Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

MPLS VPN / BGP Failover Solution

Internet

|

C21

|

|----------|-----------|

CER6------------------CER19

| |

PER4---PR2----PR16----PER17

Iam preapring for MPLS exam and i am trying to implement MPLS VPN in the lab environement..

CER6 & CER19 are customer HQ sites has default route to C21 (Ethernet) . all the clients connects to MPSL vpn and follow default route. I am trying to provide redundancy or failover to all the clients so if CER6 goes down CER19 should inject default route in the mpls network.

CER6 connects to PE4 and CER19 connects to PER17

So if link between PE4 to CER6 fails PER17 should advertise default route..but unfortunatly it's not working.. not sure why.. any idea why ? can someone plz advise..i amnot with BGP config and i think it's BGP config issue but not 100% sure about this..

please find atteched configs..

1 ACCEPTED SOLUTION

Accepted Solutions

Re: MPLS VPN / BGP Failover Solution

Hello,

can you try this configuration:

PER4

router bgp 4701

address-family ipv4 vrf cust-b

redistribute connected

neighbor 10.1.1.2 remote-as 64550

neighbor 10.1.1.2 activate

neighbor 10.1.1.2 as-override

neighbor 10.1.1.2 soft-reconfiguration inbound

no auto-summary

no synchronization

exit-address-family

CER6_Cust_B

router bgp 64550

no synchronization

bgp log-neighbor-changes

network 10.1.1.0 mask 255.255.255.252

redistribute connected route-map no-loopback

neighbor 10.1.1.1 remote-as 4701

neighbor 10.1.1.1 default-originate

neighbor 200.1.1.1 remote-as 64550

neighbor 200.1.1.1 update-source Ethernet1/0

no auto-summary

PER17

router bgp 4701

address-family ipv4 vrf cust-b

redistribute connected

redistribute static

neighbor 10.1.1.14 remote-as 64550

neighbor 10.1.1.14 activate

neighbor 10.1.1.14 as-override

neighbor 10.1.1.14 soft-reconfiguration inbound

neighbor 10.1.1.14 route-map set_loc_pref in

no auto-summary

no synchronization

exit-address-family

!

!

access-list 1 permit 192.168.1.0 0.0.0.255

access-list 1 permit 0.0.0.0 0.0.0.0

!

route-map set_loc_pref permit 10

match ip address 1

set local-preference 50

!

CER19_Cust_B

!

router bgp 64550

no synchronization

bgp log-neighbor-changes

network 10.1.1.12 mask 255.255.255.252

redistribute connected

neighbor 10.1.1.13 remote-as 4701

neighbor 10.1.1.13 default-originate

neighbor 200.1.1.1 remote-as 64550

neighbor 200.1.1.1 update-source Ethernet1/0

no auto-summary

!

Hope this helps! Please rate all posts.

Regards, Martin

9 REPLIES
Purple

Re: MPLS VPN / BGP Failover Solution

Hi,

There are a couple of issues I see with your config that need to be fixed up

- you should only need the 'neighbor x.x.x.x defualt-originate' command on your CEs. So remove it from your PEs.

- it does not make sense to modify parameters such as weight and local-preference on prefixes sent between your PE and CE so you should remove that too.

List of changes:

- remove ' neighbor 10.1.1.2 default-originate route-map weight' from PER4

- add 'default-information originate' under 'address-family ipv4 vrf cust-b' on PER4

- - remove ' neighbor 10.1.1.14 default-originate route-map weight' from PER17

- add 'default-information originate' under 'address-family ipv4 vrf cust-b' on PER17

- remove ' neighbor 10.1.1.13 route-map loc_pref out' from CER19

Try those out for a start and see how you go.

Paresh

New Member

Re: MPLS VPN / BGP Failover Solution

Still no joy..

Once agian i am uploding my updated config. I will appriciate if someone can tell me what am i doing wrong here? and what should i do to resolve this issue ?

Rits

Bronze

Re: MPLS VPN / BGP Failover Solution

i havent read your configs yet mate as i am eating my dinner just now ;-). BUT have you read up on bgp conditional advertisement? i.e. only advertise X if Y no longer exists.

Re: MPLS VPN / BGP Failover Solution

Hello,

can you try this configuration:

PER4

router bgp 4701

address-family ipv4 vrf cust-b

redistribute connected

neighbor 10.1.1.2 remote-as 64550

neighbor 10.1.1.2 activate

neighbor 10.1.1.2 as-override

neighbor 10.1.1.2 soft-reconfiguration inbound

no auto-summary

no synchronization

exit-address-family

CER6_Cust_B

router bgp 64550

no synchronization

bgp log-neighbor-changes

network 10.1.1.0 mask 255.255.255.252

redistribute connected route-map no-loopback

neighbor 10.1.1.1 remote-as 4701

neighbor 10.1.1.1 default-originate

neighbor 200.1.1.1 remote-as 64550

neighbor 200.1.1.1 update-source Ethernet1/0

no auto-summary

PER17

router bgp 4701

address-family ipv4 vrf cust-b

redistribute connected

redistribute static

neighbor 10.1.1.14 remote-as 64550

neighbor 10.1.1.14 activate

neighbor 10.1.1.14 as-override

neighbor 10.1.1.14 soft-reconfiguration inbound

neighbor 10.1.1.14 route-map set_loc_pref in

no auto-summary

no synchronization

exit-address-family

!

