Hot!ADVPN with SDWAN - BGP route filtering and manipulation

Author
Mattmans1
New Member
  • Total Posts : 6
  • Scores: 0
  • Reward points: 0
  • Joined: 2017/10/05 13:38:02
  • Status: offline
2018/03/04 11:32:10 (permalink)
0

ADVPN with SDWAN - BGP route filtering and manipulation

Hi all,
 
I have quite a complex issue with BGP and how to manipulate a specific path selection.
 
So i have an ADVPN topology with one hub and  two spokes, the Hub and spokes have two WAN connections each, the primary WAN connection is using ADVPN so the two spokes can have a direct tunnel, the second WAN connection has ADVPN turned off but has an IBGP peer back to the Hub so the Hub can use IBGP multipath, its there so the spokes have two equal cost paths to the Hubs DC networks, i then built an SDWAN over these two equal cost paths for the policy routes it uses.
 
The issue i have run into is around the spokes are advertising their LAN networks to the hub, each spoke advertises it twice (once over wan1 and wan2). 
 
Spoke A LAN is 192.168.2.0/24
Spoke B Lan is 192.168.3.0/24
Hub local network is 192.168.10.0/24
 
FYI: The Hub is configured as a route reflector for WAN1 and WAN2.
 
I need both routes to each LAN to be in the routing table at the same time (using IBGP multipath) which works but my BGP table prefers 192.168.2.0 (SpokeA) over WAN1 and 192.168.3.0 (SpokeB) over WAN2 - These networks get advertised to other spokes and the return path is asynchronous in this case, i need my BGP table to pick WAN1 routes for all spokes (10.10.10.0/30) as the best path as this is the path it advertises to other ADVPN spokes, it must pick it with the > so the other multi-path routes stay in the routing table, this is important for return traffic for the SDWAN when the spokes access the Hubs local networks.
 
I have tried filtering with route maps with local pref, weight and metric but these just pick the best path and the other multipath routes are no longer in the routing table, in this case the ADVPN works but the SDWAN does not.
 
 
How can i manipulate the hubs BGP table to pick the best path whilst leaving all the multi-path routes in the routing table, the best path route will be the one with the > and will be advertised to all the ADVPN spokes.  Can anyone advise what path algorithm BGP is using in this case below to pick the best paths to 192.168.2.0 and 192.168.3.0?
 
 
HUB-B # get router info bgp network
BGP table version is 5, local router ID is 10.10.10.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
 
   Network          Next Hop            Metric LocPrf Weight Path
*>i192.168.2.0      10.10.10.2               0    100      0 i
* i                         20.20.20.2               0    100      0 i
*>i192.168.3.0      20.20.20.3               0    100      0 i
* i                         10.10.10.3               0    100      0 i
*> 192.168.10.0     0.0.0.0                       100  32768 i


 
 
HUB-B # get rouer infrouting-table bgp
B       192.168.2.0/24 [200/0] via 10.10.10.2, WAN1ADVPN_0, 00:16:15
                                [200/0] via 20.20.20.2, MPLSADVPN_1, 00:16:15
B       192.168.3.0/24 [200/0] via 20.20.20.3, MPLSADVPN_0, 00:21:49
                                [200/0] via 10.10.10.3, WAN1ADVPN_1, 00:21:49
 
thanks.
 
Matt
#1

3 Replies Related Threads

    ericli_FTNT
    Gold Member
    • Total Posts : 127
    • Scores: 4
    • Reward points: 0
    • Joined: 2018/02/08 11:12:27
    • Status: offline
    Re: ADVPN with SDWAN - BGP route filtering and manipulation 2018/03/13 18:06:48 (permalink)
    0
    Hi Matt,
     
    Thanks for reporting! For BGP route selection, in your case, if you wanted to select one route over the other route, you could configure BGP like this: (ADVPN doesn't impact route selection so it could be treated as a normal link)
     
    FGT_C (vdom1) # sh router bgp
    config router bgp
        set as 65001
        set router-id 1.1.1.1
        set ibgp-multipath enable
        config neighbor
            edit "192.168.0.2"
                set next-hop-self enable
                set remote-as 65001
                set route-map-in "192.168.0.1-weight" <<<<<<<<<<<< apply a route-map for one of your neighbors
                set route-map-out "192.168.0.1"
                set route-reflector-client enable
            next
            edit "192.168.1.2"
                set next-hop-self enable
                set remote-as 65001
                set route-reflector-client enable
            next
            edit "192.168.2.2"
                set next-hop-self enable
                set remote-as 65001
                set route-reflector-client enable
            next
            edit "192.168.3.2"
                set next-hop-self enable
                set remote-as 65001
                set route-reflector-client enable
            next

    .

    .

    .

    .

    .

    .

    FGT_C (vdom1) # sh router route-map 192.168.0.1-weight <<<<<<<<<<<<This is the route map.
    config router route-map
        edit "192.168.0.1-weight"
            config rule
                edit 1
                    set set-weight 10
                next
            end
        next
    end

    ...

     
    So in BGP table, you will see:
     
    FGT_C (vdom1) # get router info bgp network
    BGP table version is 3, local router ID is 1.1.1.1
    Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
                  S Stale
    Origin codes: i - IGP, e - EGP, ? - incomplete

       Network Next Hop Metric LocPrf Weight Path
    *>i192.169.1.0 192.168.0.2 0 100 10 i
    * i 192.168.1.2 0 100 0 i
    *>i192.169.2.0 192.168.3.2 0 100 0 i
    * i 192.168.2.2 0 100 0 i

    Total number of prefixes 2

     
    For the prefix 192.169.1.0/24, the primary gateway is 192.168.0.2. See the weight is 10 here. So only this entry could get into the routing table.
    Once this link failed, the traffic would fail over to the other link, which goes to 192.168.1.2 as next-hop.
     
    I wish I answered your question. Please let me know if you have any other concern about the BGP route selection.
     
    #Test topology and complete configuration sample is available upon request.
     
    post edited by ericli_FTNT - 2018/03/14 11:32:41
    #2
    stanislav.timofeev
    New Member
    • Total Posts : 8
    • Scores: 2
    • Reward points: 0
    • Joined: 2017/12/08 01:45:57
    • Status: offline
    Re: ADVPN with SDWAN - BGP route filtering and manipulation 2019/04/03 07:58:05 (permalink)
    0
    Hi. Could you please share topology and configuration files ?
    For now I see one issue that is not resolved - asynchronous paths with iBGP. To fix it I've used route-map on each spoke with "set set-ip-nexthop" for each peering IP address.
    Interested - how did you implement sd-wan and advpn in your topology.
     
    Thank you in advance.
     
     

    NSE 8 #003249, FCT, CCSE, CompTIA CTT+
    #3
    Frank
    New Member
    • Total Posts : 3
    • Scores: 2
    • Reward points: 0
    • Joined: 2014/11/03 05:00:07
    • Location: the Netherlands
    • Status: offline
    Re: ADVPN with SDWAN - BGP route filtering and manipulation 2019/07/08 05:07:44 (permalink)
    0
    The solution for asynchronous paths is:
    -change "remote-ip" from a /24 to a /32 at the ADVPN interfaces
    -make one ADVPN interface preferred for both/all overlay networks using static routes (I used the same distance, but different prio)
    #4
    Jump to:
    © 2019 APG vNext Commercial Version 5.5