Technical Tip: Influencing BGP routes using Metric

aneshcheret · ‎04-07-2017

Description

This article provides an understanding of the Border Gateway Protocol (BGP) Multi Exit Discriminator (MED) Attribute when passing over an autonomous system.

Some Facts about Multi Exit Discriminator (MED):

It is applied on the BGP outbound routes.
It influences the incoming traffic from neighboring autonomous systems.
It can be passed from EBGP to IBGP.
It can be passed from IBGP to IBGP.
It can be passed from IBGP to EBGP.
MED received from one EBGP neighbor cannot be passed to another EBGP neighbor:

FGT1(AS 100) ---- FGT2(AS 200) ---- FGT3(AS 200) ---- FGT4(AS 300)

As per the above scenario, FGT1 is advertising the route with MED 100 to FGT2 over EBGP. Then that MED can be received by FGT2. Also, the same MED 100 can be passed to FGT3 over IBGP. However, the route with MED 100 advertised by FGT3 to FGT4 will have MED value as 0 which is default MED value.

In short, MED advertised by AS100 can influence AS200, however, it has no influence on AS300. Hence, it is called as non-transitive attribute.

Scope

FortiGate.

Solution

Create a prefix list for the desired network being advertised to the AS.

config router prefix-list
    edit "networkfromrouterone"
        config rule
            edit 1
                set prefix 10.10.99.0 255.255.255.0
                unset ge
                unset le
            next
        end
    next
end

Create a route map: 1. Set metric 2. Set the desired prefix list:

config router route-map
    edit "newmtric"
        config rule
            edit 1
                set match-ip-address "networkfromrouterone"
                set set-metric 300
            next
        end
    next
end

Apply the route map in the outbound direction - on the BGP neighbor config and clear BGP process.

execute router clear bgp all

Verify Metric is applied by running the following command:

get router info routing-table all

Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
       O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default

S*      0.0.0.0/0 [5/0] via 24.27.64.1, wan2
S       10.10.10.0/24 [15/0] is directly connected, Work to apt_0
S       10.10.17.0/24 [15/0] is directly connected, Work to apt_0
C       10.10.18.0/26 is directly connected, test2
B       10.10.98.0/24 [20/300] via 172.20.1.1 (recursive is directly connected, testAZ), 00:02:23
B       10.10.99.0/24 [20/300] via 172.20.1.1 (recursive is directly connected, testAZ), 00:02:23
S       10.10.200.0/24 [15/0] is directly connected, Work to apt_0
S       10.10.201.0/24 [15/0] is directly connected, Work to apt_0
C       24.27.64.0/19 is directly connected, wan2
B       40.40.40.0/24 [20/300] via 172.20.1.1 (recursive is directly connected, testAZ), 00:02:51
B       50.50.50.0/24 [20/300] via 172.20.1.1 (recursive is directly connected, testAZ), 00:02:51
C       172.16.1.0/24 is directly connected, wifi
S       172.20.1.1/32 [10/0] is directly connected, testAZ
C       172.20.1.2/32 is directly connected, loop
C       192.168.1.0/24 is directly connected, lan

Note: In the case of hub and spokes topology, it is always recommended to apply the route map on the hub side so that only advertised routes with the adjusted metric will be advertised to the spoke.

Example:

Service-Host device is hosting 1.1.1.1/32 prefix.
The spoke firewall has two uplinks from the same service provider AS-65001.

Configuration:

Filter for the prefix [1.1.1.1/32] has been applied at ISP1 and ISP2 using the below command:

ISP1 and ISP2 :

config router prefix-list
    edit "MED"
        config rule
            edit 1
                set prefix 1.1.1.1 255.255.255.255
                unset ge
                unset le
            next
        end
    next
end

Metric value: 5 has been applied by ISP2

ISP2:

config router route-map
    edit "MEDRM"
        config rule
            edit 1
                set match-ip-address "MED"
                set set-metric 5
            next
        end
    next
end

config router bgp
set as 65001
config neighbor
edit "10.40.19.118"
set remote-as 65222
next
edit "10.100.0.54"
set remote-as 65111
set route-map-out "MEDRM"
next
end

Metric value: 100 has been applied by ISP1.

ISP1:

config router route-map
edit "MEDRM"
        config rule
            edit 1
                set match-ip-address "MED"
                set set-metric 100
            next

end
next

end

config router bgp
    set as 65001
        config neighbor
            edit "10.40.19.118"
                set remote-as 65222
            next
            edit "10.100.0.50"
                set remote-as 65111
                set route-map-out "MEDRM"
            next
        end

end

Prefix 1.1.1.1/32 has been selected best from ISP2 (next-hop 10.100.0.53) since the metric is lower than ISP1.

The MED attribute in BGP is only compared between routes received from the same autonomous system (AS).
If MED values are received from different AS's, they are not directly compared against each other. Instead, each AS's MED values are evaluated independently, and the best route is selected based on other BGP path selection criteria.

For example:

192.168.1.1 (assume it belongs to AS 65001) MED 100
172.16.0.1 and 172.17.0.1 (assume they belong to AS 65002) MED 150 and MED 160

Thus, among 172.16.0.1 and 172.17.0.1, BGP will select the one with the lower MED value for the best path.

Since these prefixes come from different AS's, their MED values will not be compared directly. Instead, BGP will consider other attributes like local preference, AS path length, origin type, and IGP metric when selecting the best route.

Technical Tip: Influencing BGP routes using Metric

You are leaving our website