Solved: Route Tagging to eBGP from MP-BGP

Douglas Oman · ‎08-30-2022

I’m going to start off by saying I am not sure how to ask or explain this fully, but I will try my best.

I have a MP-BGP network that is geographically dispersed with currently two egress points via eBGP on different sides of the network. Most of the PE routers have multiple connections to each other, but some are spurs with no redundant paths. The eBGP points are used to peer with our peering partners for internet access to a particular VRF lets call this the “Internet” VRF. This VRF is known by all PE’s and it is required that all Subnets and Prefixes on this VRF can freely talk to one another no matter which PE they are on.

On the eBGP routers which have eBGP sessions to the Internet VRF on two different PE which are also the RR for the network. The eBGP router injects routes into the Internet VRF but also receives the routes and prefixes from the internet VRF. We have some routing policies on the eBGP routers that will prepend the AS path out to our peering partners depending on the subnet. This is done because we have specific sides of the network in which we prefer inbound connections come into. This prepending of the AS is done manually now as there are not a lot of subnets to worry about, but we are starting to head in the direction of IPv6 and will be providing /48 prefixes to each endpoint thus we need a way to create dynamic policies. I was heading down the path of trying to create unique a “Tag” for prefixes and subnets learned locally on each PE, but after digging I am not sure this is the correct route to go and not sure if its even possible. I have tried to dig through documentation but cannot figure out how to implement something like this.

The end goal is to create policies on the two eBGP routers that will dynamically prepend the AS for routes/prefixes that are local to particular PE (Not learned by another). Ideally each PE would have a unique Tag. This list would be manual and based on a Tag or something of the sort (Except prefixes/subnets).

Any advise or assistance is greatly appreciated! If you need more information, please ask.

Douglas Oman · ‎09-15-2022

Alright all - I though I tried this before, but I must not have done it in this matter, but I was able to get this working the way I expected. Using the same route map I had above I simply added it to both address family's within the vrf definition as an export map.

Thank you all who have helped especially you @MHM Cisco World

View solution in original post

MHM Cisco World · ‎08-30-2022

simple draw can help us, so please can you draw the topology ?
also you mention RR, RR with eBGP ?

Douglas Oman · ‎08-30-2022

I'm getting ready to take off for the day so I will try to get a drawing tonight or early tomorrow. As far as the RR goes - No, the eBGP session is between the PE "Internet" VRF and Edge router. The PE/P acts as the RR for the rest of the MP-BGP cloud and both RR have a iBGP session between them. There are no standalone RR Servers in this network.

paul driver · ‎08-30-2022

Hello

@Douglas Oman wrote:

e end goal is to create policies on the two eBGP routers that will dynamically prepend the AS for routes/prefixes that are local to particular PE (Not learned by another). Ideally each PE would have a unique Tag. This list would be manual and based on a Tag or something of the sort (Except prefixes/subnets).

You could create an conditional

route-map

based on a

as-path

filter pertaining to the ASN origin and then pre-pend on that match.

Example match ASN10;


ip as-path access-list 1 permit _10$
route-map as-path-prepend
match as-path 1
set as-path prepend 10 10 10

router bgp xx
neigbour x.x.x.x route-map as-path-prepend in

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Douglas Oman · ‎08-31-2022

@paul driver

@MHM Cisco World

This would not work in this case. The MP-BGP cloud PE's all uses the same AS. I am not sure if it was clear in my original post, but the Edge routers are not running VRF's and everything (Except Mgmt) is on the global routing table. The eBGP session from the edge to the PE is in the internet vrf on the PE. I have attached a simple scaled down network drawing. Each PE has 5-100 client devices hanging off of it on the internet VRF and as stated before the prepend AS on the edge out to the peer is easy as we have /24's on the client facing side, but going forward with IPv6 we are planning on using DHCP-PD to the client and SLACC between the client device and PE. Managing the Prepend AS manually then becomes a nightmare so I need a way to distinguish which Prefixes are served from which PE to create a dynamic route map on the edge. This is where the problem is - I am not sure how to accomplish this task.

MHM Cisco World · ‎08-31-2022

from first view to your network and from what you mention,
you need Soo (site of origin ) which make each PE add special community to Prefix and then you can use it to match drop or modify in other PE.

also I run lab and update you.

Douglas Oman · ‎08-31-2022

Thanks for the information. Looking into soO - It appears that this is used with the

neighbor

command. Not sure how this would get configured on the PE's where the only bpg neighbors are to the route reflectors on the global routing table and not on the internet VRF.

Looking forward to the results of your lab and thank you very much!

MHM Cisco World · ‎09-01-2022

OK, I make small lab and then suddenly stop,
if we want to to advertise prefix from some PE we can use RT,
each VPNv4 have RT and you can import specific RT to your costumer.
are this suitable for you or there is notice on this idea ?

paul driver · ‎08-31-2022

Hello

@Douglas Oman wrote:
The end goal is to create policies on the two eBGP routers that will dynamically prepend the AS for routes/prefixes that are local to particular PE

I need a way to distinguish which Prefixes are served from which PE to create a dynamic route map on the edge.

So just to confirm and understand your requirment, you wish mark/classify prefixes orignating locally from each PE1/2 then advertsie this marking towards the edge 1/2 rtrs so then yoy can filter/trraffic engineer etc based on that marking?

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Douglas Oman · ‎09-01-2022

@paul driver

Yes, but not just PE1/2 rather all PE's

paul driver · ‎09-02-2022

Hello
So where would you want to filter this traffic, actually from the provider nerwork towards your customers rtrs or from the CE rtrs?

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Douglas Oman · ‎09-02-2022

The filtering would happen at the edge towards the Peering partners network

MHM Cisco World · ‎09-02-2022

We need to add attribute that can filter at the PE,
this attribute add to ingress and filter at egress PE,
you can use
1-RT
where we can do filter RT in Egress PE VRF
2- community
we can add community to each prefix advertise via VPNv4 in ingress PE
the egress PE will match this community permit it.

wait your reply for both op
I already run lab for you case to test the best solution

MHM Cisco World · ‎09-02-2022

As I inform you I run lab,
in R5 PE I connect to router different CE R2 & R8
I config VPNv4 iBGP between R4-R5
now I need R1 to only accept prefix from R2, how I do that?
for more complex I use same VRF and same RT that connect R5 to both R2 and R8.
Solution is :-
in R5 under the address family ipv4, I apply

route-map IN

to any prefix receive from R2
this

route-map IN

set community to value (in my lab I set it 1:200 )

in R4 under the address family ipv4, I apply

route-map OUT

to any prefix send to R1
the

route-map

match community 1:200

this make R4 PE only send prefix that match community 1:200 to R1.

check this solution.

Douglas Oman · ‎09-12-2022

Sorry for the delay getting back on here.

I am not sure this will work for what I am trying to do or I misunderstood how you are explain it. I will try to better explain what I am looking for. In your example R4, R3, R6, R7 & R5 would be part of the MPLS Cloud running vrf internet with all RD and RT the same on those routers (RD 111:111 – route target both 111:111). R1 & R2 are the internet edge routers with eBGP sessions with the peering partners as well as eBGP sessions with R4 & R5 to the internet VRF. Customer routers will be doing SLACC with any of the MPLS cloud routers on vlan 111 (R4, R3, R6, R7 & R5) – I am planning on using DHCP-PD to provide the customer routers an IPv6 prefix. I need a way to dynamically distinguish on R1 and R2 which MPLS router each of the provided prefixes are on so I can appropriately apply policies out to our peering partner. This need to be dynamic because customer prefixes could get moved around in the network and new prefixes may get added very often so manually adding prefixes to a route map would quickly become hard to manage. That’s why I was looing for a way to have each MPLS Router Mark or TAG the routes – One way I though about doing was to create multiple route-map statements applied to eBGP on R4 & R5 to R1 & R2 that matched on the global loopback address of each PE. The route maps then would set an Community or Ext Community or TAG for prefixes that matched each RM, but it looks like it is not supported to do that on an Outbound Route map

I hope this clears things up!