Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

same netowork advt from 2 different CE's on the MPLS

Please refer to the diagram attached

R3 and R4 are running MPLS (IGP running between them is static)

The CE's (R1 and R6) advertises the same prefixes to the resperctive PE's with specific community strings

Is it possible that PE (R3) advertises both the paths to R7 so that it can make a decision on choosing the path based on the attributes i set on R7?

configs are attached

Narayan

1 ACCEPTED SOLUTION

Accepted Solutions

Re: same netowork advt from 2 different CE's on the MPLS

Hi Swaroop,

Very nice suggestions indeed.

Narayan, you can go for another approach that we consider in our solutions, you can agree with your provider that routes coming with certain community string shall have its local-preference increased, thus you'll have full control to tag the desired routes from the desired CE with this community string, and your provider will match upon it and set the local-preference.

BR,

Mohammed Mahmoud.

15 REPLIES

Re: same netowork advt from 2 different CE's on the MPLS

Hi Narayan,

I hope that everything is going fine with you.

First of all i am wondering what does R2 and R5 represent in your design.

As for the routes advertised by R1 and R6, BGP only advertise the best route to a certain network, thus R3 will always send the best route to R7 rather than sending both routes.

BR,

Mohammed Mahmoud.

Re: same netowork advt from 2 different CE's on the MPLS

Thanks Mohammed

R2 and R5 are actually firewalls that pass the BGP traffic. i used routers instead to simulate them :-)

I knew that BGP advertises only the best prefix. I am not able to figure out how i should make sure that R7 always uses R3 and R1 for reaching the networks rather than using R4 and R6 using community strings.

What attribute is used normally in the ISPs if they have a scenario like this?

Narayan

Re: same netowork advt from 2 different CE's on the MPLS

Narayan,

You can play with the local-preference or the weight when the route is injected into the VRF via an import map on the VRF level, something like this:

!

ip vrf test

rd 1.1.1.1:1

import map test

route-target export 1:1

route-target import 1:1

!

!

route-map test permit 10

match ip address prefix-list test

match ip route-source prefix-list source

set weight 65535

!

route-map test permit 20

!

ip prefix-list test seq 5 permit x.x.x.x/y

ip prefix-list source seq 5 permit w.w.w.w/y

BR,

Mohammed Mahmoud.

Re: same netowork advt from 2 different CE's on the MPLS

Mohammed,

I dont think ip route-source is suuported when the route-map is inbound

I will try to use other attributes but the customer is very adamant in using only communities

Edit: i did try to set the BGP attributes on the addess-family but is not transported across the MPLS

eg

address-family ipv4 vrf abc

neighbor 20.20.20.1 route-map test in

Narayan

Hall of Fame Super Blue

Re: same netowork advt from 2 different CE's on the MPLS

Hi Narayan

Could you not use MED to influence which route will be chosen. So if both CE's are advertising out the same networks apply a MED that favours the routes coming from R1 and then these would be the routes advertised to R7.

We do something similiar in our MPLS network where we have 2 sites that advertise their own and each other's networks out with MED's so if one site fails the other site can handle all the traffic. Obviously in our scenario we have a backup link between the 2 sites.

Jon

Re: same netowork advt from 2 different CE's on the MPLS

Jon,

we have another MPLS cloud that gives connectivity between R1 and R7 (something similar to your backup link)

Using MEDs might require that i need to do a always-compare-med on all the routers

Narayan

Hall of Fame Super Blue

Re: same netowork advt from 2 different CE's on the MPLS

Narayan

Our backup link was just a P2P link ie. not MPLS so we only had one AS to worry about, so can't say for sure whether using MED across multiple AS's would get you what you want.

Like you say "always-compare-med" may be the solution but i have never used this.

Jon

Re: same netowork advt from 2 different CE's on the MPLS

Narayan,

I'll test a couple of thoughts and feed you back.

Jon,

Hope you are fine. I've tried to reply on your email a couple of days ago, but i get "Delivery to the following recipients failed due to a permanent error" "Remote host said: 550 This system has been configured to reject your mail (B)".

BR,

Mohammed Mahmoud.

Re: same netowork advt from 2 different CE's on the MPLS

Thanks Mohammed.

Let me know if you need more information, i can send you a seperate mail which includes the complete requirement

Narayan

Re: same netowork advt from 2 different CE's on the MPLS

Dear Narayan,

I've used an inbound route-map under the ipv4 VRF address-family and manipulated both local-preference and weight, and as expected local-preference value was sent via MBGP to the other PE router, and thus you can use local-preference to prefer a certain route all over the network.

In the attached setup, CE-6 is connected to PE-5 and PE-4 is connected to PE-5 (sorry that i couldn't simulate your exact topology as i am using a current setup in the lab).

Please tell me if i got the view correct, and please correct me if i missed something, and feel free to send more details directly to my email if you wish.

BR,

Mohammed Mahmoud.

Re: same netowork advt from 2 different CE's on the MPLS

Mohammed

That works as desired, but the only problem is that we do not own the MPLS.

This would mean any change that is required to be routed to the SP.

I will send you the complete requirement by weekend

Narayan

Re: same netowork advt from 2 different CE's on the MPLS

Narayan,

As Mohammed pointed out you can do set the local pref inbound when you receive the routes from your CE site, this will set the particular site as the site of preference for all other remote CE sites who want to access the subnets behind the firewall, and the other one would be backup.

If you dont want this and want to selectively load share between the 2 FW location then you can assign a different RD to both these sites with different import export RT values as compared to all the remote CE locations.

And you can have a import route map matching the RT values and setting a higher local pref at each client location PE for the FW location which is closest to that PE and other as backup.

Or if the customer need to have complete control of this manipulation at any given point in time then,

1) you can use the mpls as IGP and form direct IBGP peering over MPLS with your other sites.

2) Or create 2 subinterfaces at each remote client location PE, and poluate then with 2 different vrf's one for each FW location and then set the local pref on the CE BGP router as to which interface to take to go out for which location based on your community value.

HTH-Cheers,

Swaroop

Re: same netowork advt from 2 different CE's on the MPLS

Hi Swaroop,

Very nice suggestions indeed.

Narayan, you can go for another approach that we consider in our solutions, you can agree with your provider that routes coming with certain community string shall have its local-preference increased, thus you'll have full control to tag the desired routes from the desired CE with this community string, and your provider will match upon it and set the local-preference.

BR,

Mohammed Mahmoud.

Re: same netowork advt from 2 different CE's on the MPLS

Thanks Swaroop and Mohammed.

I just spoke to the carrier about the above suugestion and is ready to do this for us.

I think this solve all my problems except if there is any other strange requirement again:-)

Narayan

Re: same netowork advt from 2 different CE's on the MPLS

Narayan,

Nice to hear this. There will always be strange requirements, this is life :)

BR,

Mohammed Mahmoud.

217
Views
10
Helpful
15
Replies