08-10-2018 09:03 AM - edited 03-08-2019 03:52 PM
Hi Team,
I am sorry if my question doesnt make much sense. We have this requirement at my work.
We have 5 locations connected via MPLS network. So, if the BGP is down at one location, i would like to know any backup technique to connect the location back to the MPLS network (a different PE router) via a different path (maybe VPN) through our regular internet gateway available at the location.
I am being clueless on how to do it, and i would be really thankful for all your suggestions.
Thanks a lot.
08-10-2018 09:17 AM - edited 08-10-2018 09:18 AM
Deepthi,
Hello. When you setup an MPLS BGP environment you have to have what's called an underlying IGP. In other words, a routing protocol that meshes your environment together so that all routers can reach each other without BGP. BGP is nothing more than a TCP protocol like http, ssh, etc. In order for routes to be exchanged between two BGP hosts there has to be valid routing already in place with something other than BGP. ISIS, OSPF, or even static routes in a smaller environment would all be valid ways to accomplish this.
Hopefully I understood your question correctly. My apologies if I did not.
M. Whitlow
08-10-2018 09:27 AM
Hi Whitlow,
Thank you very much for the response.
At 4 of the locations, we are using Static routes to advertise our network and at one location we have OSPF redistributing the routes. So, this is what i have in mind... we have internet gateways on all the locations, and so i was thinking of building a s2s tunnel from my fortigate firewall to a different PE router of the MPLS ISP and monitor the MPLS primary connection using IPSLA. So, this is just a thought.. but am not sure how far it is correct. Please do correct me if am wrong.
Thank you.
Deepthi
08-10-2018 09:36 AM
08-10-2018 09:42 AM
Hi Collin,
Thank you very much, i will check the link you shared.
08-10-2018 11:11 AM
Hi,
If the same device/router that is connected to the MPLS network has Internet access, you can build an IPsec tunnel as a backup so, when BGP goes down you have a second route to the same destination. If the router that is connected to the MPLS network does not have Internet access then you would need to build an IPsec tunnel from your internet gateway. The second option is more complicated.
HTH
08-10-2018 11:20 AM
Hi Reza,
I have the complicated situation. :)
My ISR does not have an internet gateway.
LAN -> Core Switch -> Fortigate -> ISR(MPLS -> MPLS cloud
So, this is the path. the internet gateway is available on the fortigate. So, right now, i am pointing all my MPLS traffic towards the ISR from the fortigate.
Thank you.
08-10-2018 11:24 AM
Hi,
So, Fortigate is the Internet gateway? What protocol do you use between the Fortigate, the WAN router (ISR) and the core switch?
HTH
08-10-2018 11:27 AM
hi,
No protocols. We are doing static routing.
08-10-2018 01:28 PM
Ok, so you would have to build the VPN tunnel from the Fortigate to the destination and tune the metrics to make sure MPLS stays as primary and VPN as the backup.
HTH
08-10-2018 01:30 PM
Ok. I would try doing that. I have a spare Fortigate i can use for a lab. I will try and see. Thanks a lot for all your suggestions.
08-11-2018 12:16 AM
Hello
From the Fortigate how many physical connections do you have towards their related ISP in each location?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide