Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
717
Views
0
Helpful
2
Replies

MPLS PE-CE BGP Design Question

khashmi
Level 1
Level 1

‎03-18-2011 09:23 AM - edited ‎03-04-2019 11:47 AM

Hello

I have a design secnerio and would appreciate like some opnions that could help me arrive to a conclusion..

My company are deciding to add CE devices into our network that we will be managing and that will provide an interface to our customer into our MPLS dual core network.

A total of 6 site are to be added to the network and each site consists of 2xCE.

Each CE will point to a PE that represents a core network blue /red.

PE1---CE1 ( Blue)

PE2---CE2  (Red)

PE-CE network, protocol to be used is BGP.

CE1-CE2 will also use IBGP

Only one VPN needs to be defined and i want to achieve an any to any network.

In each site the aim is to have only CE1-PE1 traffic flowing as a priority and in the event of a failure only then CE2-PE2 traffic will flow.

My questions are ..

What BGP mechanism can i use to achieve this from a best practice perspective ?

Should i use LOCAL_PREF , MED or WEIGHT ?

Should this be configured on the PE , CE or both ?

Also with regards to the new VPN service , i will need to assign 2xRD values each respresenting RED/BLUE

I know i can use 1 RT value and import/export on each PE to allow all the CE to receive traffic which is my objective

However again from a best practice perpective is it adviceable to have 1 RT or should i also have 2xRT values

Appreciate in advance any suggestions regarding these issues

Many thanks

Khurram

Labels:
0 Helpful
2 Replies 2

Kishore Chennupati
Level 7
Level 7

‎03-18-2011 05:15 PM

Hi Khuraam,

If you want to isolate the customers or subnets then you need to deploy two VPN's so you need to have 1 RD and RT per vrf unless you want to have overlapping VPN's where you need to have multiple RT's to export/imports prefixes from.

Your case is similar to something called MPLS VRF-Lite.Please check the below link for more info it

http://www.cisco.com/en/US/docs/ios/12_2sb/12_2sba/feature/guide/vrflite.html

My questions are ..
What BGP mechanism can i use to achieve this from a best practice perspective ?
Should i use LOCAL_PREF , MED or WEIGHT ?
Should this be configured on the PE , CE or both ?

In your case, you can use the standard BGP multihoming practices. You can choose for eg : CE1 to be the primary router and use local-pref for the incoming prefixes.. so that CE2 will prefer this for OUTBOUND traffic. For inbound traffic you can use AS-PATH prepend on  the CE2 router so that the return traffic will come via CE1.

a sample config would look something like this on the CE1. You don't have to worry about the PE.

ip vrf BLUE

rd 100:100

route-target both 101:500

ip vrf RED

rd 101:101

route-target both 101:600

int gi0/0.100

description *** BLUE

ip address x.x.x.x

ip vrf forwarding BLUE

int gi0/0.101

description *** RED

ip address x.x.x.x

ip vrf forwarding RED

router bgp 65500

address-family ipv4

neighbor x.x.x.x remote-as 65001   <<  peering to the ISP

neighbor x.x.x.x route-map set-local-pref

neighbor y.y.y.y remote-as 65001   <<  peering to the ISP

neighbor y.y.y.y route-map set-local-pref

and create the route-map to set the local-pref to 200 or something.

Hope this helps,

Regards,

Kishore

Please rate if helpful

0 Helpful

Mahesh Gohil
Level 7
Level 7

‎03-18-2011 06:45 PM

Hi,

In addition to what kishore said you also need to have route-map for affecting incoming traffic. With the config provided the return traffic from PE to CE

can go to any of the link (either RED or BLUE).

I would suggest you apply below route-map towards out from CE.

route-map AS-PATH-PREPEND permit 10

set as-path prepend 64520 64520 64520     > 64520 is AS number configured at CE end.

router bgp 64520

neighbor x.x.x.x route-map AS-PATH-PREPEND out

Regarding 2RD : you can use different RD for both vpn but it creates extra overhead on PE's since your vpn is any-to-any so both the vpn (if you have configured two different RD) will have identical routes, so in my opinion it is useless to configure two RD. Just go with single RD.

Regarding RT: since it is any-to-any better use single RT. Even if you need some change in future you can configure one more RT and can use it. (Don't worry RT is so flexible)

Regards

Mahesh

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card