Routing specific Internal Networks out a specific Internet Gateway via a MPLS Network routing traffic via BGP

My Company has multiple locations on 3 continents (North America, South America and Europe).  All locations are connected to each other via AT&T provided MPLS links and routed via BGP.  We have a Data Center/HQ in each continent that acts as the Internet Gateway for all sub-locations within the three respective continents.  Since the the North American Data Center is our World HQ and the first site to go live on the AT&T MPLS WAN, it's Internet Gateway is being advertised as the prefered default gateway via BGP.  The Data Center locations in Europe and SA that have Internet connections are the prefered default route to the Internet for JUST THOSE LOCATIONS.  However, all sub-locations within Europe and SA route outbound Internet traffic via the North American GW.  My question is......What is the best way via BGP, to say, prefer the South American Internet GW as the default Internet GW for only sub-locations within SA.  So basically if you are on a LAN segment in a sub-location within SA and you want to get to the Internet, go out the Internet GW in SA and if you are in sub-location within North America go out the North American Gateway.  I understand BGP enough to Multihome multiple Internet connections at each of our continental Data Centers, but can't figure out how to route specific sub-location Networks within a continent, out that continents Data Center's Internet Gateway instead of always coming back thru the North American GW.
platipakAsked:
Who is Participating?
 
platipakAuthor Commented:
It seems after talking to someone else that the problem really isn't with BGP routing metrics but with the "site of origin" being set only at our North American Data Center instead of at each Data Center per continent.  This setting is set within the provider's (AT&T) MPLS Network and nothing that I could change myself.  I have put in a change request with AT&T to adjust the SoO accordingly, so hopefully that will take care of our issues.

Thanks for all of the replies though......
0
 
SouljaCommented:
What was the reason that ATT gave that they didn't have this set up for you like this in the first place?
0
 
platipakAuthor Commented:
AT&T is not providing a managed solution for us.  They simply provide MPLS transit across their Network.  We provide the Routers and routing expertise.  I'm not in dire straights here because Europe and South America both use proxy servers, so the majority of their Internet bound traffic goes out via their proxy in the respective continents HQ/Data Center.  But for stuff like POP3 and maybe some point to point communication protocols, we have issues because all traffic routes through North America instead of staying local to that continent.  I know there's a way to manipulate route path via BGP....I do it all the time at my data centers with our multihomed internet links.  I just don't know how to do it when the Internet links are in disperse locals.
0
Identify and Prevent Potential Cyber-threats

Become the white hat who helps safeguard our interconnected world. Transform your career future by earning your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

 
pergrCommented:
The solution would possibly depend on your detailed topology, how your iBGP is set up, etc, but the general idea would be to use "local preference" (the BGP attribute).

For example, when you receive routes on eBGP in Europe, you set local preference to 200 for use in Europe. However, when you send these routes in iBGP to another continent you change the local preference to 150.

This would mean that at each continent the "local" routes would be used first, and only if those are lost would the other continents be used.

You can also tune it a bit. For example, in South America you use 200 for local routes, 150 for routes from North America and 100 for routes from Europe - depending on your cost for transit to different continents.

I assume here that you have some sort of L2VPN from AT&T, so you can send the full routing table across continents. I also assume you use plain IP routing within your own network (and not RSVP based LSPs).
0
 
platipakAuthor Commented:
Local Preference does sound like a possibility and yes we use AT&T AVPN MPLS Service which is a L2VPN sending full routing tables between peers.....However, each sub-location within a continent has a CE BGP Router but only the HQ/Data Center on each continent has the Internet Connection.  Should I apply the Local-Preference Route-Map like below on the SA HQ/Data Center CE Router:

route-map SA permit 10
match ip address 10
set local-preference 200

route-map SA permit 20
match ip address 20
set local-preference 150

route-map SA permit 30
match ip address 30
set local-preference 100

route-map SA deny 40

ip access-list 10 permit 10.65.0.0 0.0.255.255 any "Local Network from SA"
ip access-list 10 permit 10.63.0.0 0.0.255.255 any "Local Network from SA"

ip access-list 20 permit any 10.40.0.0 0.0.255.255 "Remote Network to EU"
ip access-list 20 permit any 10.45.0.0 0.0.255.255 "Remote Network to EU"

ip access-list 30 permit any 10.9.0.0 0.0.255.255 "Remote Network to NA"
ip access-list 30 permit any 10.6.0.0 0.0.255.255 "Remote Network to NA"

Something about this doesn't look quite right......
0
 
pergrCommented:
Not sure what you want the 'match ip address' statements for.

Let's assume your three HQ/DC sites (on in each continent) is connected to each other, and the smaller sites in each continent is only connected through the HQ/DC in that continent. In general, you would perhaps not need BGP in the smaller sites - just a defualt route in IGP would be enough. Still, if you still run iBGP we can assume that the 'local' HQ/DC is the Route Reflector for all the smaller sites in the continent, and that the three big sites has full iBGP mesh.

Now, for Europe, use

route-map EU-ebgp-in permit 10
set local-preference 200

route-map EU-ibgp-na-out permit 10
set local preference 150

route-map EU-ibgp-sa-out permit 10
set local preference 100

and apply those to the relevant BGP sessions on the EU router.

The BGP sessions from that router to the smaller sites around Europe does not need any additional tuning of local preference (and they can all be rr-clients).
0
 
pergrCommented:
Site of Origin is used within the Service Provider network when a customer site has redundant connections into the SP network.

It is used to avoid creating loops between customer network and VPN network.

It has nothing to do with your routing to the internet.
0
 
platipakAuthor Commented:
Hmmm.....That's not how this other person explained it to me??  He supposedly works at a Service Provider and has setup this type of config before multiple times to acheive what I want to achieve.  Also, when I mentioned the SoO to my AT&T Rep, he new right away what I was talking about and agreed it should do what I want it to do.  After AT&T implements it for us I'll see how it works.  If it does as you say, it will have no effect and I'll be back to the drawing board.
0
 
platipakAuthor Commented:
Solution provided by someone else outside of the ExpertsExchange forum.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.