05-31-2016 11:21 AM - edited 03-05-2019 04:07 AM
we have branch officec connected via MPLS Bgp . i need to connect these sites via bgp over ipsec/gre . and make MPLS primary and VPN back incase MPLS goes down..how to configure this.
i think static route poing to ISP for ipsec tunnel with higher AD will work out...any suggestions?
05-31-2016 01:32 PM
Yes, that will work. You could also run BGP over all paths.
06-01-2016 05:36 AM
Hi John & Philip. Thanks for the reply
here is my config
router bgp 65201
bgp router-id 10.38.65.83
bgp always-compare-med
bgp log-neighbor-changes
neighbor 10.16.65.62 remote-as 65201
neighbor 10.16.65.62 description Connected_to_core3850
neighbor 10.38.230.110 remote-as 65400 ( ipsec VPN)
neighbor 10.38.230.110 description vpn-to-xx
neighbor 10.208.88.197 remote-as 13979 (MPLS)
!
address-family ipv4
network 10.38.65.83 mask 255.255.255.255
neighbor 10.16.65.62 activate
neighbor 10.16.65.62 default-originate
neighbor 10.16.65.62 soft-reconfiguration inbound
neighbor 10.38.230.110 activate
neighbor 10.38.230.110 soft-reconfiguration inbound
neighbor 10.38.230.110 prefix-list spring_routes-out out
neighbor 10.38.230.110 route-map xx-4311_routes-in in
neighbor 10.208.88.197 activate
neighbor 10.208.88.197 soft-reconfiguration inbound
exit-address-family
!
ip nat inside source list nat_networks interface GigabitEthernet0/0/1 overload
ip forward-protocol nd
no ip http server
no ip http secure-server
ip tftp source-interface Loopback10
ip route 0.0.0.0 0.0.0.0 50.244.123.118
ip route 192.203.160.65 255.255.255.255 50.244.123.118 name xx-VP
06-01-2016 07:45 AM
You can add a BGP neighbour that runs over the GRE tunnel.
06-01-2016 08:14 AM
HI Philip..thanks.
would this works
ip route 0.0.0.0 0.0.0.0 tunnel 150 10.38.230.109 10 name backup
06-01-2016 08:37 AM
There is not enough config relating to the tunnels and Internet connection to confirm this.
06-01-2016 08:37 AM
HI philip
now we have moved the MPLS to core switch...for best possible way
router bgp 65201
bgp router-id 10.38.65.80
bgp log-neighbor-changes
neighbor 192.x.x.xremote-as 65201
neighbor 192.x.x.x description vpn-rtr (VPN )
neighbor 10.208.88.197 remote-as 1xxx (MPLS)
!
address-family ipv4
redistribute connected
neighbor 10.16.65.61 activate
neighbor 10.16.65.61 next-hop-self
neighbor 10.16.65.61 soft-reconfiguration inbound
neighbor 10.16.65.61 prefix-list spring_routes-out out
neighbor 10.208.88.197 activate
neighbor 10.208.88.197 soft-reconfiguration inbound
For failover i added a routemap ,but ia not sure if this works
route-map s_routes-out permit 15
set as-path prepend 65201
neighbor 10.208.88.197 route-map spring_routes-out in (MPLS)
neighbor 10.208.88.197 route-map spring_routes-out out
05-31-2016 09:06 PM
hi,
use IP SLA and tracking.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide