cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6694
Views
14
Helpful
11
Replies

Route Reflector Multiple path MPLS

foysol_bgd
Level 1
Level 1

Hi Experts, 

I want to send same prefix from two different CPE and I want to see both the prefix in other end PE. I know I can modify the RD value in each PE and advertise the route and each PE will need to have multi path enabled. "maximum-paths ibgp unequal-cost 6" 

There are 2 Route reflector in the path in a cluster. 

But I want to prefer CPE1 and used higher MED in CPE2 towards PE2 and want to have the same multipath feature. This will give me a deterministic path and I don't have to rely on IGP cost.

Any advice will be great.

11 Replies 11

Bharat Negi
Level 1
Level 1

Hi 

Request you to elaborate your question.  I am slightly confused that you want to prefer CPE1.

RR is only going to advertise only VPNv4 routes. Once the VPNv4 traffic reaches PE1 & PE2 and get looked up in IPv4 routing table, it will prefer respective PEs.  At this level, if you want to influence all the traffic to be flown out of CPE1 then you need to run some protocol between PE1 & PE2 under VRF for CE1/CE2.  

Regards

Bharat

Hi, 

As per my diagram, both the CE advertise the same prefix. CE1 is preferred as it have lower MED value. Both the CE run EBGP with PE devices.

My question is, I want to advertise both the routes to PE3, there are 2 Route reflectors as per diagram in the middle. What is the best way to accomplish this?

 

You need to make sure that each PE that is advertising the prefix has a unique RD.

You then also have to make sure that the RRs are enabled for multipath. This will mean that the RRs will pass both routes to PE3 so that it can either select the single best path - will come down to IGP cost - or enable multipath so that PE3 will use both egress points.

That should do it. If you enable multipath on PE3 but not on the RRs then PE3 will never get the chance to see both paths.

I think point 5 of Bharat is right. Without MED I can see both the routes in PE3 with different RD in each PE. 

-RR are enabled for multi path. 

address-family vpnv4
bgp additional-paths install

-Each PE devices have maximum path enabled as well. 

address-family ipv4 vrf TEST

 maximum-paths ibgp unequal-cost 6

What are other options? Which one will be best to provide both CPE routes in other end PE. 

-BGP PIC Edge

-Shadow RR.

-BGP Best external. 

Here are some good details in this article. http://packetpushers.net/bgp-rr-design-part-2/

I have tried BGP Best external and looks like this is working with different metric values. I can see both the routes in PE3. But I have to use different RD values. 

http://blog.ipspace.net/2013/05/bgp-best-external-explained.html

I will prefer a solution where I don't have to use different RD values. 

Hi

Have you thought/tired/tested of TE tunnels.

Regards

Bharat

Hello please can you help me regarding this.

Mar  1 00:29:33.551: %BGP-3-NOTIFICATION: received from neighbor 10.0.0.2 2/2 (peer in wrong AS) 2 bytes 00AA

(remote says I am not AA)

Here what is the meaning of 2 bytes 00AA or FDE6

How to find that what is the as no. other side with the help of  FDE6

Hi

I think this is happening -

1. PE1 & PE2 receives the prefix (say 10/8) from CE1 & CE2.

2. PE1 marks the 10/8 with a RD (say 1:1) and with a lower MED (say 10) and advertises to RR.

3. PE2 marks the 10/8 with a RD (say 1:2) and with a higher MED (say 100) and advertises to RR.

4. Now RR has got two unique routes (because of unique RDs) for 10/8 and advertises PE1's route to PE2 & PE2's route to PE1.  And RR also advertises both routes to PE3.

So far so good.  Now the interesting part.

5. Now when PE2 see a route for the same prefix from RR with a lower MED i.e. 10 (RD gone & IPv4 table lookup), it installs the learned route in the routing table and discards route learned from CE2 over eBGP.  This is because MED is considered before eBGP over iBGP in BGP path selection criteria.  PE2 considers the route learned from RR to be best and silently suppresses the advertisement of the prefix learned from CE2 towards RR.

6. RR now only receives one route from PE1 and withdraws previous advertisement (in step 4).  

7. PE3 now gets only one route for the prefix towards PE1.

Hope I explained it correctly.

Now to achieve your goal, PE1 & PE2 must keep advertising routes to RR and RR surely will advertise them to PE3 as they are unique to RR (unique RD).  I am not sure about exact solution to this but I can try to test this in the lab.

Regards

Bharat

Hi,

One solution is to enable BGP Best External feature using the bgp advertise-best-external command, this will enable automatically BGP PIC feature also.

router bgp 200
   address-family ipv4 vrf test
        bgp advertise-best-external
   exit-address-family

You need to have different RD.

regards.

Hi, 

I tried best external. My understanding best external will work for different metric values and both routes will be advertised to Route reflector.

Without modifying the RD values what is the best way to advertise both the routes from Route reflector to other PE devices. I tried to put "additional path install" in vpnv4 of route-reflectors and seems not working. 

