ccie blog

BGP Deterministic-MED

How the Best Path Algorithm Works

“BGP assigns the first valid path as the current best path.  BGP then compares the best path with the next path in the list, until BGP reaches the end of the list of valid paths” (Cisco, 2006).

BGP Deterministic-MED

Because of the way BGP’s best path alogorithm works, it can lead to MED being left un-compared between routes using identical AS_PATH’s towards a prefix! (as you may recall, MED should be compared in the best path selection in scenarios where the AS paths are the same).  The lab below demonstrates how this doesn’t always happen.  We are going to advertise the 100.100.100.0/24 network on R5 towards R1.  R1 is going to get three paths to this network, and we’re going to see how MED won’t be compared between R3 & R4 due to the order of which R1 learned these paths.

Let’s take a look on R1’s BGP table to see how he learned the 100.100.100.0/24 network

R1(config-router)#do sh ip bgp 100.100.100.0
BGP routing table entry for 100.100.100.0/24, version 29
Paths: (3 available, best #3, table Default-IP-Routing-Table)
Flag: 0x4840
  Advertised to update-groups:
     1
  30 40
    13.13.13.2 from 13.13.13.2 (3.3.3.3)
      Origin IGP, metric 100, localpref 100, valid, external
  20 40
    12.12.12.2 from 12.12.12.2 (2.2.2.2)
      Origin IGP, metric 150, localpref 100, valid, external
  30 40
    14.14.14.2 from 14.14.14.2 (4.4.4.4)
      Origin IGP, metric 200, localpref 100, valid, external, best

According to the BGP best path algorithm (which can be found at the very top of this post), the most recent path is evaluated against the path below it. So basically the 3.3.3.3 neighbor vs the 2.2.2.2 neighbor in an attribute stand off! Because of the AS path differentiation, MED has not been considered here. Therefore the best path is via 2.2.2.2 because it is older. For neighbors 2.2.2.2 vs 4.4.4.4, the MED is, again, not considered due to non-identical AS_PATH information; thus 4.4.4.4 wins because it is older. So you can already see how the MED configuration may not work as you may have expected in this scenario. This is due to the way the BGP best path algorithm works in terms of processing from the top down in the BGP table; and also because the paths are listed in the order they were learnt i.e. the oldest path (we learnt first) is at the bottom, and the newest path (we learn’t last) is at the top. Deterministic-med fixes this problem by listing identical AS_PATHs to the the prefix into groups in the BGP table. Paths within a group are then compared against each other. Then the winner of the group is compared against the next group down. Let’s enable that now.

Router(config)#router bgp 10
Router(config-router)#bgp deterministic-med
R1(config-router)#end

R1#sh ip bgp
*Mar  1 00:40:13.927: %SYS-5-CONFIG_I: Configured from console by console 100.100.100.0
BGP routing table entry for 100.100.100.0/24, version 29
Paths: (3 available, best #2, table Default-IP-Routing-Table)
  Advertised to update-groups:
     1
  20 40
    12.12.12.2 from 12.12.12.2 (2.2.2.2)
      Origin IGP, metric 150, localpref 100, valid, external
  30 40
    13.13.13.2 from 13.13.13.2 (3.3.3.3)
      Origin IGP, metric 100, localpref 100, valid, external, best
  30 40
    14.14.14.2 from 14.14.14.2 (4.4.4.4)
      Origin IGP, metric 200, localpref 100, valid, external

As you can see, the order of the prefix entries has now been re-structured. Routes containing the AS_PATH 30 40 have been grouped together so that our MED attribute can now be compared. Each path within the group is compared to find the best path, AND THEN this best value is compared against the next group.

In our example, there is only one entry using the 20 40 AS_PATH towards our 100.100.100.0/24 network.  So this would be the only member of group 1. However, there are two entries using the 30 40 AS_PATH. These are members of group 2. So we take the best path from group 1, and the best path from group 2 BEFORE comparing the groups against each other.

From group 1, the winner (the only member) is the path via 2.2.2.2. The winner of group 2 is the route via 3.3.3.3 because of the lower med. When comparing the winner of these two groups, the winner is 3.3.3.3 because an older age is more preferred.

Conclusion

Clearly, the deterministic-med feature ensures MED gets compared where AS paths are the same. Without this feature, the MED may not be compared because of the top-down processing the BGP algorithm uses to evaluate routes. The only issue with this though, is if the MED value is the same on each device & the best path selection algorithm gets down to using the age as a tie breaker. Because of the way deterministic-med groups/restructures the order of the routes, it can lead to the age being non-definitive. I believe that for these reasons, Cisco has recommended using #bgp deterministic-med & #bgp best-path compare-routerid when configuring BGP. Where the compare-router-id command removes “age” out of the best path selection algorithm completely, causing the tiebreaker at the final step of the algorithm to always be between router-id (as opposed to age, and THEN router-id). These two features should be configured on all of your BGP peers, otherwise a permanent loop could easily form in the network.

6 Comments

shehab wady nagyJuly 26th, 2013 at 3:28 pm

excellent explanation for MED it is the first time to understand this from this blog……keep going

dhirajSeptember 12th, 2014 at 12:51 pm

very good..crisp n clear

karanDecember 1st, 2014 at 4:41 am

very well explained

AymanSeptember 26th, 2015 at 10:05 pm

Thanks, It is nice and useful

rajanNovember 20th, 2016 at 6:30 pm

super clear now

Thanks

YutaDecember 9th, 2018 at 2:24 am

Great explanation! Thank you so much.

Leave a comment

Your comment