Solved: How can BGP VPNv4 route be preferred over EIGRP external route?

SIMMN · ‎05-04-2025

Quote from MultiSite white paper:

“When using EIGRP with the external network, the EIGRP metric associated to the prefixes received on the L3Outs is propagated as MED in the ACI VPNv4 BGP process running inside the fabric. This means that if the same prefix is received on the L3Out of site 1 and site 2, the local L3Out would be used by default for outbound flows only if the EIGRP metric is the same. If the EIGRP metric of the prefix received on the L3Out of a specific site is “better” (i.e., lowest), than the prefix will be injected into BGP with a “better” (lower) MED value, so all the outbound flows (from the local and the remote sites) will be sent via that L3Out connection.”

White paper Link: https://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/white-paper-c11-739609.html

Even with lower metric, the BGP VPNv4 route would have AD 200 while the EIGRP route for the same prefix would have AD 170…How can BGP VPNv4 route be preferred over EIGRP external route in ACI?

M02@rt37 · ‎05-13-2025

Hello @SIMMN

You're true that EIGRP external routes have an AD of 170 and BGP VPNv4 routes have an AD of 200 ; this AD comparison only applies locally on the border leaf nodes when multiple routing sources are available for the same prefix. However, the ACi fabric uses BGP VPNv4 internally to propagate routes betwen sites over the Multi-Site Control Plane, and it does not rely on AD in the traditional sense within the fabric...

When a prefix is learned via EIGRP at a site, ACI redistribute it into BGP VPNv4 with a corresponding MED value derived from the EIGRP metric. The BGP VPNv4 route is then advertised across sites. Even though the AD of BGP is higher, ACI uses the lowest MED value from the BGP routes to determine the best exit path for outbound traffic from any site. Therefore, the BGP route with the better (lower) MED, which is influenced by the original EIGRP metric, will be used to steer traffic—even acros sites. Local EIGRP routes take precedence for inbound trafic routing at a site, but for intersite outbound routing decisions, MED in BGP is the key metric used to prefer one site’s exit point over another, not AD.

You need to focus on BGP tiebreakers like MED, not administrative distance.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

View solution in original post

AshSe · ‎05-13-2025

Hello @SIMMN

Could you please share the link for better, deeper, and wider understanding of the above statement.

Stay Curious!

AshSe

SIMMN · ‎05-13-2025

White paper link has been updated in the post.

M02@rt37 · ‎05-13-2025

Hello @SIMMN

You're true that EIGRP external routes have an AD of 170 and BGP VPNv4 routes have an AD of 200 ; this AD comparison only applies locally on the border leaf nodes when multiple routing sources are available for the same prefix. However, the ACi fabric uses BGP VPNv4 internally to propagate routes betwen sites over the Multi-Site Control Plane, and it does not rely on AD in the traditional sense within the fabric...

When a prefix is learned via EIGRP at a site, ACI redistribute it into BGP VPNv4 with a corresponding MED value derived from the EIGRP metric. The BGP VPNv4 route is then advertised across sites. Even though the AD of BGP is higher, ACI uses the lowest MED value from the BGP routes to determine the best exit path for outbound traffic from any site. Therefore, the BGP route with the better (lower) MED, which is influenced by the original EIGRP metric, will be used to steer traffic—even acros sites. Local EIGRP routes take precedence for inbound trafic routing at a site, but for intersite outbound routing decisions, MED in BGP is the key metric used to prefer one site’s exit point over another, not AD.

You need to focus on BGP tiebreakers like MED, not administrative distance.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

SIMMN · ‎05-13-2025

M02@rt37 wrote:

this AD comparison only applies locally on the border leaf nodes when multiple routing sources are available for the same prefix.

This is what I missed I think...