BGP always-compare-med vs deterministic-med

BGP route selection algorithm has always been very systematic, up until you get to the MED or ( Multi-Exit Discriminator), which can be a little bit confusing. in this post, i’ll try to make it as simple as it can be to understand the difference between using the commands bgp always-compare-med  and  bgp deterministic-med

i’m writing this assuming that the reader is fully aware of the BGP route selection, seeking only an understanding of the difference between those two commands

now let’s check the below topology

R1 in AS 1 is peering with R2 and R3 in AS23 , and with R4 in AS4, do does R5 in AS5. throughout the post, we’ll be using R1 to eexaminethe network 5.5.5.5/32 originated in AS5  as a reference to check the difference between those two commands.

Let’s first see the configuration on R1 and check the routing table

R1#show ip bgp 5.5.5.5

BGP routing table entry for 5.5.5.5/32, version 17

Paths: (3 available, best #3, table Default-IP-Routing-Table)

Flag: 0x820

 Advertised to update-groups:

       1

 23 5

   10.0.12.2 from 10.0.12.2 (2.2.2.2)

     Origin IGP, localpref 100, valid, external

 23 5

   10.0.13.3 from 10.0.13.3 (3.3.3.3)

     Origin IGP, localpref 100, valid, external

 4 5

   10.0.14.4 from 10.0.14.4 (4.4.4.4)

     Origin IGP, localpref 100, valid, external, best

when BGP received updates, it lists them in order of older (down) to newer ( up), and if there’s no tie between assuming all the routes are valid, the oldest route will be selected as the best.

we can check that by simply clearing neighbor 4.4.4.4, since the session will restart and it will be the oldest one, it’ll be the one on top and 3.3.3.3 will be at the bottom and selected as the best

R1#clear ip bgp 10.0.14.4

R1#

*Mar  1 02:25:48.883: %BGP-5-ADJCHANGE: neighbor 10.0.14.4 Down User reset

*Mar  1 02:25:49.683: %BGP-5-ADJCHANGE: neighbor 10.0.14.4 Up

R1#show ip bgp 5.5.5.5

BGP routing table entry for 5.5.5.5/32, version 6

Paths: (3 available, best #3, table Default-IP-Routing-Table)

Flag: 0x860

 Advertised to update-groups:

       1

 4 5

   10.0.14.4 from 10.0.14.4 (4.4.4.4)

     Origin IGP, localpref 100, valid, external

 23 5

   10.0.12.2 from 10.0.12.2 (2.2.2.2)

     Origin IGP, localpref 100, valid, external

 23 5

   10.0.13.3 from 10.0.13.3 (3.3.3.3)

     Origin IGP, localpref 100, valid, external, best

As expected, now let’s try sending different MED from R2,R3 and R4 to R1 and see how will that work

R1#show ip bgp 5.5.5.5

BGP routing table entry for 5.5.5.5/32, version 13

Paths: (3 available, best #2, table Default-IP-Routing-Table)

Flag: 0x4860

 Advertised to update-groups:

       1

 4 5

   10.0.14.4 from 10.0.14.4 (4.4.4.4)

     Origin IGP, metric 400, localpref 100, valid, external

 23 5

   10.0.12.2 from 10.0.12.2 (2.2.2.2)

     Origin IGP, metric 200, localpref 100, valid, external, best

 23 5

   10.0.13.3 from 10.0.13.3 (3.3.3.3)

     Origin IGP, metric 300, localpref 100, valid, external

Well, it seems that R2 now is the preferred exit for 5.5.5.5, the reason is that by default BGP will compare routes in pairs when they’re from the same neighboring system. and since the route from R4 is the oldest route and R2 is from the same AS, the comparison will take lace between R2 and R3 while excluding R4 since it’s from a different AS.

to be really sure about it, we’ll lower the metric from R4 and soft clear the sessions. R2 should still be preferred route

R1#show ip bgp 5.5.5.5

BGP routing table entry for 5.5.5.5/32, version 11

Paths: (3 available, best #2, table Default-IP-Routing-Table)

 Advertised to update-groups:

       1

 4 5

   10.0.14.4 from 10.0.14.4 (4.4.4.4)

     Origin IGP, metric 100, localpref 100, valid, external

 23 5

   10.0.12.2 from 10.0.12.2 (2.2.2.2)

     Origin IGP, metric 200, localpref 100, valid, external, best

 23 5

   10.0.13.3 from 10.0.13.3 (3.3.3.3)

     Origin IGP, metric 300, localpref 100, valid, external

and still R2 is preferred. Now to change this behavior we need to make R1 compare between routes from different autonomous systems, this can be done by the command bgp always-compare-med

the way it works is as mentioned before, BGP scans prefixes from the top down, so it will compare between the routes from R4 and R2, and the best of them will compete with the oldest route

R1(config-router)#bgp always-compare-med

R1#clear ip bgp *

*Mar  1 00:25:19.759: %BGP-5-ADJCHANGE: neighbor 10.0.12.2 Down User reset

*Mar  1 00:25:19.763: %BGP-5-ADJCHANGE: neighbor 10.0.13.3 Down User reset

*Mar  1 00:25:19.767: %BGP-5-ADJCHANGE: neighbor 10.0.14.4 Down User reset

*Mar  1 00:25:20.531: %BGP-5-ADJCHANGE: neighbor 10.0.12.2 Up

*Mar  1 00:25:20.783: %BGP-5-ADJCHANGE: neighbor 10.0.13.3 Up

*Mar  1 00:25:20.951: %BGP-5-ADJCHANGE: neighbor 10.0.14.4 Up

R1#show ip bgp 5.5.5.5

BGP routing table entry for 5.5.5.5/32, version 2

Paths: (3 available, best #1, table Default-IP-Routing-Table)