!

access-list 1 permit 192.168.1.0 0.0.0.255

access-list 1 permit 0.0.0.0 0.0.0.0

!

route-map set_loc_pref permit 10

match ip address 1

set local-preference 50

!

CER19_Cust_B

!

router bgp 64550

no synchronization

bgp log-neighbor-changes

network 10.1.1.12 mask 255.255.255.252

redistribute connected

neighbor 10.1.1.13 remote-as 4701

neighbor 10.1.1.13 default-originate

neighbor 200.1.1.1 remote-as 64550

neighbor 200.1.1.1 update-source Ethernet1/0

no auto-summary

!

Hope this helps! Please rate all posts.

Regards, Martin

Bronze

Re: MPLS VPN / BGP Failover Solution

hey guys, out of all of these configs there seems to be the static default to null0 missing. Unless i am missing it it really is needed. I see the redistribute static in martins configs but cant see the actual static route. What martin has done in the last post is exactly correct. When doing default-originate it is better to do the null0 static, then redist static then do neighbor x.x.x.x default blah. Rather than the default originiate in global mode.

Re: MPLS VPN / BGP Failover Solution

Hello Rob,

I would think the static default route to Null0 in this case is not advisable, because this would only work on a router with the full Internet table. Both CE routers do not have it, so the static default to Null0 would really be the one used and this would discard all packets towards the internet.

The two options are:

a) static defaults to the internet gateway

b) internet gateway inserting default route into IGP or BGP (of course with proper filters then).

Hope this helps! Please rate all posts.

Regards, Martin

New Member

Re: MPLS VPN / BGP Failover Solution

Thanks Martin..i guess i was making some silly mistakes here i knew i haev to apply local Pref somewhere but wasn't confident enough. But that's great you have solved my prob..

romccallum - I am not sure wht you want me to do here but the reason why i have redistribute static on PER17 bcz i have got one more site of same customer connected to PER17 and that site is using static route which i am redistributing.

I have one more question on my CE routers CER6_Cust_B & CER19_Cust_B i have static default route pointing it to Ethernet in of Internet router..do i need this route or not ? bcz the moment i remove this route i lose my default route (which is correct.) or should i inject default route on my internet router wht could be most scalable solution in this situation? The reason behind my question is if you notice vrf routing table of cust-b you will see entry for “B 200.1.1.0/24 [20/0] via 10.1.1.2, 00:42:37” and I want to know in case of design issue is this good practice or not?

PER4#sh ip route vrf cust-b

Routing Table: cust-b

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is 10.1.1.2 to network 0.0.0.0

B 200.1.1.0/24 [20/0] via 10.1.1.2, 00:42:37

10.0.0.0/30 is subnetted, 4 subnets

B 10.1.1.8 [200/0] via 150.100.0.17, 00:46:22

B 10.1.1.12 [200/0] via 150.100.0.17, 01:18:39

C 10.1.1.0 is directly connected, Serial2/0

B 10.1.1.4 [200/0] via 150.100.0.12, 01:01:21

B 192.168.1.0/24 [20/0] via 10.1.1.2, 00:42:37

B 192.168.2.0/24 [200/0] via 150.100.0.12, 01:01:06

B 192.168.3.0/24 [200/0] via 150.100.0.17, 00:46:01

B* 0.0.0.0/0 [20/0] via 10.1.1.2, 00:42:37

PER4#

Thanks for your help guys I really appreciate and I have learned a lot from cisco forum

New Member

Re: MPLS VPN / BGP Failover Solution

M PER4---CER6-----------|

P PER2 | |

L | |-HSRP-|LAN| |----|Internet|

S PR16 | |

PER17---CER19----------|

Also I have noticed when I disconnect or shutdown my Ethernet 1/0 which connects to Internet router I can’t able to reach internet router from other sites as route BGP route “B 200.1.1.0/24 [20/0] via 10.1.1.2, 00:42:37” disappears from the routing table however I can still ping internet router from CER19 but CER19 doesn’t inject this route to MPLS VPN. I don’t think I need HSRP here as I am running BGP … 200.1.1.0/24 is 3rd party route (Internet router received from Internet service provider) and I guess it’s not good solution to inject 3rd party routes in to MPLS VPN? Or should I amend my access list on PER17 and add 200.1.1.0 network in the access list so it will get local preference of 50 so by this way I will have alternate route?

plz answer my questions..as your contribution is great help to me

Re: MPLS VPN / BGP Failover Solution

Hello,

I would suggest in your environment to inject the default from the internet gateway through an IGP (RIP, OSPF, EIGRP). It could look like this:

InternetGW:

interface Ethernet0

description to CE routers

ip address 10.100.1.1 255.255.255.0

router ospf 10

network 10.100.1.1 0.0.0.0 area 1

default information originate

ip route 0.0.0.0 0.0.0.0 Null0

CER19

interface Ethernet0

description to internetGW

ip address 10.100.1.19 255.255.255.0

router ospf 10

network 10.100.1.19 0.0.0.0 area 1

and the other CER accordingly. The advantage is, that you can detect a problem in the ethernet switch, i.e. connectivity between your CER and InternetGW router.

Then I would modify the CER BGP config like:

router bgp 65000

network 0.0.0.0

no neighbor 10.1.1.1 default-originate

The latter config would only announce a default route through BGP, when a default route (from InetGW) is present in the IP routing table.

Regarding 200.1.1.0/24: I would not do it, because the default should be sufficient to reach this network. General rule: announce it only if you really need it or you own it.

Hope this helps! Please rate all posts.

Regards, Martin

424
Views
0
Helpful
9
Replies