cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1755
Views
0
Helpful
6
Replies

BGP Redundant link configuration recommendation

jliow
Level 1
Level 1

I've subscribed 2 links going to the same MPLS provider. My local site AS number for this 2 link is the same.

I've intended to route certain subnets on link 1 and some others on link 2, which is a slower link. However I've noticed all subnets are routed through the slower links instead. Although I do see the correct routing happening at certain times only, but rather rare.

The hardware I have is 2 2691 routers and 2 3750 switches. Th connection I have is a 3MB link to 2691-R1 which is connected to 3750A. 2MB link is connected to 2691-R2, which is connected to 3750B. 3750A and 3750B is linked, both running EIGRP for local subnet distributions and the routers are running BGP to the MPLS provider.

I hope someone can give me a recommended solution or configuration advise

6 Replies 6

tdrais
Level 7
Level 7

You have to consider the inbound and outbound traffic as 2 separate issues.

If I read it correctly you are want traffic destined for subnet A to use link 1 and the subnet B to use link 2 as it leaves your local site.

With BGP there are lots of ways to solve the same problem. The more common one it to prepend your aspath on the routes as they come into the router for the routes you want the other router to be preferred on. So you would prepend you aspath on subnet B on router 1 and subnet A on router 2.

You must also run a IBGP session between them. Since ASPATH is very high on the list of the bgp decision tree both routers will agree on the correct link. With EIGRP involved you will see RIB failures for the IBGP routes in the bgp table but this is just redistribution working correctly. Your routing will still be fine.

Now your inbound routing is a little more complex. If you had a simple case of I want traffic between A and B to use link1 and between C and D to use link2 you can do it all with BGP.

In this case where C to A goes link1 and C to B goes link 2 is fine outbound. The router on the far side though will more than likely send all the traffic back to C on a single link.

This is the problem of source based routing at least from the far ends side. On the far end you want the traffic routed based on the source address rather than the destination address. The only way to do this is with policy routing. In your case it even worse in that you have a MPLS cloud in the middle. The far router cannot see the actual link. It is unlikely your MPLS provider will be willing to run policy routing.

There is no good solution to this. You could redefine you routing so you alway have A-B and C-D but it is tricky to split the local subnets when this is being done for traffic loads. You other option is to basically get rid of MPLS. You would build 2 tunnels over the MPLS cloud between your sites and run all the traffic though the tunnels. In effect 2 point to point lines. You now have control and can use policy based routing. This would bring up the question of why you have MPLS rather than another solution in the first place.

Yes, you've read the case correctly. MPLS was more of initial corporte direction. However the sites connectivity were relatively simple then. As business and site office consolidates, I now have to build a very large site. Figuring that a single BRI or PRI dial up link would never be sufficient, a dual path MPLS link would make more business sense.

Ok, I've also slipped something I shld have mentioned earlier. Link 1 and 2 back each other up. I've successfully implemented HSRP on the 3750 switch routing. Somehow I have the bulk incoming traffic coming in from link 1 and outgoing traffic concgregating on link 2. somewhat very different from what I intended. Might be the problem of source routing that I did not consider. Also this is the first time I'm trying out dual LInk on the same MPLS network, kinda not sure what else to do when the load behaves that way.

U've mentioned tunneling, its worth the try though, however my concern would be all traffic from other sites that wants to reach my site would have to go through the other tunnels end before reach over. This is somewhat not efficient. At present, domestic sites reaches my site diectly without going to a consolidated node, which is one of the reasons we switch to MPLS

There is a solution that is used when you need to encrypt over a mpls network and still want full mesh call dynamic multipoint vpn

http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a0080110ba1.html

Basially this a full mesh of tunnels that are created on demand. Now of course you could put in a full mesh of gre tunnels manually but in a large network the configuration become unmanagable.

Not sure I would do this unless I needed to encrypt the data. It is a way to take control back of the routing in a managed service network.

Sorta the problem with any managed service. You lose flexability under the theory that you save money. I just wish corporate people would look at the cost of managing the managed services.

The only other way to do something like this is to attempt to colocate your routers at the MPLS vendor

seems too complicated. Business decisions had be to decide on making the both link having same speed soon. If thats the case incoming traffic would not be too significant to me. How can I manage a outgoing traffic load?

Run bgp between the routers. Even though you use HSRP what will happen is the traffic will go to the hot router. If that router does not have the preferred path it will pass the traffic over to the other router.

Not the nicest path but it will cause little effect on the users. Normally you separate the user from your core routers and have a distribution or access switch acting as the HSRP. You then would route between the distribution switches and the core routers.

If I read it wrong that you do not run HSRP on these routers then when you redistribute the BGP routers into EIGRP it will all correctly router between them

Hi there,

its been a while. U are right that the routers are running BGP. I've got the 3750 switches running the EIGRP, HSRP implemented at the switch level.

Well I've been talking to the MLPS SP, basically I've also read up that if I do need to control the routing traffic paths, the PE router's needs to be configured with the Routing policy as well, or at least have a "community" member setup. Right now, the traffic down stream is still erratic, I've managed to push upstream traffic to the lesser utilised line, but thats not helping much.

In every sense looks like I'll need to get the PE BGP routing configured with the right routing policy, but I just don't know which one to adopt. Using the PREPEND AS method or community method

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: