Cisco Support Community

MPLS backup link with BGP on CE Router

Two sites have their own link to the Internet from a common supplier and each share a common VRF within an MPLS VPN network. Is there any restriction in the customer running BGP on their CE routers to maintain an iBGP session across the MPLS network to act as backup for Internet connectivity?

Effectively the MPLS network does not need to carry customer routes; only those prefixes necessary to maintain the iBGP session between CEs.


Re: MPLS backup link with BGP on CE Router


Well, the MPLS VPN can be seen as a single router connecting the two customer sites. And with a BGP setup, where there is a non BGP router (no full internet routing table) between two BGP speakers you run into a problem called "black hole". Basically the BGP session between the two CE is just IP traffic to the MPLS VPN and thus can be established. But IP packet forwarding will not work, as long as the PE performing IP lookup in the VRF does not have the BGP internet table.

Typically the MPLS provider will not allow the insertion of the full BGP table into the VRF for scalability reasons. So creating a default route by the CEs would be the only option. In this case the iBGP session will not be too useful.

Hope this helps! Please rate all posts.

Regards, Martin


Re: MPLS backup link with BGP on CE Router

That's helpful, thanks! I can see that the PE would blackhole the traffic if the VRF contained only the prefixes associated with CE-PE links.

Is a potential solution to use an IGP between CE and PE and advertise defaults and the site-specifics and manipulate the BGP advertisements to the common ISP based on the presence, or otherwise, of these IGP routes.

Re: MPLS backup link with BGP on CE Router

From a design perspective you could treat the MPLS VPN as a single router only running IGP. Thus you would use default routes created by the BGP speakers.

If there is no iBGP session, the two CE routers act as independant standalone internet access routers.

Basically a default route in each CE pointing to the SP router would be sufficient. in your IGP internet access would be based on the IGP metric of the default route.

In case you need protection against BGP issues in one SP BGP peer and you will need an iBGP session between the two CEs. The easiest solution would probably be a GRE tunnel between them to avoid the blackholing of traffic by the PE.

Be aware that the announced networks in the CE should depend on internal reachability. Without further details about your official addresses, topology and your peering contract it is hard to give a definite answer on what should be done.

Hope this helps! Please rate all posts.

Regards, Martin

CreatePlease to create content