Antoine unicasted this to me, but gave me permission to repost it here. I was missing the forest for the trees -- we can use normal AS_PATH prepending and Local_Pref to force routers to use the MPLS link before the backup link. I was thinking way too much about MPLS VPN and not near enough about how the BGP Path Selection process!
See his reply below... Keller Giacomarro [email protected] On Tue, Oct 9, 2012 at 3:31 AM, Antoine Monnier <[email protected]>wrote: > The " eBGP > iBGP" rule is way down in the list of rules for the BGP > Best Path selection algorithm, you can tweak other parameters to make > sure the PEs will select the iBGP routes over the eBGP routes. > > I just labed it and it is working fine : using as-path prepending > outbound and local-preference inbound, the CEs prefer to go through > the MPLS backbone to reach each other routes than to go through their > back-to-back backdoor link. When the link to the MPLS network is down, > they use the backdoor link. > > > My topology : > R3 (PE1) -------- R1 (PE2) > | | > | | > R2 (CE1) -------- R5 (CE2) > > > The PEs have standard configs, apart from as-override being configured > towards the CEs. > > > ============= R2 =========================== > int loop222 > ip add 2.2.2.2 255.255.255.0 > > router bgp 65535 > neighbor 155.1.25.5 remote-as 65535 > neighbor 155.1.25.5 next-hop-self > network 2.2.2.0 mask 255.255.255.0 > > neighbor 155.1.23.3 remote-as 100 > neighbor 155.1.23.3 route-map TO_PE out > neighbor 155.1.23.3 route-map FROM_PE in > > > access-list 1 permit host 0.0.0.0 > > route-map TO_PE permit 10 > match ip next-hop 1 > > route-map TO_PE permit 20 > set as-path prepend 65535 > > > route-map FROM_PE permit 10 > set local-preference 200 > > > > ============= R5 =========================== > int loop555 > ip add 5.5.5.5 255.255.255.0 > > router bgp 65535 > neighbor 155.1.25.2 remote-as 65535 > neighbor 155.1.25.2 next-hop-self > network 5.5.5.0 mask 255.255.255.0 > > neighbor 155.1.15.1 remote-as 100 > neighbor 155.1.15.1 route-map TO_PE out > neighbor 155.1.15.1 route-map FROM_PE in > > > access-list 1 permit host 0.0.0.0 > > route-map TO_PE permit 10 > match ip next-hop 1 > > route-map TO_PE permit 20 > set as-path prepend 65535 > > > route-map FROM_PE permit 10 > set local-preference 200 > > > > > > > > > > On Tue, Oct 9, 2012 at 3:14 AM, Keller Giacomarro <[email protected]> > wrote: > > You would think metric/AS_PATH manipulation would help, but nope. > Here's my > > understanding of what's going on. > > > > PE1 -------- PE2 > > | | > > | | > > CE1 -------- CE2 > > > > Running MP-BGP between PE1 and PE2 for MPLS VPN services. Running BGP > > between CE1 and CE2 as the internal routing protocol. > > PE1 is eBGP peer with CE1. > > PE2 is eBGP peer with CE2. > > PE1 is iBGP peer with PE2. > > CE1 is iBGP peer with CE2. > > > > In this configuration, the path between CE1 and CE2 will always be > > preferred. You would THINK that the eBGP path into the MPLS cloud would > be > > preferred (eBGP > iBGP), but it's not. > > > > CE1 injects a route into BGP. It is advertised to CE2 via iBGP, which > > installs it. CE1 and CE2 both advertise the route to their eBGP > neighbors > > of PE1 and PE2. Both PE routers install the route and advertise it to > one > > another. > > > > The gotcha is what happens now. The routes shared between the PEs is > iBGP. > > Since eBGP > iBGP, both PE routers prefer the routes towards their > > respective CEs. > > > > The result is that the CE routers share the prefix between them, but > neither > > receives it from their PE neighbor. The only path the CEs can take is > via > > the path between them. No amount of metric manipulation can choose a > route > > that the CEs are not receiving. > > > > Now, if the CE1 to CE2 link DOES go down, CE2 will end up learning the > route > > via the MPLS cloud...once the route propagates. PE2 will have to > > recalculate BGP, decide to prefer the (now only) path towards PE1 to get > to > > the prefix, then pass the route on to CE2. > > > > Regardless, I don't know of any way (besides doing a lot of manual route > > filtering based on which routes are in the routing table) of making this > > setup prefer the MPLS path and use the CE1 to CE2 link only as backup. > > > > This is my understanding, feel free to tell me how wrong I am. =) > > > > Keller Giacomarro > > [email protected] > > > > > > > > On Mon, Oct 8, 2012 at 1:09 PM, Antoine Monnier < > [email protected]> > > wrote: > >> > >> I would have thought that you should be able to influence the PEs' > >> decision using the usual tool such as AS-path prepending, MED, etc > >> > >> I haven't labed it but the scenario you describe does not seem > >> different than the case where you have dual CEs at the same site but > >> you want all traffic to enter the site from one specific CE, and we > >> use as-path prepending on the backup CE to handle that. > >> In your case, each CE should prepend the routes from the other CE > >> towards its own PE. > >> > >> Then configure your CEs to prefer the routes through the MPLS backbone > >> by setting local-preference inbound when routes are received from the > >> PEs. At this stage, each CE will stop advertising the other CE's > >> prefix towards the PE since it itself choose the path towards the PE > >> as the Best Path. > >> > >> > >> > >> > >> On Mon, Oct 8, 2012 at 10:17 AM, Keller Giacomarro <[email protected]> > >> wrote: > >> > Right -- no pure BGP solution? > >> > > >> > Keller Giacomarro > >> > [email protected] > >> > > >> > > >> > On Mon, Oct 8, 2012 at 3:16 AM, WFT <[email protected]> wrote: > >> > > >> >> > >> >> Two sites, same ASN, with backdoor (backup-only) link > >> >> - ?? > >> >> > >> >> > use sham-links with ospf > >> >> > use bgp extended cost community with eigrp > >> >> > >> >> Sent from my iPhone > >> >> > >> >> On Oct 8, 2012, at 5:18 AM, Keller Giacomarro <[email protected]> > >> >> wrote: > >> >> > >> >> > Two sites, same ASN, with backdoor (backup-only) link > >> >> > - ??? > >> >> > >> > _______________________________________________ > >> > For more information regarding industry leading CCIE Lab training, > >> > please visit www.ipexpert.com > >> > > >> > Are you a CCNP or CCIE and looking for a job? Check out > >> > www.PlatinumPlacement.com > >> > > >> > http://onlinestudylist.com/mailman/listinfo/ccie_rs > > > > > _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com http://onlinestudylist.com/mailman/listinfo/ccie_rs