I tried BGP PIC edge as well, Definitely I missed something.

http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_bgp/configuration/xe-3s/irg-xe-3s-book/irg-bgp-mp-pic.html

Do your RR really support Add-Path?
From what I understand, bgp add-path install allows for installing backup paths if it is/are already received.

e.g. two different originating PE routers with 2 different RDs

see the output

PE3

router bgp 65432
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor RR peer-group
neighbor RR remote-as 65432
neighbor RR update-source Loopback0
neighbor 172.27.1.1 peer-group RR
neighbor 172.27.2.2 peer-group RR
!
address-family ipv4
exit-address-family
!
!!!!   I have 2RRs
address-family vpnv4
neighbor RR send-community both
neighbor 172.27.1.1 activate
neighbor 172.27.2.2 activate
exit-address-family
!
!!! connection to CE3
address-family ipv4 vrf A
neighbor 10.10.33.2 remote-as 65506
neighbor 10.10.33.2 activate
exit-address-family

7.7.1.0/24 is comming from CE1 & 2
7.7.3.3/32 is comming from CE3

PE3#sh bgp vpnv4 unicast all 
BGP table version is 32, local router ID is 172.27.33.33
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1:1
* i 7.7.1.0/24 172.27.11.11 0 100 0 65506 i
*>i            172.27.11.11 0 100 0 65506 i
Route Distinguisher: 2:2
* i 7.7.1.0/24 172.27.22.22 0 100 0 65506 i
*>i            172.27.22.22 0 100 0 65506 i
Route Distinguisher: 3:3 (default for vrf A)
*>i 7.7.1.0/24 172.27.11.11 0 100 0 65506 i
* i            172.27.22.22 0 100 0 65506 i
*> 7.7.3.3/32 10.10.33.2 0 0 65506 i

You can see, that you are - thanks to different RDs - receiving 2 different prefixes in vpnv4.
If you use bgp additional-path install in afi ipv4 vrf A, you will see something like this.

 address-family ipv4 vrf A
bgp additional-paths install
neighbor 10.10.33.2 remote-as 65506
neighbor 10.10.33.2 activate
exit-address-family
PE3#sh bgp vpnv4 unicast all 
BGP table version is 34, local router ID is 172.27.33.33
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1:1
* i 7.7.1.0/24 172.27.11.11 0 100 0 65506 i
*>i            172.27.11.11 0 100 0 65506 i
Route Distinguisher: 2:2
* i 7.7.1.0/24 172.27.22.22 0 100 0 65506 i
*>i            172.27.22.22 0 100 0 65506 i
Route Distinguisher: 3:3 (default for vrf A)
*>i 7.7.1.0/24 172.27.11.11 0 100 0 65506 i
*bi            172.27.22.22 0 100 0 65506 i
*> 7.7.3.3/32 10.10.33.2 0 0 65506 i

If you want to advertise more routes for the same prefix from a bgp speaker, you need add-path capability. Now I am testing it, and in IOS versions I have it is not supported.

look for CAPABILITY code: 69 in debug bgp all (and clear the session)

If you dont see it, there is no support for sending same prefix multiple times in an update differentiated with the "add-path identifier"

If a BGP speaker receives multiple paths for the same prefix within same session is simply uses the newest one advertisement. (without add path).

Ad: bgp advertise-best-external - it is exactly as Bharat Negi writes. just confirmed it in my lab.

If you use bgp advertise-best-external (not in global bgp, but in address-family ipv4 vrf xyz)

, PE2 WILL advertise the prefix learned from CE2 and PE3 WILL have 2 pfxs available from both PE1 and PE2.

But still, I use different RDs.

might be helpful

http://blog.ine.com/2010/11/22/understanding-bgp-convergence/

please correct me, if I am wrong, still learning as well

Hi foysol_bgd,

about your question:

"Without modifying the RD values what is the best way to advertise both the routes from Route reflector to other PE devices."

OPTION 1
You can use add path capability, https://tools.ietf.org/html/rfc7911
As you know BGP only advertises the best path (by default), but if you enable add path capability between BGP peers they can advertise more paths (backup paths), not only the best path...This will solve your issue.
I know that you already know this point...and for sure you tried it.
But sadly I'm almost 100% sure that the problem is related with IOS(-XE) devices. IOS(-XE) devices negotiate this capability (rfc7911) correctly at each address family (ipv4, vpnv4, etc...) but the feature only works with ipv4 address family. This feature does not work with vpnv4 for example. Thus, if your environment contains IOS(-XE) RRs that work with vpnvx, the backup paths will not be advertised even with this capability correctly negotiated. Only the best paths will be advertised.
I did not find any information about this limitation, but in all my setups (even with IOS-XE versions 17.x) this does not work.
On the contrary, if the RRs are XR (the RR clients can be XR or IOS-XE) the advertisements of multiple paths (backups or mpath) works like a champion for vpnvx address family too.
OPTION 2
If the OPTION 1 is not possible, because RR devices are IOS(-XE) another option is the use of Diverse Path:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_bgp/configuration/xe-16/irg-xe-16-book/irg-diverse-path.html
Please review the feature and restrictions.
The basic idea is to use one RR to advertise backup paths. I tested it in lab several times and it works, with vpnvx address families too.

OPTION -1 (REMEMBER)
All this work is more relevant if the edge device (PE) that learn the routes from RRs uses those routes. In other words, it is highly recommendable to configure BGP PIC at PE in order maintain a backup prefix ready to use.

Regards and good luck!