?
Solved

Routing specific Internal Networks out a specific Internet Gateway via a MPLS Network routing traffic via BGP

Posted on 2011-04-26
9
Medium Priority
?
645 Views
Last Modified: 2012-05-11
My Company has multiple locations on 3 continents (North America, South America and Europe).  All locations are connected to each other via AT&T provided MPLS links and routed via BGP.  We have a Data Center/HQ in each continent that acts as the Internet Gateway for all sub-locations within the three respective continents.  Since the the North American Data Center is our World HQ and the first site to go live on the AT&T MPLS WAN, it's Internet Gateway is being advertised as the prefered default gateway via BGP.  The Data Center locations in Europe and SA that have Internet connections are the prefered default route to the Internet for JUST THOSE LOCATIONS.  However, all sub-locations within Europe and SA route outbound Internet traffic via the North American GW.  My question is......What is the best way via BGP, to say, prefer the South American Internet GW as the default Internet GW for only sub-locations within SA.  So basically if you are on a LAN segment in a sub-location within SA and you want to get to the Internet, go out the Internet GW in SA and if you are in sub-location within North America go out the North American Gateway.  I understand BGP enough to Multihome multiple Internet connections at each of our continental Data Centers, but can't figure out how to route specific sub-location Networks within a continent, out that continents Data Center's Internet Gateway instead of always coming back thru the North American GW.
0
Comment
Question by:platipak
  • 5
  • 3
9 Comments
 
LVL 26

Expert Comment

by:Soulja
ID: 35468665
What was the reason that ATT gave that they didn't have this set up for you like this in the first place?
0
 

Author Comment

by:platipak
ID: 35468998
AT&T is not providing a managed solution for us.  They simply provide MPLS transit across their Network.  We provide the Routers and routing expertise.  I'm not in dire straights here because Europe and South America both use proxy servers, so the majority of their Internet bound traffic goes out via their proxy in the respective continents HQ/Data Center.  But for stuff like POP3 and maybe some point to point communication protocols, we have issues because all traffic routes through North America instead of staying local to that continent.  I know there's a way to manipulate route path via BGP....I do it all the time at my data centers with our multihomed internet links.  I just don't know how to do it when the Internet links are in disperse locals.
0
 
LVL 17

Expert Comment

by:pergr
ID: 35469917
The solution would possibly depend on your detailed topology, how your iBGP is set up, etc, but the general idea would be to use "local preference" (the BGP attribute).

For example, when you receive routes on eBGP in Europe, you set local preference to 200 for use in Europe. However, when you send these routes in iBGP to another continent you change the local preference to 150.

This would mean that at each continent the "local" routes would be used first, and only if those are lost would the other continents be used.

You can also tune it a bit. For example, in South America you use 200 for local routes, 150 for routes from North America and 100 for routes from Europe - depending on your cost for transit to different continents.

I assume here that you have some sort of L2VPN from AT&T, so you can send the full routing table across continents. I also assume you use plain IP routing within your own network (and not RSVP based LSPs).
0
Become a Leader in Data Analytics

Gain the power to turn raw data into better business decisions and outcomes in your industry. Transform your career future by earning your MS in Data Analytics. WGU’s MSDA program curriculum features IT certifications from Oracle and SAS.  

 

Author Comment

by:platipak
ID: 35470439
Local Preference does sound like a possibility and yes we use AT&T AVPN MPLS Service which is a L2VPN sending full routing tables between peers.....However, each sub-location within a continent has a CE BGP Router but only the HQ/Data Center on each continent has the Internet Connection.  Should I apply the Local-Preference Route-Map like below on the SA HQ/Data Center CE Router:

route-map SA permit 10
match ip address 10
set local-preference 200

route-map SA permit 20
match ip address 20
set local-preference 150

route-map SA permit 30
match ip address 30
set local-preference 100

route-map SA deny 40

ip access-list 10 permit 10.65.0.0 0.0.255.255 any "Local Network from SA"
ip access-list 10 permit 10.63.0.0 0.0.255.255 any "Local Network from SA"

ip access-list 20 permit any 10.40.0.0 0.0.255.255 "Remote Network to EU"
ip access-list 20 permit any 10.45.0.0 0.0.255.255 "Remote Network to EU"

ip access-list 30 permit any 10.9.0.0 0.0.255.255 "Remote Network to NA"
ip access-list 30 permit any 10.6.0.0 0.0.255.255 "Remote Network to NA"

Something about this doesn't look quite right......
0
 
LVL 17

Expert Comment

by:pergr
ID: 35470690
Not sure what you want the 'match ip address' statements for.

Let's assume your three HQ/DC sites (on in each continent) is connected to each other, and the smaller sites in each continent is only connected through the HQ/DC in that continent. In general, you would perhaps not need BGP in the smaller sites - just a defualt route in IGP would be enough. Still, if you still run iBGP we can assume that the 'local' HQ/DC is the Route Reflector for all the smaller sites in the continent, and that the three big sites has full iBGP mesh.

Now, for Europe, use

route-map EU-ebgp-in permit 10
set local-preference 200

route-map EU-ibgp-na-out permit 10
set local preference 150

route-map EU-ibgp-sa-out permit 10
set local preference 100

and apply those to the relevant BGP sessions on the EU router.

The BGP sessions from that router to the smaller sites around Europe does not need any additional tuning of local preference (and they can all be rr-clients).
0
 

Accepted Solution

by:
platipak earned 0 total points
ID: 35476329
It seems after talking to someone else that the problem really isn't with BGP routing metrics but with the "site of origin" being set only at our North American Data Center instead of at each Data Center per continent.  This setting is set within the provider's (AT&T) MPLS Network and nothing that I could change myself.  I have put in a change request with AT&T to adjust the SoO accordingly, so hopefully that will take care of our issues.

Thanks for all of the replies though......
0
 
LVL 17

Expert Comment

by:pergr
ID: 35477254
Site of Origin is used within the Service Provider network when a customer site has redundant connections into the SP network.

It is used to avoid creating loops between customer network and VPN network.

It has nothing to do with your routing to the internet.
0
 

Author Comment

by:platipak
ID: 35477368
Hmmm.....That's not how this other person explained it to me??  He supposedly works at a Service Provider and has setup this type of config before multiple times to acheive what I want to achieve.  Also, when I mentioned the SoO to my AT&T Rep, he new right away what I was talking about and agreed it should do what I want it to do.  After AT&T implements it for us I'll see how it works.  If it does as you say, it will have no effect and I'll be back to the drawing board.
0
 

Author Closing Comment

by:platipak
ID: 35503357
Solution provided by someone else outside of the ExpertsExchange forum.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Tech spooks aren't just for those who are tech savvy, it also happens to those of us running a business. Check out the top tech spooks for business owners.
This article will show you step-by-step instructions to build your own NTP CentOS server.  The network diagram shows the best practice to setup the NTP server farm for redundancy.  This article also serves as your NTP server documentation.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question