cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
976
Views
20
Helpful
10
Replies

BGP-OSPF / MPLS Question

JORGE RODRIGUEZ
Level 10
Level 10

Need assistance in solving this

particular issue and would greatly appretiate your help.

Nothing is broken but instead need to learn what obtions I have in following situation, not strong on bgp.

Couple of months ago we migrated all of our sites from PRN cloud to MPLS, same provider.

All sites are working fine, just started to assess traffic and would like to tweak and tuned things around gradually for the better. I noticed a particular problem that would like to get some help on how to, before we were completly OSPF but things had to change with MPLS.

Currenlt have three mayor sites, SITE_1, SITE_2 and SITE_3.

Site_1 have 3Megs to MPLS cloud -

Site_2 have 45Megs to MPLS cloud -

Site 3 have 45Megs to MPLS Cloud -

Between Site_1 and Site_2 I have 100MEGS Metro Ethernet link between 6500 switches.

I have serveral server subnets in Site_1 that are advertized in bgp say subnet 10.3.1.0/24, users from Site_3 that access servers in Site 1 they come through Site_1 3MB pipe,I also advertize in Site_2 bgp the same net 10.3.1.0/24 but because 10.3.1.0/24 has lower metric in OSPF SIte_1 than SITE_3 access to 10.3.1.0/24 through Site_1 is always prefered path for all my sites, how could I make Site_2 the prefered path for my sites to use Site_2-45MGS-->100MEGS--> towards Site_1 as prefered over the 3MEGs pipe. Would I be able to do this through bgp distance parameters. Our bgp distance parameters currently configured was recommended by our MPLS provider for intial connectivity during MPLS migration.

Diagram attached.

Site_1,Site_2, and Site_3 Edge Router bgp/ospf config attached.

Thank you for your assistance, anything you can provide that can point me to the right track.

Rgds

Jorge

Jorge Rodriguez
1 Accepted Solution

Accepted Solutions

Hello Tim,

>> Since it works the MPLS guys must be removing or something

yes, PE routers typically use neighbor x.x.x.x as-override

the effect of this is that remote VPN site will see the advertisement as sent by AS provider with a prepending:

Show ip bgp

Network Next Hop Metric LocPrf Weight Path

*> 10.3.1.0/24 209.211.67.241 0 209 209 i

and the prefix will pass the BGP loop avoidance rule.

This is very handy because in this way service provider can provision a private AS number to all sites of a customer.

And provides scalability too in the signaling plane.

Best Regards

Giuseppe

View solution in original post

10 Replies 10

tdrais
Level 7
Level 7

One thing that has me somewhat concerned is that the as numbers you use at all your sites are the same but they are not all connected.

I guess I wonder why site 3 would take any route that has his own as-path in the path. This is standard BGP loop prevention.

Since it works the MPLS guys must be removing or something.

Now in the normal case on site 1 you could put in a route-map on the neighbor to the MPLS provider and prepend your own as-path for this subnet you want it to use site 2 for.

Since shortest as-path wins the mpls provider should prefer the prefix it learns from site 2 since it will be shorter. Now since it appears they do something with the as-path this may not work.

Your other option is to set the MED again using a route-map and access list on site 1 to a higher value than site 2. By default site 2 should be using 0 for he MED.

The final option is call the provider and have them set it up as a inbound rule on their router that connects to site 1 so site 2 is preferrred.

Hello Tim,

>> Since it works the MPLS guys must be removing or something

yes, PE routers typically use neighbor x.x.x.x as-override

the effect of this is that remote VPN site will see the advertisement as sent by AS provider with a prepending:

Show ip bgp

Network Next Hop Metric LocPrf Weight Path

*> 10.3.1.0/24 209.211.67.241 0 209 209 i

and the prefix will pass the BGP loop avoidance rule.

This is very handy because in this way service provider can provision a private AS number to all sites of a customer.

And provides scalability too in the signaling plane.

Best Regards

Giuseppe

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Jorge,

site 2 to site 1 communication look like to use already ospf 100 MAN link

show ip route for 10.3.1.0/24

O IA 10.3.1.0/24 [110/3] via 192.168.12.5, 21:38:59, GigabitEthernet0/1

If you want Site3 to route traffic for Site1 via Site2 you can use the MED concept and make the Site2 the preferred path.

Currently by redistributing OSPF into BGP at your CE routers the MED is a copy of OSPF cost to prefix so Site1 is preferred for its own prefixes.

You can make Site1's eBGP advertisements a backup by using a route-map on Site1

route-map rise_metric permit 10

set metric 5000

+

neighbor 65.xxx.yyy.137 route-map rise_metric out

after this Site3 should go to Site1's prefixes via Site2.

This for one direction is ok

For the other direction it needs some other thoughts.

I would suggest an iBGP session on the MAN link between site1 and site2.

You need to make Site1 to prefer iBGP paths via Site2 over eBGP paths via the provider PE and distance could be used for this.

Hope to help

Giuseppe

Tim / Giuseppe, thank you for your valuable imput, let me digest your answers but do look very promessing for solutions.

it is correct from SITE_2

O IA 10.3.1.0/24 [110/3] via 192.168.12.5, 21:38:59, GigabitEthernet0/1

but becuase SITE_1 comes up with 110/2 metric this is prefered

O IA 10.3.1.0/24 [110/2] via 10.3.254.2, 5w6d, GigabitEthernet0/0

I will look into your suggestions and come up with a script, will keep you posted .

Rgds

Jorge

Jorge Rodriguez

Giuseppe/Tim

I follow your suggestion Giuseppe utilizing your proposed script, it worked perfectly after clear ip bgp * site_1, after tracing routes and verifying test subnet completed the remaining server segments advertizements in site_2, path from all my sites including site_3 now go prefered path through site_2 45MG.

One more question, since SITE_1 3Meg link is sort of a backup link or at least will have less traffic , would there be any asymetric routing developed knowing there is another link out via site_1 3Megs? I dont think it would but I will keep my eyes opened for that.

Thank you both very much fo your assistance.

Bst Rgds

Jorge

Jorge Rodriguez

Giuseppe,

As suspected,I believe Im getting asymmetric routing behavior,the trace routes from any sites towards SITE_1 comes through SITE_2 -> SITE_1 fine, but had a user tested a 300Meg file copy to take 15 minutes as suppose to copying same file size to servers seating in SITE_2 takes 2 minutes, even though I have not confirm asymmetric routing yet I suspect the return traffic for the file copy is going out via 3MB SITE_1 edge MPLS router.

You have suggested iBGP session on the MAN link between site1 and site2,can you elaborate on this suggestion ?

If it turns out unwanted asymmetric routing I suppose I could force traffic out the same interface it came using floating static routes in SITE_1 core switch but I rather come up with a better solution instead of using floating routes.

Rgds

Jorge

Jorge Rodriguez

Hello Jorge,

I would verify if there is any MTU issue.

However,

site1

neighbor remote-as 65001

neighbor update-source loopM

neighbor weight 500

the opposite on Site2, maybe without the weight command or you can use the physical interface if you like

Providing a weight should make the BGP to choice the iBGP path over the eBGP in the BGP table as the best path without playing with distance

After having written the first post I was in doubt if the ospf adj could be enough to avoid asymmetric routing if site2 redistribute all BGP routes into OSPF it should be able to make site1 to use the MAN link but may be it depends also if redistribution really occurs (time could be a key factor in this multiple redistribution)

hope to help

Giuseppe

Giuseppe,

Thank you, will look into your suggestions.

Rgds

Jorge

Jorge Rodriguez

I've simulated something similar in a lab. One thing that's helped me was utilizing a backdoor statement. So in site 2 under bgp add a network statement under bgp as network 10.3.254.0 m 255.255.255.0 backdoor. That tells BGP to prefer the interior routing protocol.

Hope this helps, rate if it does,

JB

Thank you James for sharing your findings.

Jorge Rodriguez
Review Cisco Networking for a $25 gift card