Description
This article provides an understanding of the Border Gateway Protocol (BGP) Multi Exit Discriminator (MED) Attribute when passing over an autonomous system.
Some Facts about Multi Exit Discriminator (MED):
Some Facts about Multi Exit Discriminator (MED):
- It is applied on the BGP outbound routes.
- It influences the incoming traffic from neighboring autonomous systems.
- It can be passed from EBGP to IBGP.
- It can be passed from IBGP to IBGP.
- It can be passed from IBGP to EBGP.
- MED received from one EBGP neighbor cannot be passed to another EBGP neighbor.
FGT1(AS 100) ---- FGT2(AS 200) ---- FGT3(AS 200) ---- FGT4(AS 300)
As per the above scenario, FGT1 is advertising the route with MED 100 to FGT2 over EBGP. Then that MED can be received by FGT2. Also, the same MED 100 can be passed to FGT3 over IBGP. However, the route with MED 100 advertised by FGT3 to FGT4 will have MED value as 0 which is default MED value.
In short, MED advertised by AS100 can influence AS200, however, it has no influence on AS300. Hence, it is called as non-transitive attribute.
Solution
Step 1) Create a prefix list for the desired network being advertised to the AS.
# config router prefix-list
edit "networkfromrouterone"
config rule
edit 1
set prefix 10.10.99.0 255.255.255.0
unset ge
unset le
next
end
next
end
Step 2) Create a route map: 1. Set metric 2. Set the desired prefix list.
# config router route-map
edit "newmtric"
config rule
edit 1
set match-ip-address "networkfromrouterone"
set set-metric 300
next
end
next
end
Step 3) Clear BGP process.
# execute router clear bgp all
Step 4) Verify Metric is applied by running the following command.
# get router info routing-table all
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default
S* 0.0.0.0/0 [5/0] via 24.27.64.1, wan2
S 10.10.10.0/24 [15/0] is directly connected, Work to apt_0
S 10.10.17.0/24 [15/0] is directly connected, Work to apt_0
C 10.10.18.0/26 is directly connected, test2
B 10.10.98.0/24 [20/300] via 172.20.1.1 (recursive is directly connected, testAZ), 00:02:23
B 10.10.99.0/24 [20/300] via 172.20.1.1 (recursive is directly connected, testAZ), 00:02:23
S 10.10.200.0/24 [15/0] is directly connected, Work to apt_0
S 10.10.201.0/24 [15/0] is directly connected, Work to apt_0
C 24.27.64.0/19 is directly connected, wan2
B 40.40.40.0/24 [20/300] via 172.20.1.1 (recursive is directly connected, testAZ), 00:02:51
B 50.50.50.0/24 [20/300] via 172.20.1.1 (recursive is directly connected, testAZ), 00:02:51
C 172.16.1.0/24 is directly connected, wifi
S 172.20.1.1/32 [10/0] is directly connected, testAZ
C 172.20.1.2/32 is directly connected, loop
C 192.168.1.0/24 is directly connected, lan
Example
1. Service-Host device is hosting 1.1.1.1/32 prefix.
2. Spoke firewall has two uplink from same service provider AS-65001.
Configuration
3) Filter for the prefix [1.1.1.1/32] has been applied at ISP1 and ISP2 using below command.
ISP1 and ISP2 :
# config router prefix-list
edit "MED"
config rule
edit 1
set prefix 1.1.1.1 255.255.255.255
unset ge
unset le
next
end
next
end
4) Metric value : 5 has been applied by ISP2
ISP2:
# config router route-map
edit "MEDRM"
config rule
edit 1
set match-ip-address "MED"
set set-metric 5
next
end
next
end
# config router bgp
set as 65001
config neighbor
edit "10.40.19.118"
set remote-as 65222
next
edit "10.100.0.54"
set remote-as 65111
set route-map-out "MEDRM"
next
end
5) Metric value : 100 has been applied by ISP1.
ISP1:
# config router route-map
edit "MEDRM"
config rule
edit 1
set match-ip-address "MED"
set set-metric 100
next
end
next
end
# config router bgp
set as 65001
config neighbor
edit "10.40.19.118"
set remote-as 65222
next
edit "10.100.0.50"
set remote-as 65111
set route-map-out "MEDRM"
next
end
end
6) Prefix 1.1.1.1/32 has been selected best from ISP2 (next-hop 10.100.0.53) since metric is lower than ISP1.
