03-18-2011 09:23 AM - edited 03-04-2019 11:47 AM
Hello
I have a design secnerio and would appreciate like some opnions that could help me arrive to a conclusion..
My company are deciding to add CE devices into our network that we will be managing and that will provide an interface to our customer into our MPLS dual core network.
A total of 6 site are to be added to the network and each site consists of 2xCE.
Each CE will point to a PE that represents a core network blue /red.
PE1---CE1 ( Blue)
PE2---CE2 (Red)
PE-CE network, protocol to be used is BGP.
CE1-CE2 will also use IBGP
Only one VPN needs to be defined and i want to achieve an any to any network.
In each site the aim is to have only CE1-PE1 traffic flowing as a priority and in the event of a failure only then CE2-PE2 traffic will flow.
My questions are ..
What BGP mechanism can i use to achieve this from a best practice perspective ?
Should i use LOCAL_PREF , MED or WEIGHT ?
Should this be configured on the PE , CE or both ?
Also with regards to the new VPN service , i will need to assign 2xRD values each respresenting RED/BLUE
I know i can use 1 RT value and import/export on each PE to allow all the CE to receive traffic which is my objective
However again from a best practice perpective is it adviceable to have 1 RT or should i also have 2xRT values
Appreciate in advance any suggestions regarding these issues
Many thanks
Khurram
03-18-2011 05:15 PM
Hi Khuraam,
If you want to isolate the customers or subnets then you need to deploy two VPN's so you need to have 1 RD and RT per vrf unless you want to have overlapping VPN's where you need to have multiple RT's to export/imports prefixes from.
Your case is similar to something called MPLS VRF-Lite.Please check the below link for more info it
http://www.cisco.com/en/US/docs/ios/12_2sb/12_2sba/feature/guide/vrflite.html
My questions are ..
What BGP mechanism can i use to achieve this from a best practice perspective ?
Should i use LOCAL_PREF , MED or WEIGHT ?
Should this be configured on the PE , CE or both ?
In your case, you can use the standard BGP multihoming practices. You can choose for eg : CE1 to be the primary router and use local-pref for the incoming prefixes.. so that CE2 will prefer this for OUTBOUND traffic. For inbound traffic you can use AS-PATH prepend on the CE2 router so that the return traffic will come via CE1.
a sample config would look something like this on the CE1. You don't have to worry about the PE.
ip vrf BLUE
rd 100:100
route-target both 101:500
ip vrf RED
rd 101:101
route-target both 101:600
int gi0/0.100
description *** BLUE
ip address x.x.x.x
ip vrf forwarding BLUE
int gi0/0.101
description *** RED
ip address x.x.x.x
ip vrf forwarding RED
router bgp 65500
address-family ipv4
neighbor x.x.x.x remote-as 65001 << peering to the ISP
neighbor x.x.x.x route-map set-local-pref
neighbor y.y.y.y remote-as 65001 << peering to the ISP
neighbor y.y.y.y route-map set-local-pref
and create the route-map to set the local-pref to 200 or something.
Hope this helps,
Regards,
Kishore
Please rate if helpful
03-18-2011 06:45 PM
Hi,
In addition to what kishore said you also need to have route-map for affecting incoming traffic. With the config provided the return traffic from PE to CE
can go to any of the link (either RED or BLUE).
I would suggest you apply below route-map towards out from CE.
route-map AS-PATH-PREPEND permit 10
set as-path prepend 64520 64520 64520 > 64520 is AS number configured at CE end.
router bgp 64520
neighbor x.x.x.x route-map AS-PATH-PREPEND out
Regarding 2RD : you can use different RD for both vpn but it creates extra overhead on PE's since your vpn is any-to-any so both the vpn (if you have configured two different RD) will have identical routes, so in my opinion it is useless to configure two RD. Just go with single RD.
Regarding RT: since it is any-to-any better use single RT. Even if you need some change in future you can configure one more RT and can use it. (Don't worry RT is so flexible)
Regards
Mahesh
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: