BGP load sharing with 2 default gateways

I am trying to figure out the best way to accomplish this, any suggestions would be appreciated

Hub1 inter----Gateway1-----eBGP--MPLS Cloud--eBGP---Spoke 1 net | | net | iBGP MPLS net | | cloud--Gateway 2-----eBGP--MPLS Cloud--eBGP---Spoke 2 Hub2

In this configuration, All of the spokes (remote sites) are connected into the mpls cloud via BGP. They are advertising their local routes and therefore can reach other. In order for the spokes to reach networks which are NOT in their routing table,( such as any public internet address), they will have to send traffic to one of the gateways.

What I would like to do is be able to load share between the two gateways (Hubs).

For outbound traffic (toward the spokes) I know that I can use local preference to choose an AS exit path for specific spoke prefixes (this will allow me to load share traffic toward the spokes)

For inbound traffic I am a little confused on how to do it. I would like to advertise a default route to the spokes, but I want, for example, Spoke 1 to always use Gateway 1 and Spoke 2 to use Gateway 2. In the event of a failure on Gateway 1, all spokes should route to Gateway 2 and vice versa.

1. Is it possible to advertise a default gateway from each Hub? or will the spokes only accept one of the default gateways?
2. Is there a way to force specific spokes to uses specific default gateways?
3. Is there an even simpler way to achieve all of this?

My goal is to be able to load share the traffic from the spokes destined for the internet.

In my actual setup, there is actually 4 gateways and over 100 spokes.

Thanks.

See if configuring MED will help

Thanks Maneesh

... explanation deleted

Yes. And you can use indirect defaults at each spoke to make the default route contingent on a specific gateway (and by using floating statics, define a hierarchy of gateways). But... see answer to #2 below!

Yes, see answer to 1. But unless your MPLS cloud is implemented as virtual point-to-point links from each spoke to each individual gateway, it won't make any difference, as the packets will be sent into the cloud with the final destination as the IP destination address, not the gateway's IP address, so which gateway they actually get routed to will depend upon the internal structure and path selection inside the MPLS cloud.

Ask your MPLS service provider what facilities _they_ provide to accomplish your desired goals. They _may_ have thought about this requirement and provided an easy mechanism to implement it on _their_ MPLS network. Because it is done _inside_ the cloud, you are pretty much at their mercy.

If the four gateways are all at the same site, you can do it without getting inside the MPLS cloud by adding a layer of routers between the MPLS cloud and the gateways, so the traffic goes from spoke router to MPLS cloud to distribution router to LAN to gateway router. Be sure you size the distribution routers so any single one can handle 100% of the load. Then you can use conventional techniques to distribute outbound traffic across the available gateways (be real careful, because "conventional techniques" can be dysfunctional if you are not careful. For example, it is easy to configure policy routing to create black holes or GLBP/HSRP to send all traffic to just one gateway).

Good luck and have fun!

MPLS cloud? It will drop the packet. TThe goal is to NOT advertising the entire internet routing table to our sites, only the Default Gateways. Therefore if someone is trying to reach the internet, the MPLS cloud would have to learn and propagate our default gateway.

Bad choice of words on my part. I meant a defualt gateway definition which is not directly connected, or in your case, a route to the IP address of one of your gateways (which is on the other side of the MPLS network). e.g.:

ip route 0.0.0.0 0.0.0.0 1.2.3.4 240 ! Preferred gateway ip route 0.0.0.0 0.0.0.0 5.6.7.8 250 ! Backup gateway

Note that this only works if the paths to 1.2.3.4 and 5.6.7.8 are learned dynamically through a routing protocol or other mechanism.

MPLS cloud? It will drop the packet. TThe goal is to NOT advertising the entire internet routing table to our sites, only the Default Gateways. Therefore if someone is trying to reach the internet, the MPLS cloud would have to learn and propagate our default gateway.

Correct. But within the context of _your_ MPLS network, you need to advertise a default route that is propagated throughout (and ultimately to your spoke routers). That is, the MPLS cloud must learn that unknown destinations sought by your spokes get sent to your gateway.

Any results?

Hmmm, not sure what I said that implied a single point of failure (other than everything at a single site, and that improper design will leave you with single points of failure regardless of redundancy).

Just be forewarned that there ain't no such thing as a free lunch. High availability -- Load Sharing -- Cost/Complexity You only get to choose two out of three.

You're welcome. Good luck and have fun!

Bad choice of words on my part. I meant a defualt gateway definition which is not directly connected, or in your case, a route to the IP address of one of your gateways (which is on the other side of the MPLS

network). e.g.:

ip route 0.0.0.0 0.0.0.0 1.2.3.4 240 ! Preferred gateway ip route 0.0.0.0 0.0.0.0 5.6.7.8 250 ! Backup gateway

Note that this only works if the paths to 1.2.3.4 and 5.6.7.8 are learned dynamically through a routing protocol or other mechanism.

packet out of the interface. Couldn't I achieve the same thing by using one static route and pointing to the physical interface? Even if I have 2 default routes defined, if there is only one link out of the router, it can only leave via 1 path. After that its up to the MPLS cloud.

destination 5.5.5.5 (which is an internet address for example), that address will be my actual destination. So the spoke will send the packet out of its only interface destined to 5.5.5.5. The MPLS router will get it and not know of any destination 5.5.5.5, and would like to drop the packet. But if I propagated a default route to the MPLS router, it will forward the packet to the gateway, correct. The problem is, what if I propagate two default routes? (one from each gateway) The MPLS last hop may only choose 1 best path due to how BGP works.

If both of my default gateway routers physically connected to the provider via 1 provider router, then I think it is possible for the provider to loadbalance using the "maximum-paths" command. But there is a good chance that each of my gateways will be connected to a different provider router. So without the provider knowing all of the destination addresses (which is impossible because they are internet addresses) they couldn't do it.

Am I right or am I missing something here?

Thanks Again

packet out of the interface. Couldn't I achieve the same thing by using one static route and pointing to the physical interface? Even if I have 2 default routes defined, if there is only one link out of the router, it can only leave via 1 path. After that its up to the MPLS cloud.

destination 5.5.5.5 (which is an internet address for example), that address will be my actual destination. So the spoke will send the packet out of its only interface destined to 5.5.5.5. The MPLS router will get it and not know of any destination 5.5.5.5, and would like to drop the packet. But if I propagated a default route to the MPLS router, it will forward the packet to the gateway, correct. The problem is, what if I propagate two default routes? (one from each gateway) The MPLS last hop may only choose 1 best path due to how BGP works.

You seem to be missing the fact that the MPLS network also needs a default route. But more important, you recognize that unless you build your network with tunnels (inefficient), you don't control the routing through the MPLS network, the service provider does, and if you want things done a particular way, you need to work with them.

As for how the MPLS network handles you giving it more than one default route, that is up to the service provider and how they determine routes internally (which may or may not have relationship to do with the ability or limitations of BGP).

Incidentally, connecting both of your default gateway routers to the same provider router violates your previous premise of no single points of failure.

Bottom line: You've got the idea, you just need to pull all the pieces together, recognizing the limitations at each step and that how BGP is used in your MPLS network may be unique to your service provider, so you really need to get them involved.

Good luck and have fun!