How to configure BGP MED Attribute

only two router with two different connections .

Hello Rawaz.

If I understand correctly, your scenario involves a dual homed BGP topology and you want to know how to control, or at least influence, inbound traffic, correct?

Because inbound traffic is essentially sent to you, you do not have the ultimate control of how traffic enters your AS. Your ISP may have outbound policies that will always override all of your attempts to influence inbound traffic. However, you do have the option of influencing inbound traffic. There are several ways to do this including:

* Leaking more specific routes
* Using the MED attribute
* AS PATH prepending
* Community/local pref agreement

Remember however, that the ISP has the final word for inbound traffic.

I hope this has been helpful!

Laz

Hi
Can you explain between:

  • deterministic-med
  • non-deterministic-med
    Thank!

Hello Nguyen

The following excerpt from Cisco documentation very clearly describes the use of these features:

Enabling the bgp deterministic-med command ensures the comparison of the MED variable when choosing routes advertised by different peers in the same autonomous system. Enabling the bgp always-compare-med command ensures the comparison of the MED for paths from neighbors in different autonomous systems. The bgp always-compare-med command is useful when multiple service providers or enterprises agree on a uniform policy for setting MED. Thus, for network X, if Internet Service Provider A (ISP A) sets the MED to 10, and ISP B sets the MED to 20, both ISPs agree that ISP A has the better performing path to X.

This information has come from the following Cisco documentation:


I hope this has been helpful!

Laz

It’s confusing when you say BGP MED aka/or/(Metric). Yes it’s a Metric in the CLI but in Cisco’s docs (at least some of them) it’s Multi Exit Discriminator. IF you search the cisco documentation I liked bellow about MED for Metric it doesn’t find anything. I think you should update your documents to at least mention the Cisco definition I liked. Thanks! I really enjoy your site!

Hello Brian

Thanks for bringing this to our attention. I can understand how this can be confusing. According to this Cisco documentation, MED is also known as the external metric of a route, because the lower the MED value, the more preferred a route becomes.

Similarly, the following BGP case studies documentation refers to MED as “the metric attribute” which is also known as “MED”.

The truth is that the original naming of the attribute was Inter AS Metric, and has since been changed to Multi Exit Discriminator, so this is the reason why the term Metric is still sometimes used.

However, to be absolutely correct, the term should be MED. I will let Rene know to clarify the wording to avoid confusion in the future.

I hope this has been helpful!

Laz

Absolutely brilliant!

I was going to ask the difference between MED and AS-PATH prepending but it has been answered. One more thing though at the beginning you wrote: “R1 and R3 will both advertise network 1.1.1.0 /24 in BGP. We can use MED to tell AS 1 which path to use to reach this network”. I think it should be AS 2 instead

Thanks.

Hello sales2161

Yes, you are correct. I will let Rene know.

Thanks!

Laz

Afternoon chaps - I realise that MED is only meant for eBGP peers but is there actually anything in the BGP UPDATE message which would prevent it from being advertised to an iBGP neighbor?

Hello Gareth

Actually, it is a little more complex than that. The MED is actually shared between iBGP peers such that the same prefix will have the associated metric that it has been given. When eBGP peers share these same prefixes, the metric is reset to 0 as the MED value is not transferred to an external AS.

HOWEVER, when sharing prefixes between eBGP members, the MED can be modified in order to influence routing. Cisco states it best like so:

When a BGP speaker learns a route from a peer, it can pass the route’s MED to any iBGP peers, but not to eBGP peers. As a result the MED has relevance only between neighbouring autonomous systems.

This is the behaviour BY DEFAULT. BUT, you can change the advertised MED between eBGP peers thus influencing the metric between AS’es.

You can find more detailed information at this Cisco documentation:

I hope this has been helpful!

Laz

1 Like

Thanks Laz.

One more question please…

If the lowest MED value wins then shouldn’t a value of 0 always take precedence?

