Re: When BGP is down, how do i connect with a different PE router inside the MPLS.

Deepthi · ‎08-10-2018

Hi Team,

I am sorry if my question doesnt make much sense. We have this requirement at my work.

We have 5 locations connected via MPLS network. So, if the BGP is down at one location, i would like to know any backup technique to connect the location back to the MPLS network (a different PE router) via a different path (maybe VPN) through our regular internet gateway available at the location.

I am being clueless on how to do it, and i would be really thankful for all your suggestions.

Thanks a lot.

mwhitlow · ‎08-10-2018

Deepthi,

Hello. When you setup an MPLS BGP environment you have to have what's called an underlying IGP. In other words, a routing protocol that meshes your environment together so that all routers can reach each other without BGP. BGP is nothing more than a TCP protocol like http, ssh, etc. In order for routes to be exchanged between two BGP hosts there has to be valid routing already in place with something other than BGP. ISIS, OSPF, or even static routes in a smaller environment would all be valid ways to accomplish this.

Hopefully I understood your question correctly. My apologies if I did not.

M. Whitlow

Deepthi · ‎08-10-2018

Hi Whitlow,

Thank you very much for the response.

At 4 of the locations, we are using Static routes to advertise our network and at one location we have OSPF redistributing the routes. So, this is what i have in mind... we have internet gateways on all the locations, and so i was thinking of building a s2s tunnel from my fortigate firewall to a different PE router of the MPLS ISP and monitor the MPLS primary connection using IPSLA. So, this is just a thought.. but am not sure how far it is correct. Please do correct me if am wrong.

Thank you.

Deepthi

Collin Clark · ‎08-10-2018

Yes you can do that. You can use a floating static route.
https://www.youtube.com/watch?v=XL3oJUNs3uc

Deepthi · ‎08-10-2018

Hi Collin,

Thank you very much, i will check the link you shared.

Reza Sharifi · ‎08-10-2018

Hi,

If the same device/router that is connected to the MPLS network has Internet access, you can build an IPsec tunnel as a backup so, when BGP goes down you have a second route to the same destination. If the router that is connected to the MPLS network does not have Internet access then you would need to build an IPsec tunnel from your internet gateway. The second option is more complicated.

HTH

Deepthi · ‎08-10-2018

Hi Reza,

I have the complicated situation. :)

My ISR does not have an internet gateway.

LAN -> Core Switch -> Fortigate -> ISR(MPLS -> MPLS cloud

So, this is the path. the internet gateway is available on the fortigate. So, right now, i am pointing all my MPLS traffic towards the ISR from the fortigate.

Thank you.

Reza Sharifi · ‎08-10-2018

Hi,

So, Fortigate is the Internet gateway? What protocol do you use between the Fortigate, the WAN router (ISR) and the core switch?

HTH

Deepthi · ‎08-10-2018

hi,

No protocols. We are doing static routing.

Reza Sharifi · ‎08-10-2018

Ok, so you would have to build the VPN tunnel from the Fortigate to the destination and tune the metrics to make sure MPLS stays as primary and VPN as the backup.

HTH

Deepthi · ‎08-10-2018

Ok. I would try doing that. I have a spare Fortigate i can use for a lab. I will try and see. Thanks a lot for all your suggestions.

paul driver · ‎08-11-2018

Hello

From the Fortigate how many physical connections do you have towards their related ISP in each location?

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul