iBGP Multipath question

jean1 · ‎08-31-2019

Hello,

I would like to know how to choose multipath link when you use 4 wan access. (MPLS VPN)

On R5,R6,R7 ibgp multipath 2 is enable to load-sharing the traffic in direction of PE,1,2,3,4

I want to use only 2 active links (Red) and 2 backup links (Blue).

Here we can see load-sharing enable on two links :

R5#sh ip bgp
*>i 10.0.0.0/24 192.168.1.1 0 100 0 i

*mi 192.168.2.1 0 100 0 i
* i 192.168.3.1 0 100 0 i
* i 192.168.4.1 0 100 0 i

Here we can see multipath is enable link toward PE1 and PE2, and i want send taffic only to PE2, PE4.

How i can resolv this problem and it is possible to do it?

Giuseppe Larosa · ‎09-01-2019

Hello Jean1,

in your lab setup with default settings the tie breaker is the lowest BGP router-id.

The two paths via PE1 and PE2 are chosen for their lower BGP router-id.

In order to pick up the paths advertised by PE2 and PE4 you need to increase the local preference BGP attribute for the MP BGP VPNv4 prefixes advertised by PE2 and PE4.

Note: changing the IGP metric to next-hop would cause PE2 and PE4 to be preferred for all VPNv4 routes.

Example:

On PE2, PE4 we can increase the Local preference for prefix 10.0.0.0/8

ip prefix-list net10 permit 10.0.0.0/8

ip extcommunity 1 permit 65000:100

route-map RISE-LOCPREF-OUT permit 10

match ip address prefix net10

set extcommunity rt 65000:100

set local-preference 200

route-map RISE-LOCPREF-OUT permit 20

!

! empty last block to advertise other prefixes if present

vrf MULTIPE

export map RISE-LOCPREF-OUT

Hope to help

Giuseppe

jean1 · ‎09-01-2019

Hello Giuseppe,

Thank for the answer, i am agree with you, if i put a localpref of 200, the routing is correct.

Here i have two routes toward PE2 and PE4 with a load-sharing of 2.

R5#sh ip bgp
Network Next Hop Metric LocPrf Weight Path
*>i 10.0.0.0/24 192.168.2.1 0 200 0 i
*mi 192.168.4.1 0 200 0 i
* i 192.168.1.1 0 100 0 i
* i 192.168.3.1 0 100 0 i

But if link between PE2/CE2 fail, i would like that a backup link (P1 or P3) become active. (To keep 2 multipath )

And here when link PE2/CE2 fail, the routing table choose one path toward PE4 only due to localpref of 200.

R5#sh ip bgp
* i 10.0.0.0/24 192.168.4.1 0 200 0 i
* i 192.168.3.1 0 100 0 i
* i 192.168.1.1 0 100 0 i

Maybe for resolve my problem, i have to use bgp community and not multipath fonctionnality and it will be a static load balancing not dynamique ?

Giuseppe Larosa · ‎09-01-2019

Hello Jean1,

Ok at this point I would remove the rise of local-preference and I would use

ibgp multipath 4

I think it is the easier solution.

BGP community can be used to set the local preference inbound on the remote PE node, but they do not take part in BGP best path selection.

Hope to help

Giuseppe

jean1 · ‎09-03-2019

hello,

yes, i am agree, it is the best solution, but i can't use 4 active links, only two active links. (ibgp-multipath 2)

If P2 fail, P1 need to be active

if P4 fail, P3 need to be active.

But it's maybe impossible to do this, we can't choose the futur active links, if P2 or P4 fail, the next active link will be often the same cause or router-id (here P3)?

Giuseppe Larosa · ‎09-03-2019

Hello Jean,

>>if P2 fail, P1 need to be active

if P4 fail, P3 need to be active.

But it's maybe impossible to do this, we can't choose the futur active links, if P2 or P4 fail, the next active link will be often the same cause or router-id (here P3)?

May I ask you if this a real network scenario or you are doing a lab studying for some certification ?

Who decided that you cannot use ibgp-multipath 4 ?

To be able to propagate four different versions of prefix 10.0.0.0/8 you needed to use four different route distinguisher on PE1,PE2,PE3,PE4.

What happens if you used only two RDs values one on PE1,PE2 and one on PE3,PE4 ?

Only two prefixes are propagated by the route reflector server one for

VPNv4 prefix RD1:10.0.0.0/8

and one for VPNv4 prefix

RD2:10.0.0.0/8

However, with the assigned loopback addresses BGP router-ids PE1 is preferred over PE2 and PE3 is preferred over PE4.

If PE1 link to CE1 fails the PE2 route for RD1:10.0.0.0/8 will be selected as new best route and propagated by route reflector server.

Similarly if PE3-CE3 link fails PE3 withdraws its own prefix and PE4 originated RD2:10.0.0.0/8 is selected as best path and propagated.

However, there is a price to pay for this: the new route will not be immediately available to remote PE nodes.

For the way BGP works updates are not sent on demand, but the BGP scanner is used ( every 60 seconds in IPv4 unicast AF every 15 seconds in AF VPNv4) to verify if there are any changes.

Once the BGP RRS removes the old best and install the new best route it will prepare an update that will be sent to all clients but again not immediately.

When using four different RD values the remote PE nodes receive all available VPNv4 prefixes and if one fails it does not need to wait for the propagation of the backup path see above.

For this reason in real world I would use ibgp multipath 4.

In a lab exercise with a constraint of using ibgp multipath 2 you should play with RD values to create only two VPNv4 prefixes.

However, given your current BGP router-ids on PE1,PE2, PE3, PE4 you cannot achieve that behaviour by changing local preference to avoid the issues that you have seen.

So you should play with Cisco weight on RRS to select PE2 over PE1 and PE3 over PE4.

However, setting a neighbor weight on a route reflector server is not something I would do.

I have never tried this and I don't know if it is supported.

We are speaking of dirty tricks for lab exercises that are very far from real world networks.

Hope to help

Giuseppe