I am planning an MPLS WAN. There are two data centers which I will refer to as 'hub 1' and 'hub 2'. Both hub 1 and hub 2 are running BGP on the WAN and EIGRP on the LAN, all remote sites are also running BGP on the WAN and EIGRP on the LAN.
Half of the remote sites are legacy hub 1 sites, so hub 1 should send a default route to these sites.
The other half of the remote sites are legacy hub 2 sites, so hub 2 should send a default route to these sites.
I would also like a default route sent from hub 1 to legacy hub 2 sites in the event that hub 2 is not accessible (and vice-versa).
What is the best way to accomplish this?
To provide a solution for you, we would need to know what your provider is capable of providing you. Does your MPLS VPN provider allow the use of communities to set BGP attributes within the MPLS cloud ? If so, you could use that to influence route selection....
Also, does your provider give you an option of advertising all routes versus just the default to CEs ?
I don't know. The provider is MCI/Verison. I will try to find out this information.
I think they do allow the use of communities.
If so, I would set the hub 1 legacy sites to one BGP community (along with the appropriate attributes) and set hub 2 legacy sites to another BGP cummunity?
What are my other options if MCI doesn't allow communities?
Would something like this work or am I way off -
router bgp 111
neighbor 18.104.22.168 route-map DEFAULT_ROUTE out
ip as-path access-list 100 permit ^AS# of legacy hub 1 sites$
ip as-path access-list 200 permit ^AS# of legacy hub 2 sites$
route-map DEFAULT_ROUTE permit 10
match as-path 100
match ip address 0.0.0.0
set local-preference 250
route-map DEFAULT_ROUTE permit 20
match as-path 200
match ip address 0.0.0.0
set local-preference 200
That will work alright on the CE but as soon as it gets to the PE, the PE will make an independent decision of where to send the traffic. So that will not work. In most cases, the PE will pick either hub1 or hub2 to send the traffic to and will do that regardless of which CE it is connected to...
I had a bit more of a think about this. What you are asking for is essentially source-based routing (if you end up with both hub1 and hub2 sites on the same provider edge router). That will be hard to make work...
What you need to do is to get two VONS (VRFs) from the provider and then export/import routes between them. That way, you can achieve what you want.
Pls remember to rate posts.
Thanks. That's kinda what I was thinking (routing based on source), but I haven't been exposed to BGP that much, so I thought there might be a way around it.
I also rated the post.
If I can get hub 1 and hub 2 to both advertise the default route, but advertise it with different 'weights' (whether that be weight, local-preference, etc) then the route to the appropriate hub is just the preferred route, so source routing is not an issue at that point, correct?
Is the problem that there is no way to do this through an MPLS cloud?
Yeah, the VPN cloud imposes some special requirements. Firstly, you'll be running EBGP with your provider, so you can't use attributes like LOCAL_PREF. Also, weight is local to a router.
Here's the problem: say that somehow you manage to convince the PE that the default route to hub1 is 'better' (don't worry about how, at this point). So it will treat that as the better route. Now, say you have both legacy hub1 and legacy hub2 sites connected to that PE. When a packet somes in from a legacy hub1 site, it will send it out using the hub1 default, which was the best route. When a packet somes in from a legacy hub2 site, it will also send it out using the hub1 default, which was the best route. It cannot choose the hub2 default since you made it less preferable. In any case, it can install only one default. What you are requiring is for it to choose a default based on the source of the packet. Unless the provider is willing to do policy-based routing, you will need to get two VPNs (VRFs)....
Hope that helps - pls rate the post if it does.
As already pointed out, the solution to the problem depends on the provider configuration. And the provider might have to do some form of PBR. If the requirement is critical, then I might advice that you tunnel (create GRE tunnels from each branch to the hub site) across the provider network. This will remove the dependence on the provider. You can not configure your BGP network, such that default route are the only route exchanged via the tunnel interfaces. The communities, weight, local preference, communities can then be configured as desired to achieve your scenario.