BGP Best External Configuration to Advertise Backup Path
Table of Contents
- What is BGP Best External? ‹
- How to configure BGP Best External? ‹
- BGP Best External configured in MPLS L3VPN architecture ‹
- Download section ‹
What is BGP Best External?
If a router chooses an iBGP route as the best path to reach a destination which it can also reach via eBGP, then the router may stop advertising its eBGP route to iBGP neighbors, including to a Route Reflector. In a L3VPN MPLS network this can occur with primary and secondary PE routers that have routes to the same destination prefix.
In other words, within the MPLS core a single iBGP route may be advertised to a particular destination prefix (Site 2), even if there are two paths available (PE2 and PE3). This can lead to longer failover times in case the single best path is lost. The BGP Best External feature ensures that a PE router advertises its eBGP route to iBGP peers even if it prefers an iBGP route as the best path.
How to configure BGP Best External?
The BGP Best External feature is configured with the router configuration command bgp advertise-best-external. The command instructs BGP to advertise the best external backup path to iBGP neighbors, including the Route Reflector.
The following configuration is from a L3VPN MPLS PE router. As a result of the BGP Best External feature, R1 advertises its eBGP routes received from 10.0.0.1 (in VRF Green) to iBGP peers. This is done even if R1 actually prefers an iBGP (instead of the directly connected eBGP) route going through another PE router to reach neighboring AS 65002.
R1#show run | sec ^router bgp router bgp 65001 bgp router-id 1.1.1.1 bgp log-neighbor-changes neighbor 2.2.2.2 remote-as 65001 neighbor 2.2.2.2 update-source Loopback10 neighbor 2.2.2.2 next-hop-self neighbor 3.3.3.3 remote-as 65001 neighbor 3.3.3.3 update-source Loopback10 neighbor 3.3.3.3 next-hop-self ! address-family vpnv4 neighbor 2.2.2.2 activate neighbor 2.2.2.2 send-community extended neighbor 3.3.3.3 activate neighbor 3.3.3.3 send-community extended exit-address-family ! address-family ipv4 vrf Green bgp advertise-best-external neighbor 10.0.0.1 remote-as 65002 neighbor 10.0.0.1 activate exit-address-family
BGP Best External configured in MPLS L3VPN architecture
In the following example scenario, Site 1 and Site 2 are connected over an MPLS L3VPN. The CE router R6 in Site 2 has redundant PE connections. The primary PE is R5, this is the primary path to and from Site 2. In order to reach Site 2 from PE R5, the iBGP local preference is set to 200. In other words, the Route Reflector R9 prefers PE R5 because it has a better local preference value to Site 2 (compared to PE R8).
To ensure that PE R8 continues advertising the Site 2 iBGP (VPNv4) prefix to the RR R9, the BGP Best External feature is configured on PE R8. Each PE uses a different Route Distinguisher (RD).
Configuration:
R2 (PE)
R2#show run all | sec ^mpls ip$ mpls ip R2#show run | sec ^mpls mpls label range 200 299 mpls ldp router-id Loopback10 force R2#show run | sec ^vrf vrf definition Green rd 65100:1 ! address-family ipv4 route-target export 65100:1 route-target import 65100:2 route-target import 65100:3 exit-address-family R2#show run int Lo10 | sec int interface Loopback10 ip address 2.2.2.2 255.255.255.255 R2#show run int Gi0/0 | sec int interface GigabitEthernet0/0 description ** to CE R1 ** no ip address duplex auto speed auto media-type rj45 R2#show run int Gi0/0.10 | sec int interface