Some of the e-mails and comments I received after writing the “Changing VPNv4 route attributes” post illustrated common MPLS/VPN misconceptions, so it’s worth addressing them in a series of posts. Let’s start with the simplest scenario: load
balancing toward a multi-homed customer site. We’ll use a very simple MPLS/VPN network with three customer sites, four CE-routers, four PE-routers a route reflector:
Let’s assume that we use the default MPLS/VPN RT/RD design rules: one RD and one import/export RT per simple VPN. The IPv6 (or IPv4) default routes received by PE-A and PE-B are transformed into VPNv6 (or VPNv4) routes ([RD]::/0 or RD:0.0.0.0/0) and sent to RR.
RR receives two identical VPNv6 (or VPNv4) routes from two sources (PE-A and PE-B), installs both of them in its BGP table, selects the best one and sends the best one to the other BGP neighbors. PE-C and PE-D thus receive only a single default route and forward all traffic toward PE-A or PE-B (based on the decision BGP made on RR). There is absolutely no way to change the RR behavior – it’s one of those BGP rules that nobody wanted to touch (yet): only the best routes in the BGP table are propagated to BGP neighbors.
The above statement is not entirely correct – the BGP Best External feature is violating that rule and advertising best external route even when better internal route exists.
To enable PE-C and PE-D to forward traffic toward PE-A and PE-B, you have to make the two default routes somehow different. The only trick that works is changing the RD on one of them:
- PE-A advertises the default route received from CE-A as [RD1]::/0 (or RD1:0.0.0.0/0)
- PE-B advertises the default route received from CE-B as [RD2]::/0 (or RD2:0.0.0.0/0)
- RR receives two different routes (within the VPNv6 address family, [RD1]::/0 and [RD2]::/0 are different routes) and propagates both of them to PE-C and PE-D.
- PE-C and PE-D receive both routes and import both of them into the same VRF (remember: imports are based on RT, not RD) , enabling true load sharing toward PE-A and PE-B.
You have to configure BGP load sharing with the maximum-paths ibgp number router configuration command within the IPv4 VRF address family on PE-C and PE-D, otherwise they will not insert more than one BGP route into the VRF IP routing table (even though two routes are present in the BGP table).
If you were not familiar with this trick and plan to implement MPLS/VPN networks, I would strongly recommend reading my MPLS and VPN Architectures book (based on the technologies you want to implement, you might want to read Volume 2 as well). Definitive MPLS Network Designs is also a good choice if you’re involved in MPLS network design.