Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
318
Views
0
Helpful
5
Replies

VPN and BGP selection

hamza3244
Level 1
Level 1

‎09-18-2014 10:12 PM - edited ‎03-04-2019 11:47 PM

I have two routers connected to each other via an eBGP protocol. 

They are also connected by IPSec/GRE ,

I want that IPSec/GRE link to be only used when the eBGP link breaks down.

So under normal circumstances only eBGP should be used.

Thanks

Can someone advice me please?

Labels:
0 Helpful
5 Replies 5

Collin Clark
VIP Alumni
VIP Alumni

‎09-20-2014 10:35 AM

IPSec and GRE are dependant on eBGP for transport right?? A diagram and more info will certainly help.
0 Helpful

Joseph Nelson
Level 1
Level 1

‎09-20-2014 02:11 PM

Definitely need to see a topology on this one. Too many ways this could work or not work.

@Colin_Clark, GRE/IPSec tunnel are not exclusive to eBGP. If the GRE tunnel destination is not known via the eBGP peer, there is no dependency. You can easily imagine how this is possible:

  • Suppose Datacenter1 and Datacenter2 are connected via a L2 WAN service ( say VPLS)
  • Say this is expensive so the OP doesn't want to get to of these. Instead, they have a 100Mbps internet link..they leverage IPSEC/GRE viat the Internet link as intra-datacenter back up link

Then the two routers have an eBGP session. And the tunnel destinations for the GRE tunnel use the back internet link. If this is the OPs setup ( and the eBGP session is established using loopback addresses on the routers), then there is no problem--but I'm not going to bother guessing at what the OPs network is like.

0 Helpful

Collin Clark
VIP Alumni
VIP Alumni
In response to Joseph Nelson

‎09-20-2014 04:44 PM

Well aware they are not dependent on each other but from the OP description, it very well could be. Some sort of routing will be needed in the transport of the GRE tunnel interfaces, I'm asking if it's eBGP.

0 Helpful

Joseph Nelson
Level 1
Level 1
In response to Collin Clark

‎09-21-2014 05:14 PM

@Collin_Clark,

 

Apologies, I misread your original reply. I thought you were making an affirmative statement and not asking a question.

0 Helpful

Akash Agrawal
Cisco Employee
Cisco Employee

‎09-20-2014 08:59 PM

Hi,

 

In case of BGP failure, how are you pushing traffic over GRE tunnel. Are you running any igp/bgp protocol over GRE tunnel. If it is other than BGP, AD value of that would be lesser than eBGP(AD 20). So when eBGP will fail, route from other routing protocol will get installed. If it is BGP only, you need to play with BGP attribute (like local preference) to prefer one over other.

 

Regards,

Akash

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card