GigabitEthernet0/0.10 description ** to CE R1 in VRF Green ** encapsulation dot1Q 10 vrf forwarding Green ip address 10.1.0.1 255.255.255.252 R2#show run int Gi0/1 | sec int interface GigabitEthernet0/1 description ** to R3 ** ip address 10.0.1.1 255.255.255.252 ip router isis duplex auto speed auto media-type rj45 mpls ip isis circuit-type level-2-only isis network point-to-point R2#show run | sec ^router router isis net 49.0010.0000.0000.0002.00 is-type level-2-only advertise passive-only metric-style wide log-adjacency-changes passive-interface Loopback10 router bgp 65100 bgp router-id 2.2.2.2 bgp log-neighbor-changes neighbor 10.1.0.2 remote-as 65001 neighbor 10.9.9.9 remote-as 65100 neighbor 10.9.9.9 update-source Loopback10 ! address-family ipv4 neighbor 10.1.0.2 activate neighbor 10.9.9.9 activate exit-address-family ! address-family vpnv4 neighbor 10.9.9.9 activate neighbor 10.9.9.9 send-community extended exit-address-family ! address-family ipv4 vrf Green network 10.1.0.0 mask 255.255.255.252 neighbor 10.1.0.2 remote-as 65001 neighbor 10.1.0.2 activate exit-address-family
R5 (PE)
R5#show run all | sec ^mpls ip$ mpls ip R5#show run | sec ^mpls mpls label range 500 599 mpls ldp router-id Loopback10 force R5#show run | sec ^vrf vrf definition Green rd 65100:2 ! address-family ipv4 route-target export 65100:2 route-target import 65100:1 route-target import 65100:3 exit-address-family R5#show run int Lo10 | sec int interface Loopback10 ip address 5.5.5.5 255.255.255.255 R5#show run int Gi0/0 | sec int interface GigabitEthernet0/0 description ** to CE R6 ** no ip address duplex auto speed auto media-type rj45 R5#show run int Gi0/0.10 | sec int interface GigabitEthernet0/0.10 description ** to CE R6 in VRF Green ** encapsulation dot1Q 10 vrf forwarding Green ip address 10.2.0.1 255.255.255.252 R5#show run int Gi0/1 | sec int interface GigabitEthernet0/1 description ** to R4 ** ip address 10.0.3.1 255.255.255.252 ip router isis duplex auto speed auto media-type rj45 mpls ip isis circuit-type level-2-only isis network point-to-point R5#show run | sec ^router router isis net 49.0010.0000.0000.0005.00 is-type level-2-only advertise passive-only metric-style wide log-adjacency-changes passive-interface Loopback10 router bgp 65100 bgp router-id 5.5.5.5 bgp log-neighbor-changes neighbor 10.9.9.9 remote-as 65100 neighbor 10.9.9.9 update-source Loopback10 ! address-family ipv4 neighbor 10.9.9.9 activate exit-address-family ! address-family vpnv4 neighbor 10.9.9.9 activate neighbor 10.9.9.9 send-community extended neighbor 10.9.9.9 route-map RMAP-IBGP-LOCPREF out exit-address-family ! address-family ipv4 vrf Green network 10.2.0.0 mask 255.255.255.252 neighbor 10.2.0.2 remote-as 65002 neighbor 10.2.0.2 activate exit-address-family R5#show run | sec ^route-map route-map RMAP-IBGP-LOCPREF permit 10 set local-preference 200
R8 (PE)
R8#show run all | sec ^mpls ip$ mpls ip R8#show run | sec ^mpls mpls label range 800 899 mpls ldp router-id Loopback10 force R8#show run | sec ^vrf vrf definition Green rd 65100:3 ! address-family ipv4 route-target export 65100:3 route-target import 65100:1 route-target import 65100:2 exit-address-family R8#show run int Lo10 | sec int interface Loopback10 ip address 8.8.8.8 255.255.255.255 R8#show run int Gi0/0 | sec int interface GigabitEthernet0/0 description ** to CE R6 ** no ip address duplex auto speed auto media-type rj45 R8#show run int Gi0/0.20 | sec int interface GigabitEthernet0/0.20 description ** to CE R6 in VRF