Hello Gareth

Yes, if you change the MED for a particular path to a non-zero value, and you leave another path’s MED at the default (0) then the default MED value will take precedence simply because it is lower. There is an option where you can enable the following command:

bgp bestpath med missing-as-worst

This causes any route that is advertised without a MED to be assigned the maximum value of 4,294,967,295, instead of the default value of 0, thus making it by default worse than all other explicitly configured MED values. You can find out more about this command at this Cisco Command Reference.

I hope this has been helpful!

Laz

Hello Rene,
Very good article on MED.
I think you could include the note about the default value for MED which is zero

Thanks
Gilson

Hi Gilson

Thanks for the valuable feedback, I’ll let @ReneMolenaar know!

Laz

Hi Gilson,

I agree, just added and highlighted this.

Rene

Hello Rene,

All the MED examples I have seen are between two autonomous systems. What if there are two routers (belonging to the same company but different sites) having different ASN’s advertising identical routes to an external organization.

I want the external organization to send traffic via only one of the sites. Only if the link fails can it be sent to via the other site. Can this still be done by MED values?

So can i configure a route-map on site 1’s router where the MED value is 100 and a route-map on site 2 router where the MED value is 200. Can this ensure that the external routers always sends traffic via site 1?

Thanks

Hello William

The purpose of MED is to advertise to your neighbouring AS how they should enter your AS. This by definition requires that you have at least two connections to a particular AS. MED is then used by their BGP routers to determine via which path connectivity to your AS will be achieved. A prerequisite of the use of MED is that the two alternative paths into your network must be in the same AS. Note here that MED is propagated to all routers within a neighbouring AS but is not passed along to any other autonomous systems.

If you have the topology that you describe, then each AS, even if it belongs to the same entity, will have only one single entry point into your AS. Therefore there is no issue as to which path will be taken, since there is only one choice per AS.

So to answer your question, MED cannot be used to modify the way in which traffic from different AS’es enter your network.

Having said that, however, there is an exception to this rule. If two AS’es exist as two alternate paths to a third single AS, then yes, you can have a situation where you must compare MED values from multiple AS’es. But this involves outgoing traffic, and not incoming traffic. Take a look at this topology for example:


Here we have a network 10.1.1.0/24 that exists in AS 10. The path to this network is advertised by R4 and R5 which are in different AS’es to R6 in AS40 using a different MED. By default, R6 will not take the MEDs into account because they are from different AS’es, however, you can configure R6 with the bgp always-comare-med command, and only then will it compare them. However, keep in mind that the destination is still a single network, and exists within a single AS 10.

Such a configuration , informs R6 of how to reach the particular network, and does not inform the other AS’es of how to reach networks behind R6, so this situation is the other way around.

I hope this has been helpful!

Laz

Thanks Laz,

This was very useful. I configured it in the lab and it was able to work only after I configured the compare med command.

Is this compare med feature only in Cisco or is it a mandatory feature in BGP that used across all vendors?

Thanks

Hello William

Your question puts us in a little bit of a grey area between the definition of a protocol and the implementation of that protocol. According to RFC 4271:

MULTI_EXIT_DISC is only comparable between routes learned from the same neighboring AS (the neighboring AS is determined from the AS_PATH attribute).

I haven’t found any evidence in the RFC that the operation of BGP in the strictest sense, “allows” the use of the MED value to be compared from two different AS’es. This may be an additional feature that Cisco has introduced, similar to the introduction of the WEIGHT attribute.

Doing a bit of research, I have found that other vendors, such as Juniper, also have this feature available, and I get the feeling that you will find it in most mid to high end equipment providers. Once again, it’s not strictly defined in the RFC, but it seems that it is a useful feature in practice, and has thus been implemented in this way on networking devices.

I hope this has been helpful!

Laz

Thanks Laz for researching and giving your views. Greatly appreciate it.

My previous scenario can be achieved with BGP communities by having different communities for each Data Center. So when traffic comes from one DC it will be tagged with a community and the core will redirect the replies towards the same DC.

Thanks