I am sorry if my question doesnt make much sense. We have this requirement at my work.
We have 5 locations connected via MPLS network. So, if the BGP is down at one location, i would like to know any backup technique to connect the location back to the MPLS network (a different PE router) via a different path (maybe VPN) through our regular internet gateway available at the location.
I am being clueless on how to do it, and i would be really thankful for all your suggestions.
Thanks a lot.
Hello. When you setup an MPLS BGP environment you have to have what's called an underlying IGP. In other words, a routing protocol that meshes your environment together so that all routers can reach each other without BGP. BGP is nothing more than a TCP protocol like http, ssh, etc. In order for routes to be exchanged between two BGP hosts there has to be valid routing already in place with something other than BGP. ISIS, OSPF, or even static routes in a smaller environment would all be valid ways to accomplish this.
Hopefully I understood your question correctly. My apologies if I did not.
Thank you very much for the response.
At 4 of the locations, we are using Static routes to advertise our network and at one location we have OSPF redistributing the routes. So, this is what i have in mind... we have internet gateways on all the locations, and so i was thinking of building a s2s tunnel from my fortigate firewall to a different PE router of the MPLS ISP and monitor the MPLS primary connection using IPSLA. So, this is just a thought.. but am not sure how far it is correct. Please do correct me if am wrong.
If the same device/router that is connected to the MPLS network has Internet access, you can build an IPsec tunnel as a backup so, when BGP goes down you have a second route to the same destination. If the router that is connected to the MPLS network does not have Internet access then you would need to build an IPsec tunnel from your internet gateway. The second option is more complicated.
I have the complicated situation. :)
My ISR does not have an internet gateway.
LAN -> Core Switch -> Fortigate -> ISR(MPLS -> MPLS cloud
So, this is the path. the internet gateway is available on the fortigate. So, right now, i am pointing all my MPLS traffic towards the ISR from the fortigate.
So, Fortigate is the Internet gateway? What protocol do you use between the Fortigate, the WAN router (ISR) and the core switch?
Ok, so you would have to build the VPN tunnel from the Fortigate to the destination and tune the metrics to make sure MPLS stays as primary and VPN as the backup.
Ok. I would try doing that. I have a spare Fortigate i can use for a lab. I will try and see. Thanks a lot for all your suggestions.
From the Fortigate how many physical connections do you have towards their related ISP in each location?