Green ** encapsulation dot1Q 20 vrf forwarding Green ip address 10.3.0.1 255.255.255.252 R8#show run int Gi0/1 | sec int interface GigabitEthernet0/1 description ** to R7 ** ip address 10.0.5.1 255.255.255.252 ip router isis duplex auto speed auto media-type rj45 mpls ip isis circuit-type level-2-only isis network point-to-point R8#show run | sec ^router router isis net 49.0010.0000.0000.0008.00 is-type level-2-only advertise passive-only metric-style wide log-adjacency-changes passive-interface Loopback10 router bgp 65100 bgp router-id 8.8.8.8 bgp log-neighbor-changes neighbor 10.9.9.9 remote-as 65100 neighbor 10.9.9.9 update-source Loopback10 ! address-family ipv4 neighbor 10.9.9.9 activate exit-address-family ! address-family vpnv4 neighbor 10.9.9.9 activate neighbor 10.9.9.9 send-community extended exit-address-family ! address-family ipv4 vrf Green bgp advertise-best-external network 10.3.0.0 mask 255.255.255.252 neighbor 10.3.0.2 remote-as 65002 neighbor 10.3.0.2 activate exit-address-family
R9 (BGP RR)
R9#show run int Lo10 | sec int interface Loopback10 ip address 10.9.9.9 255.255.255.255 R9#show run int Gi0/0 | sec int interface GigabitEthernet0/0 description ** to R7 ** ip address 10.0.6.2 255.255.255.252 ip router isis duplex auto speed auto media-type rj45 isis circuit-type level-2-only isis network point-to-point R9#show run | sec ^router router isis net 49.0010.0000.0000.0009.00 is-type level-2-only advertise passive-only metric-style wide log-adjacency-changes passive-interface Loopback10 router bgp 65100 bgp router-id 10.9.9.9 bgp log-neighbor-changes neighbor 2.2.2.2 remote-as 65100 neighbor 2.2.2.2 update-source Loopback10 neighbor 5.5.5.5 remote-as 65100 neighbor 5.5.5.5 update-source Loopback10 neighbor 8.8.8.8 remote-as 65100 neighbor 8.8.8.8 update-source Loopback10 ! address-family vpnv4 neighbor 2.2.2.2 activate neighbor 2.2.2.2 send-community extended neighbor 2.2.2.2 route-reflector-client neighbor 5.5.5.5 activate neighbor 5.5.5.5 send-community extended neighbor 5.5.5.5 route-reflector-client neighbor 8.8.8.8 activate neighbor 8.8.8.8 send-community extended neighbor 8.8.8.8 route-reflector-client exit-address-family
R1 (CE)
R1#show run | sec ^vrf vrf definition Green rd 1:1 ! address-family ipv4 exit-address-family R1#show run int Gi0/0 | sec int interface GigabitEthernet0/0 description ** to Host1 ** no ip address duplex auto speed auto media-type rj45 R1#show run int Gi0/0.1 | sec int interface GigabitEthernet0/0.1 description ** to Host1 in VRF Green ** encapsulation dot1Q 1 native vrf forwarding Green ip address 192.168.1.2 255.255.255.0 R1#show run int Gi0/1 | sec int interface GigabitEthernet0/1 description ** to PE R2 ** no ip address duplex auto speed auto media-type rj45 R1#show run int Gi0/1.10 | sec int interface GigabitEthernet0/1.10 description ** to PE R2 VRF Green ** encapsulation dot1Q 10 vrf forwarding Green ip address 10.1.0.2 255.255.255.252 R1#show run | sec ^router router bgp 65001 bgp router-id 1.1.1.1 bgp log-neighbor-changes ! address-family ipv4 vrf Green network 192.168.1.0 neighbor 10.1.0.1 remote-as 65100 neighbor 10.1.0.1 activate exit-address-family
R6 (CE)
R6#show run | sec ^vrf vrf definition Green rd 1:1 ! address-family ipv4 exit-address-family R6#show run int Gi0/0 | sec int interface GigabitEthernet0/0 description ** to Host2 ** no ip address duplex auto speed auto media-type rj45 R6#show run int Gi0/0.1 | sec int interface GigabitEthernet0/0.1 description ** to Host2 in VRF Green ** encapsulation dot1Q 1 native vrf forwarding Green ip address 192.168.2.2 255.255.255.0 R6#show run int Gi0/1 | sec int interface GigabitEthernet0/1 description ** to PE R5 and R8 ** no ip address duplex auto speed auto media-type rj45 R6#show run int Gi0/1.10 | sec int interface GigabitEthernet0/1.10 description ** to PE R5 VRF Green ** encapsulation dot1Q 10 vrf forwarding Green ip address 10.2.0.2 255.255.255.252 R6#show run int Gi0/1.20 | sec int interface GigabitEthernet0/1.20 description ** to PE R8 VRF Green ** encapsulation dot1Q 20 vrf forwarding Green ip address 10.3.0.2 255.255.255.252 R6#show run | sec ^router router bgp 65002 bgp router-id 6.6.6.6 bgp log-neighbor-changes ! address-family ipv4 vrf Green network 192.168.2.0 neighbor 10.2.0.1 remote-as 65100 neighbor 10.2.0.1 activate neighbor 10.2.0.1 route-map RMAP-LOCPREF in neighbor 10.3.0.1 remote-as 65100 neighbor 10.3.0.1 activate exit-address-family R6#show run | sec ^route-map route-map RMAP-LOCPREF permit 10 set local-preference 200
R4
R4#show run all | sec ^mpls ip$ mpls ip R4#show run | sec ^mpls mpls label range 400 499 mpls ldp router-id Loopback10 force R4#show run int Lo10 | sec int interface Loopback10 ip address 4.4.4.4 255.255.255.255 R4#show run int Gi0/0 | sec int interface GigabitEthernet0/0 description ** to PE R5 ** ip address 10.0.3.2 255.255.255.252 ip router isis duplex auto speed auto media-type rj45 mpls ip isis circuit-type level-2-only isis network point-to-point R4#show run int Gi0/1 | sec int interface GigabitEthernet0/1 description ** to R3 ** ip address 10.0.2.2 255.255.255.252 ip router isis duplex auto speed auto media-type rj45 mpls ip isis circuit-type level-2-only isis network point-to-point R4#show run int Gi0/2 | sec int interface GigabitEthernet0/2 description ** to R7 ** ip address 10.0.4.1 255.255.255.252 ip router isis duplex auto speed auto media-type rj45 mpls ip isis circuit-type level-2-only isis network point-to-point R4#show run | sec ^router router isis net 49.0010.0000.0000.0004.00 is-type level-2-only advertise passive-only metric-style wide log-adjacency-changes passive-interface Loopback10
Host1
Host1#show run int Gi0/0 | sec int interface GigabitEthernet0/0 description ** to CE R1 ** ip address 192.168.1.1 255.255.255.0 duplex auto speed auto media-type rj45 Host1#show run | sec ^ip route ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 192.168.1.2
R9#show ip bgp vpnv4 all | beg Ne Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 65100:1 *>i 10.1.0.0/30 2.2.2.2 0 100 0 i *>i 192.168.1.0 2.2.2.2 0 100 0 65001 i Route Distinguisher: 65100:2 *>i 10.2.0.0/30 5.5.5.5 0 200 0 i *>i 192.168.2.0 5.5.5.5 0 200 0 65002 i Route Distinguisher: 65100:3 *>i 10.3.0.0/30 8.8.8.8 0 100 0 i *>i 192.168.2.0 8.8.8.8 0 100 0 65002 i « PE R8 advertises Site 2 prefix with loc pref 100 R2#show ip bgp vpnv4 all | beg Ne Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 65100:1 (default for vrf Green) *> 10.1.0.0/30 0.0.0.0 0 32768 i *>i 10.2.0.0/30 5.5.5.5 0 200 0 i *>i 10.3.0.0/30 8.8.8.8 0 100 0 i *> 192.168.1.0 10.1.0.2 0 0 65001 i * i 192.168.2.0 8.8.8.8 0 100 0 65002 i *>i 5.5.5.5 0 200 0 65002 i Route Distinguisher: 65100:2 *>i 10.2.0.0/30 5.5.5.5 0 200 0 i *>i 192.168.2.0 5.5.5.5 0 200 0 65002 i Route Distinguisher: 65100:3 *>i 10.3.0.0/30 8.8.8.8 0 100 0 i *>i 192.168.2.0 8.8.8.8 0 100 0 65002 i
The following are the same outputs from the RR R9 and the PE R2, but without the BGP Best External configuration on PE R8.
R9#show ip bgp vpnv4 all | beg Ne Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 65100:1 *>i 10.1.0.0/30 2.2.2.2 0 100 0 i *>i 192.168.1.0 2.2.2.2 0 100 0 65001 i Route Distinguisher: 65100:2 *>i 10.2.0.0/30 5.5.5.5 0 200 0 i *>i 192.168.2.0 5.5.5.5 0 200 0 65002 i Route Distinguisher: 65100:3 *>i 10.3.0.0/30 8.8.8.8 0 100 0 i R2#show ip bgp vpnv4 all | beg Ne Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 65100:1 (default for vrf Green) *> 10.1.0.0/30 0.0.0.0 0 32768 i *>i 10.2.0.0/30 5.5.5.5 0 200 0 i *>i 10.3.0.0/30 8.8.8.8 0 100 0 i *> 192.168.1.0 10.1.0.2 0 0 65001 i *>i 192.168.2.0 5.5.5.5 0 200 0 65002 i Route Distinguisher: 65100:2 *>i 10.2.0.0/30 5.5.5.5 0 200 0 i *>i 192.168.2.0 5.5.5.5 0 200 0 65002 i Route Distinguisher: 65100:3 *>i 10.3.0.0/30 8.8.8.8 0 100 0 i
The following is a comparison of BGP protocol convergence with and without the BGP Best External feature. On the PE router R2, BGP debugging is turned on for the VPNv4 address-family with the command debug ip bgp vpnv4 unicast updates.
R2#show log | beg Log Buffer Log Buffer (8192 bytes): BGP(4): 10.9.9.9 rcv UPDATE about 65100:2:10.2.0.0/30 -- withdrawn, label 524288 BGP(4): no valid path for 65100:2:10.2.0.0/30 BGP(4): 10.9.9.9 rcv UPDATE about 65100:2:192.168.2.0/24 -- withdrawn, label 524288 BGP(4): no valid path for 65100:2:192.168.2.0/24 BGP(4): no valid path for 65100:1:10.2.0.0/30 BGP(4): no valid path for 65100:1:192.168.2.0/24 BGP: topo Green:VPNv4 Unicast:base Remove_fwdroute for 65100:1:10.2.0.0/30 BGP: topo Green:VPNv4 Unicast:base Remove_fwdroute for 65100:1:192.168.2.0/24 BGP(4): 10.9.9.9 rcvd UPDATE w/ attr: nexthop 8.8.8.8, origin i, localpref 100, metric 0, originator 8.8.8.8, clusterlist 10.9.9.9, merged path 65002, AS_PATH , extended community RT:65100:3 BGP(4): 10.9.9.9 rcvd 65100:3:192.168.2.0/24, label 812 BGP(4): Revise route installing 1 of 1 routes for 192.168.2.0/24 -> 8.8.8.8(Green) to Green IP table ######################################################################################################################################### # # # # # Note: The above output shows when Best External is not configured. This means, when the redundant primary PE connection is lost, # # the route to Site 2 is flushed (Remove_fwdroute for 65100:1:192.168.2.0/24) on PE R2. It needs to be learned again, this is visible # # in the subsequent logs, which indicate that a BGP Update was received, with next-hop router 8.8.8.8 # # # # However, the following output shows when Best External is configured. In that scenario, the alternative/backup route to Site 2 # # is already known when the failure happens, so there is no need to flush the route, and receive it again via BGP Update. # # # # # ######################################################################################################################################### R2#show log | beg Log Buffer Log Buffer (8192 bytes): BGP(4): 10.9.9.9 rcv UPDATE about 65100:2:10.2.0.0/30 -- withdrawn, label 524288 BGP(4): no valid path for 65100:2:10.2.0.0/30 BGP(4): 10.9.9.9 rcv UPDATE about 65100:2:192.168.2.0/24 -- withdrawn, label 524288 BGP(4): no valid path for 65100:2:192.168.2.0/24 BGP(4): no valid path for 65100:1:10.2.0.0/30 BGP: topo Green:VPNv4 Unicast:base Remove_fwdroute for 65100:1:10.2.0.0/30 BGP(4): Revise route installing 1 of 1 routes for 192.168.2.0/24 -> 8.8.8.8(Green) to Green IP table