Some of the e-mails and comments I received after writing the “Changing VPNv4 route attributes” post illustrated common MPLS/VPN misconceptions, so it’s worth addressing them in a series of posts. Let’s start with the simplest scenario: load
balancing toward a multi-homed customer site. We’ll use a very simple MPLS/VPN network with three customer sites, four CE-routers, four PE-routers a route reflector:
Let’s assume that we use the default MPLS/VPN RT/RD design rules: one RD and one import/export RT per simple VPN. The IPv6 (or IPv4) default routes received by PE-A and PE-B are transformed into VPNv6 (or VPNv4) routes ([RD]::/0 or RD:0.0.0.0/0) and sent to RR.
RR receives two identical VPNv6 (or VPNv4) routes from two sources (PE-A and PE-B), installs both of them in its BGP table, selects the best one and sends the best one to the other BGP neighbors. PE-C and PE-D thus receive only a single default route and forward all traffic toward PE-A or PE-B (based on the decision BGP made on RR). There is absolutely no way to change the RR behavior – it’s one of those BGP rules that nobody wanted to touch (yet): only the best routes in the BGP table are propagated to BGP neighbors.
The above statement is not entirely correct – the BGP Best External feature is violating that rule and advertising best external route even when better internal route exists.
To enable PE-C and PE-D to forward traffic toward PE-A and PE-B, you have to make the two default routes somehow different. The only trick that works is changing the RD on one of them:
- PE-A advertises the default route received from CE-A as [RD1]::/0 (or RD1:0.0.0.0/0)
- PE-B advertises the default route received from CE-B as [RD2]::/0 (or RD2:0.0.0.0/0)
- RR receives two different routes (within the VPNv6 address family, [RD1]::/0 and [RD2]::/0 are different routes) and propagates both of them to PE-C and PE-D.
- PE-C and PE-D receive both routes and import both of them into the same VRF (remember: imports are based on RT, not RD) , enabling true load sharing toward PE-A and PE-B.
You have to configure BGP load sharing with the maximum-paths ibgp number router configuration command within the IPv4 VRF address family on PE-C and PE-D, otherwise they will not insert more than one BGP route into the VRF IP routing table (even though two routes are present in the BGP table).
If you’re considering MPLS/VPN deployment in your enterprise network, watch the Enterprise MPLS/VPN Deployment webinar.