[c-nsp] eBGP multihop, CE default route, using PBR instead of dynamic routing?

Phil Bedard philxor at gmail.com
Mon Feb 8 09:33:12 EST 2010

What kind of devices are you using?  The device will probably make more difference than anything else with regards to PBR.  I would say generally having the two BGP peering connections is one solution to the ebgp multihop problem.  Another solution would be to use a tunnel (prob GRE) between the customer router to your PE through the CE, and run ebgp directly over the tunnel interfaces, but you still need to know how to get to the endpoints.  What about using static MEDs?  More information on what they want to accomplish by using MEDs would be useful as well.     


On Feb 8, 2010, at 8:55 AM, Roger Wiklund wrote:

> Hi
> We have an MPLS customer who is running IS-IS on their LAN, and then
> redistributing that into BGP to our core.
> This was the original standard setup:
> PE----ebgp-----CE----ebgp-----CUSOMER----ISIS
> So that worked just fine, but the customer wanted the IS-IS metric to be
> injected into BGP MED. This can be done, but with the setup above, MED is
> only sent to the CE router, after that its removed.
> So what we did was to setup eBGP multihop from the PE directly to the
> customers router. We then used BGP on the CE to the customers router, and
> from the CE to PE we used a default route.
> Now, this site is the customers HUB site so somewhere in their LAN, they
> have an Internet breakout. So the customer is injecting a default route from
> their router, into the MPLS.
> So what happened now is when another stanard site in the MPLS tried to reach
> the internet, we had a loop between the PE and CE. Cause the PE will send it
> to the CE, and the CE will have a static default route back to the PE.
> So to fix this, I skipped the default static route on the CE, and enabled
> eBGP between the PE and CE. That way the CE have full knowledge about each
> sides.
> However, this is not an optimal soultion, I dont want to have 2 BGP peerings
> on the PE.
> So, what I came up with, and this is where I would like your input on.
> In my lab, I have the same setup, so I removed all the static routes and
> dynamic routing on the CE. So basically everyting is broken, because the CE
> doesnt know where to send the traffic to.
> I then configured policy based routing, and created an ACL permit all
> traffic, and created 2 route-maps, that matches on the ACL, and sets the
> next hop. I then applied the route-maps to each interface on the CE.
> So, when traffic coming into the CE from the PE, I match on everything, and
> set the next hop to the customers router. And vice versa in the other
> direction. I tested it and it worked, and it has no dynamic routing what so
> ever.
> But this is just in the Lab, I really cant say what will happen in the live
> network.
> Have anyone done anything similar? Will PBR eat up all the CPU process? Any
> other problems that may occur? I mean, all I want to do on the CE is shuffle
> the traffic from one interface to another.
> Thanks
> Regards
> Roger
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list