Re: Advertising the same networks from different datacenters into BGP WAN

waqas gondal · ‎08-15-2019

Hello,

I have 2 datacenters in separate geographical locations. Between them is a direct layer 2 link which is used for a VXLAN.

Each site also has an MPLS WAN with BGP multihoming to 2 service providers for redundancy. What I would like to do is advertise the same subnets for the VXLAN from both datacenters onto the MPLS through BGP with a metric to prefer one datacenter for some routes and the secondary datacenter for other routes.

This way if we lose the primary datacenter BGP would automatically route traffic to the secondary datacenter without manual changes.

What would be the best way to achieve this?

Thanks,

Waqas

Richard Burts · ‎08-15-2019

As long as both data centers have a connection and can communicate separate from the link that they use for BGP then advertising the same networks from both data centers should be ok. The usual way to make a route preferred when advertising in BGP is to prepend the advertisement of the route should should be secondary. That way the advertisement of the primary route has your AS number once and the advertisement of the secondary route has your AS number multiple times.

HTH

Rick

HTH

Rick

waqas gondal · ‎08-16-2019

Thanks Richard,

Is there an example I could follow for this?

Say I have the primary datacenter with AS 65200 and secondary datacenter AS 65300

They both need to advertise 10.1.0.0/16 and 10.2.0.0/16. The primary datacenter will advertise 10.1.0.0/16 as the preferred path and 10.2.0.0/16 as the lesser preferred path. The secondary datacenter will advertise 10.1.0.0/16 as the lesser preferred path and 10.2.0.0/16 as the preferred path.

What would the route map look like and how would it apply to the neighbor in the inbound or outbound?

Georg Pauwen · ‎08-16-2019

Hello,

the AS path prepend configuration for your secondary data site would look like below (you need to apply the route map to both neighbors), however, I wonder if this will work. How are the two sites connected exactly ? It might be easier to simply apply policy based routing with a next hop verify availability parameter. Can you share the configs of both the connecting routers at each site ?

route-map AS_PATH permit 10
match ip address prefix-list LOCAL_NETWORKS
set as-path prepend 65300
!
neighbor x.x.x.x route-map AS_PATH out
neighbor y.y.y.y route-map AS_PATH out
!
ip prefix-list LOCAL_NETWORKS seq 5 permit 10.1.0.0/16
ip prefix-list LOCAL_NETWORKS seq 10 permit 10.2.0.0/16

waqas gondal · ‎08-16-2019

Hi Georg,

Here is what our config looks like:

Primary DC:

route-map NO-EXPO permit 10
set community no-export

ip as-path access-list 10 permit ^$

router bgp 65200
bgp router-id x
bgp always-compare-med
bgp log-neighbor-changes
timers bgp 15 45
!
address-family ipv4
redistribute eigrp 100
neighbor ISP1 peer-group
neighbor ISP1 remote-as 65001
neighbor ISP1 fall-over
neighbor ISP1 default-originate
neighbor ISP1 advertisement-interval 5
neighbor ISP1 soft-reconfiguration inbound
neighbor ISP2 peer-group
neighbor ISP2 remote-as 16696
neighbor ISP2 fall-over
neighbor ISP2 default-originate
neighbor ISP2 advertisement-interval 5
neighbor ISP2 soft-reconfiguration inbound
neighbor ISP2 route-map NO-EXPO in
neighbor ISP2 filter-list 10 out

Secondary DC:

router bgp 65300
bgp router id x
neighbor ISP1 remote-as 65001
neighbor ISP2 remote-as 16696
redistribute eigrp x
redistribute ospf x
redistribute static

The NO-EXPO and filter list were there to prevent our device from becoming a transit between MPLS providers. That config will be applied to the secondary DC shortly.

The primary DC will be the preferred path for 10.1.0.0/16 and backup path for 10.2.0.0/16

The secondary DC will be the preferred path for 10.2.0.0/16 and backup path for 10.1.0.0/16

Thanks,

Waqas