Load Balancing Across Multiple MPLS/VPN Providers
Arnold sent me an interesting challenge: he’s using two MPLS/VPN providers, with most sites being connected to both providers. He’d like to load balance the inter-site traffic across all PE-CE links – an easy task if you’re using RIP, OSPF or EIGRP as the PE-CE routing protocol, but he happens to be using BGP.
The network diagram Arnold sent me
Cisco IOS implementation of BGP supports load balancing, both across multiple EBGP or IBGP paths (and even a combination of VPNv4 IBGP path and VRF EBGP paths), but it’s pretty picky – the BGP paths have to be almost identical, including the contents of the AS path list. BGP will not use alternate paths if they’re not passing through the same autonomous systems.
The default behavior usually makes sense. AS path length is a very coarse indicator of distance and often doesn’t relate well to expected performance.
You can use the (still undocumented) bgp bestpath as-path multipath-relax router configuration command to relax the path selection rules. After entering this command, the router compares the AS path lengths (they still have to be the same), not the actual content of the AS path attribute.
Caveats
- Make sure the uplinks have equal bandwidth and the upstream networks have comparable performance characteristics. Equal-cost load balancing across two unequal links or networks results in twice the performance of the worst-performing component.
- BGP routing process will consider only almost identical paths (same AS path length, local preference, origin code, MED, IGP metric).
- You cannot load-balance between an IBGP and an EBGP path (you might get forwarding loops). In the above diagram you cannot load balance between the edge routers in the regional office; IBGP-based load balancing has to be configured on core switches.
- You won’t see the effects of the bgp bestpath as-path multipath-relax command in the BGP table. BGP still selects one best path, but is willing to copy more than one path into the IP routing table (where you should see multiple entries for the same prefix).
- A BGP route reflector will not advertise more than one best path to its clients (unless you use BGP Add Paths functionality available in IOS XE 3.7S and IOS 15.3(1)T).
can you please explain how to achieve load sharing. i am using the same kind of network. but we are using both the links as " Primary - secondary" . Please help us to use both the links efficiently to get better throughput
Hmm ... maybe I should do a short video explaining these concepts ;)
sorry if the context of my comment wasn't clear
Moreover, you may achieve load-blancing on the Regional Office providing a back to back link between the CE and using multipath eibgp in a VRF lite context on the VRRP/HSRP master CE.
Also, for EIBGP multipath you need MPLS forwarding toward IBGP next hop and MPLS label attached to the IBGP route (that's the only way to prevent forwarding loops), so I don't think VRF lite context is enough; you'd probably need full-blown MPLS/VPN.
A potential alternate may be to use Traffic Engineering to move certain traffic patterns to the second provider such as backups, bulk transfers, email, internet access, etc.
additionally depending on the mpls carriers service offering the use of scavenger class for this traffic in the event of a link failure as part of a QoS policy may provide a more robust if admittedly more complex solution
(or if he's using a platform with multi-hop BFD, use that along with multi-hop BGP from spoke to hub, advertise prefixes to carriers with no-export. Either way, solve the AS-path problem and actually gain the resilience you thought you were buying with two carriers, in return for some possibly-annoying complexity)
Also read http://www.cs.washington.edu/education/courses/csep521/07wi/prj/matthew.pdf for "more" details.
I've not seen the second (although I have seen the first of his referenced papers), but I like very much a default position of assuming all L3VPN products are essentially Byzantine, if you care enough about your packet delivery.