Two sites have their own link to the Internet from a common supplier and each share a common VRF within an MPLS VPN network. Is there any restriction in the customer running BGP on their CE routers to maintain an iBGP session across the MPLS network to act as backup for Internet connectivity?
Effectively the MPLS network does not need to carry customer routes; only those prefixes necessary to maintain the iBGP session between CEs.
Well, the MPLS VPN can be seen as a single router connecting the two customer sites. And with a BGP setup, where there is a non BGP router (no full internet routing table) between two BGP speakers you run into a problem called "black hole". Basically the BGP session between the two CE is just IP traffic to the MPLS VPN and thus can be established. But IP packet forwarding will not work, as long as the PE performing IP lookup in the VRF does not have the BGP internet table.
Typically the MPLS provider will not allow the insertion of the full BGP table into the VRF for scalability reasons. So creating a default route by the CEs would be the only option. In this case the iBGP session will not be too useful.
That's helpful, thanks! I can see that the PE would blackhole the traffic if the VRF contained only the prefixes associated with CE-PE links.
Is a potential solution to use an IGP between CE and PE and advertise defaults and the site-specifics and manipulate the BGP advertisements to the common ISP based on the presence, or otherwise, of these IGP routes.
From a design perspective you could treat the MPLS VPN as a single router only running IGP. Thus you would use default routes created by the BGP speakers.
If there is no iBGP session, the two CE routers act as independant standalone internet access routers.
Basically a default route in each CE pointing to the SP router would be sufficient. in your IGP internet access would be based on the IGP metric of the default route.
In case you need protection against BGP issues in one SP BGP peer and you will need an iBGP session between the two CEs. The easiest solution would probably be a GRE tunnel between them to avoid the blackholing of traffic by the PE.
Be aware that the announced networks in the CE should depend on internal reachability. Without further details about your official addresses, topology and your peering contract it is hard to give a definite answer on what should be done.
This document is an early notification of a behaviour change that will be introduced in IOS XR release 6.5.
IOS XR configuration principles relevant for this article are:
On router platforms all interfaces must be by defaul...
With XR 4.2.0 the ASR9000 is releasing a new line of hardware models. This amongst others is the RSP440, the next generation RSP with faster switch fabric along with Typhoon based Linecards, the next generation network processor.
The Cisco EPN system incorporates a network architecture designed to consolidate multiples services on a single Multiprotocol Label Switching (MPLS) transport network. This network is designed primarily based on Application ...