Flag: 0x820

 Advertised to update-groups:

       1

 4 5

   10.0.14.4 from 10.0.14.4 (4.4.4.4)

     Origin IGP, metric 100, localpref 100, valid, external, best

 23 5

   10.0.13.3 from 10.0.13.3 (3.3.3.3)

     Origin IGP, metric 300, localpref 100, valid, external

 23 5

   10.0.12.2 from 10.0.12.2 (2.2.2.2)

     Origin IGP, metric 200, localpref 100, valid, external

and now, even though R4 is the newest route and not from the same AS as R2 and R3, this time R4 MED is included in the path selection.

now let’s remove bgp always-compare-med  and talk about bgp deterministic-med

deterministic med will group prefix from the same ASs together in the BGP table, regardless of the way it received them, and start comparing prefixes inside each group, and the best of group will compete with the best of other groups.

The reason to do this is that eliminated the arbitrary behavior of the the oldest route being the best from routes of the same AS

R1(config)#router bgp 1

R1(config-router)#no bgp always-compare-med

R1#clear ip bgp *

*Mar  1 00:42:35.435: %BGP-5-ADJCHANGE: neighbor 10.0.12.2 Down User reset

*Mar  1 00:42:35.439: %BGP-5-ADJCHANGE: neighbor 10.0.13.3 Down User reset

*Mar  1 00:42:35.443: %BGP-5-ADJCHANGE: neighbor 10.0.14.4 Down User reset

*Mar  1 00:42:36.107: %BGP-5-ADJCHANGE: neighbor 10.0.12.2 Up

*Mar  1 00:42:36.739: %BGP-5-ADJCHANGE: neighbor 10.0.13.3 Up

*Mar  1 00:42:37.167: %BGP-5-ADJCHANGE: neighbor 10.0.14.4 Up

R1#show ip bgp 5.5.5.5

BGP routing table entry for 5.5.5.5/32, version 6

Paths: (3 available, best #3, table Default-IP-Routing-Table)

Flag: 0x4860

 Advertised to update-groups:

       1

 23 5

   10.0.12.2 from 10.0.12.2 (2.2.2.2)

     Origin IGP, metric 200, localpref 100, valid, external

 4 5

   10.0.14.4 from 10.0.14.4 (4.4.4.4)

     Origin IGP, metric 100, localpref 100, valid, external

 23 5

   10.0.13.3 from 10.0.13.3 (3.3.3.3)

     Origin IGP, metric 300, localpref 100, valid, external, best

after removing the always compare med and clearing all sessions, R1 just preferred the oldest route.

now let’s enable bgp deterministic-med

R1(config)#router bgp 1

R1(config-router)#bgp deterministic-med

R1(config-router)#end

R1#show ip bgp 5.5.5.5

BGP routing table entry for 5.5.5.5/32, version 9

Paths: (3 available, best #2, table Default-IP-Routing-Table)

Flag: 0x4840

 Advertised to update-groups:

       1

 4 5

   10.0.14.4 from 10.0.14.4 (4.4.4.4)

     Origin IGP, metric 100, localpref 100, valid, external

 23 5

   10.0.12.2 from 10.0.12.2 (2.2.2.2)

     Origin IGP, metric 200, localpref 100, valid, external, best

 23 5

   10.0.13.3 from 10.0.13.3 (3.3.3.3)

     Origin IGP, metric 300, localpref 100, valid, external

you can see that right after we issued the command, routes from R2 is now the preferred exit for 5.5.5.5, this eliminates R1 preferring routes based on their age

now finally, let’s enable bgp always-compare-bed  with bgp deterministic-med

R1(config-router)#bgp always-compare-med

R1#clear ip bgp *

*Mar  1 00:56:55.059: %BGP-5-ADJCHANGE: neighbor 10.0.12.2 Down User reset

*Mar  1 00:56:55.067: %BGP-5-ADJCHANGE: neighbor 10.0.13.3 Down User reset

*Mar  1 00:56:55.071: %BGP-5-ADJCHANGE: neighbor 10.0.14.4 Down User reset

*Mar  1 00:56:55.447: %BGP-5-ADJCHANGE: neighbor 10.0.13.3 Up

*Mar  1 00:56:55.895: %BGP-5-ADJCHANGE: neighbor 10.0.12.2 Up

*Mar  1 00:56:56.099: %BGP-5-ADJCHANGE: neighbor 10.0.14.4 Up

R1#show ip bgp 5.5.5.5

BGP routing table entry for 5.5.5.5/32, version 2

Paths: (3 available, best #1, table Default-IP-Routing-Table)

Flag: 0x820

 Advertised to update-groups:

       1

 4 5

   10.0.14.4 from 10.0.14.4 (4.4.4.4)

     Origin IGP, metric 100, localpref 100, valid, external, best

 23 5

   10.0.12.2 from 10.0.12.2 (2.2.2.2)

     Origin IGP, metric 200, localpref 100, valid, external

 23 5

   10.0.13.3 from 10.0.13.3 (3.3.3.3)

     Origin IGP, metric 300, localpref 100, valid, external

since we have deterministic MED enabled along with always compare MED , routes from group one ( which contains R4 only) is compared, and the best, which is R4 is compared to the best of group 2 which contains R2 and R3. Obviously the winner will be R4 due to the lower MED

a few things to note before closing this post, Cisco recommends enabling deterministic MED in BGP deployments to eliminate any “randomness” when it comes to routers choosing the best path.

always compare MED needs and agreement between your domain and the other different service providers, if you’re hooked up to two service providers and ISP-A for example decided to send you a lower MED, all traffic will be directed to ISP-A even though ISP-B might be the better one for you.

hopefully this cleared a little bit the difference between those two commands