10-27-2009 10:30 AM
Hello Netpros,
Here's the sample scenario:
- plain MPLS network (MPBGP + OSPF) with VRF VPNs
- VRF XXX configured say on PE1,PE2,PE3
- PE1 and PE2 are colocated in the same site: there is a a transit vlan to communicate with a couple of firewalls, mapped to VRF XXX; no CEs, just HSRP/VRRP and static routic redistributed in MPBGP
How can I force PE3 (remote site) to choose PE1 as best path to reach the Firewalls, for the single VRF XXX ?
Hope it's clear, thanks a lot
Andrea
Solved! Go to Solution.
10-29-2009 10:39 AM
Hello Andrea,
your findings are correct not all route-map statements are acceptable in this direction.
In this case you need to apply the route-map outbound on PE1, in this way you rise the local-preference at the origin PE.
Hope to help
Giuseppe
10-28-2009 02:04 PM
Hello Andrea,
you should be able to apply a route-map in the vpnv4 address-family where:
you check the IP BGP next-hop= PE1 loopback
and
you check route-target = that of VRF XXX
and you set local-preference to 200
access-list 11 permit host PE1-loop
ip
route-map rise-preference permit 10
match ip next-hop 11
match route-target extcommunity 12
set local-preference 200
! empty final block to accept all other
! vpnv4 routes unchanged
route-map rise-preference permit 20
!
router bgp XX
address-family vpnv4
neigh RRS route-map rise-preference in
this setup should work also with a RRS in the middle unless PE2 is preferred by RRS.
Use different RDs on PE1 and PE2 to be sure routes of both are propagated in the domain.
Hope to help
Giuseppe
10-29-2009 08:29 AM
Hello Giuseppe,
Thank your for your suggestion.
Yes, there are two RRS in the BGP cloud, and PE1 is not preferred by PE2. We do use different RDs for a single VRF on PE1 PE2 to increase convergence and let the routes propagate in the domain.
Now I come to your suggestion:
ip extcommunity-list standard TESTEXT permit rt xxx:xxx
route-map rise-preference permit 10
match extcommunity TESTEXT
set local-preference 200
this works fine (per VRF local preference)
On the other hand:
(config-route-map)#match ip next-hop 11
% "rise-preference" used as BGP inbound route-map, nexthop match not supported
I tried a few PEs, but I got the same error when applying the route-map in vpv4 address-family.
I will try to investigate a little more.
Andrea
10-29-2009 10:39 AM
Hello Andrea,
your findings are correct not all route-map statements are acceptable in this direction.
In this case you need to apply the route-map outbound on PE1, in this way you rise the local-preference at the origin PE.
Hope to help
Giuseppe
10-30-2009 03:39 AM
Giuseppe,
indeed it looks more logic to raise the local preference for a certain vrf (rt) on PE1 (as an example) with an outbound route-map, and works fine with the RRSs too in the middle. PE3 receives a higher local preference and uses PE1 as next hop instead of PE2, that sends routing update with standard local preference.
The complete config on PE1 is then:
router bgp 65000
address-family vpnv4
neighbor RRS1 route-map rise-preference out
neighbor RRS2 route-map rise-preference out
ip extcommunity-list standard TESTEXT permit rt xx:xx
route-map rise-preference permit 10
match extcommunity TESTEXT
set local-preference 200
!
route-map rise-preference permit 20
Thanks a lot
Andrea
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide