PE2 & PE4 make another pair )

Yes we need to keep the same VRF on all the PEs for establishing full mesh communication between the 3 Sites. No We will use just 1 community on each PE..

Below is a sample configuraion for same assuming the MPLS Backbone serves other VPN Customers also..

On PE1-- Under VPNv4 We enable sending out the normal community values out to the RR.Then we match the extcommunity rt for the VRF Customer and set the community value to 65400:1111 which will be matched at PE3

router bgp 65400

!

address-family vpnv4

neighbor "RR-IP" send-community both

neighbor "RR-IP" route-map community out

exit-address-family

!

route-map community permit 10

match extcommunity CUSTOMER

set community 65400:1111

!

route-map community permit 20

!

ip extcommunity-list standard CUSTOMER permit rt 1:40

On PE2-- Under VPNv4 We enable sending out the normal community values out to the RR.Then we match the extcommunity rt for the VRF Customer and set the community value to 65400:2222 which will be matched at PE4

router bgp 65400

!

address-family vpnv4

neighbor "RR-IP" send-community both

neighbor "RR-IP" route-map community out

exit-address-family

!

route-map community permit 10

match extcommunity CUSTOMER

set community 65400:2222

!

route-map community permit 20

!

ip extcommunity-list standard CUSTOMER permit rt 1:40

On PE3-- Under VPNv4 We match the community value 65400:1111 which was set at PE1 and set the LP to 110

router bgp 65400

!

address-family vpnv4

neighbor "RR-IP" route-map community in

exit-address-family

!

route-map community permit 10

match community CUSTOMER

set local-preference 110

!

route-map community permit 20

!

ip community-list standard CUSTOMER permit 65400:1111

On PE4-- Under VPNv4 We match the community value 65400:2222 which was set at PE2 and set the LP to 110

router bgp 65400

!

address-family vpnv4

neighbor "RR-IP" route-map community in

exit-address-family

!

route-map community permit 10

match community CUSTOMER

set local-preference 110

!

route-map community permit 20

!

ip community-list standard CUSTOMER permit 65400:2222

Make Sure that RR is enabled to propogate the normal BGP communities as well...

Hope this helps to answer your question..Please let me know for any clarifications..

Regards

Varma

Manoj Buddhika · ‎12-13-2011

HI Varma

IN my MPLS network for all PE's we have configured peer group and we have configuration like this on evry PE router.

router bgp 65400

!

address-family vpnv4

neighbor "PEER-GROUP" send-community extended

neighbor "RR-IP" activate

exit-address-family

!

So configuring to send both extended and normal communities is not possibel. Do you have any solution to this. Another thing I am still not understanding the way to defing vrf . That is which rd: values should be use on which router?

ip vrf xxx

rd ???:xxx

route-target export ???:xxx

route-target import ???:xxx

I don't understand clearly which ??? & xxx should use on which PE router on the configuration you provided me.

Thank you.

Manoj

Vaibhava Varma · ‎12-13-2011

Hi Manoj

"send-community both" will export both Standard and Extended Communities

The Standard Community Values which we are setting up New on PE3 and PE4 and Matching on PE1 and PE2 can be anything in ASN:nn Format..I Just randomly chose them as 65400:1111 on PE3/PE1 and 65400:2222 on PE4/PE2.

The extcommunity values to be used on PE3/PE4 will be the export RT values used in the VRF Customer Config as posted in your first post..

#PE3

ip vrf CUSTOMER

rd 1:10

route-target export 1:20

route-target import 1:40

export map EXPORT-ROUTE

import map IMPORT-ROUTE

#PE4

ip vrf CUSTOMER

rd 1:10

route-target export 1:30

route-target import 1:40

export map EXPORT-ROUTE

import map IMPORT-ROUTE

I think I mixed up little with PE3 as PE1 and PE4 as PE2 instead ..Revised corrected config would be

On PE3-- Under VPNv4 We enable sending out the normal community values out to the RR.Then we match the extcommunity rt for the VRF Customer and set the community value to 65400:1111 which will be matched at PE1

router bgp 65400

!

address-family vpnv4

neighbor "RR-IP" send-community both

neighbor "RR-IP" route-map community out

exit-address-family

!

route-map community permit 10

match extcommunity CUSTOMER

set community 65400:1111

!

route-map community permit 20

!

ip extcommunity-list standard CUSTOMER permit rt 1:20

On PE4-- Under VPNv4 We enable sending out the normal community values out to the RR.Then we match the extcommunity rt for the VRF Customer and set the community value to 65400:2222 which will be matched at PE2

router bgp 65400

!

address-family vpnv4

neighbor "RR-IP" send-community both

neighbor "RR-IP" route-map community out

exit-address-family

!

route-map community permit 10

match extcommunity CUSTOMER

set community 65400:2222

!

route-map community permit 20

!

ip extcommunity-list standard CUSTOMER permit rt 1:30

On PE1-- Under VPNv4 We match the community value 65400:1111 which was set at PE3 and set the LP to 110

router bgp 65400

!

address-family vpnv4

neighbor "RR-IP" route-map community in

exit-address-family

!

route-map community permit 10

match community CUSTOMER

set local-preference 110

!

route-map community permit 20

!

ip community-list standard CUSTOMER permit 65400:1111

On PE2-- Under VPNv4 We match the community value 65400:2222 which was set at PE4 and set the LP to 110

router bgp 65400

!

address-family vpnv4

neighbor "RR-IP" route-map community in

exit-address-family

!

route-map community permit 10

match community CUSTOMER

set local-preference 110

!

route-map community permit 20

!

ip community-list standard CUSTOMER permit 65400:2222

Make Sure that RR is enabled to propogate the normal BGP communities as well...

Hope this helps to answer your question..Please let me know for any clarifications..

Regards

Varma