Showing results for 
Search instead for 
Did you mean: 


Hi Everyone


I am giving some thought for implementing iBGP as a PE-CE routing protocol, with an IOS-XR platform acting as the PE. With all the configuration guides on the XRs, eBGP is mentioned as the standard. However, as the below link shows, iBGP is supported on IOS and IOS-XE platforms. Specificially, the below link of the technote shows an IOS implementation


and this link shows an XE-guide.


Interestingly, in those links, the following note is mentioned:

" If the PE does not have the neighbor <internal-CE> internal-vpn-client command for the CE neighbor, it does not propagate the prefixes from the CE towards the SP RRs/PE routers.".


We have noticed that the "internal-vpn-client" feature is present on IOS-XR6.2.x. However, is the presence of this command vital for the success of the scenario? What is the behaviour in the background of this command? Is there a chance that, if this option is not available, iBGP between PE and CE would fail in the future?


What is Cisco's stance on this, specifically as the command is available in the reference, but no mention of an ibgp PE-CE in command guides?





Hi Hisham,
have you found any documentation  ? We are facing to the same issue - command on CLI, but no IOS-XR specific Documentation.
I tried to configre it im my lab (ASR9000 as PE using this iBGP-PE-CE "internal-VPN-client command" and ASR900 / ASR920 also PEs)
All PEs have my routes with an ATTR-SET in the BGP VPNv4 Table (valid, best...) - but...
ASR9000 do not import this routes to the VRF Routing Table

ASR920 (IOS-XE) do import this routes to the VRF Routing Table


Seems there is something miising .... 
Any Ideas??




Hi Holder,


I am using CSR1000v in my lab setup and stuck at the same issue. I have seen VPNv4 routes as ATTR_SET community but the routes are not dumping into CE router. If you share your inputs/configuration much appreciated.

Adam Vitkovsky

Hi gents,

I was always wondering what is your use-case for iBGP to CE please? I actually can’t think of a good reason.






it's not a typical SP Setup in our case, it's a large Enterprise Network. 
We running a (new) MPLS WAN Network to connect all our sites (>100). 
some of the (central sites) running redundant Services for several VRFs (as VRF-lite with BGP inside the site, let's call it Campus Networks...).

Inside this Networks different BGP Policies are already used (to simplify the example: "local pref" 100 for site A and 150 for Site B)

case 1 - using eBGP for PE-CE:

e.g. AS 65001 for "Campus Networks" (all of them due to the old WAN Setup) and AS65111 for MPLS-WAN (new): works, but you have to implement featurs like AS-override (same "Campus" AS at all sites) and BGP policies to "translate" the "local-pref" to a community or have other policies on many/all PEs to choose your "prefered central Site" for a Service

case 2 - using iBGP for PE-CE:

all "Campus BGP" Attributes are automaticaly transported as ATTR_SET to all sites. No Special policies on PE needed, no AS-override, same redudancy behavior as in the "old WAN", no Policy changes on PE if the Service-Network (Campus) Admins - different Team - Need/want to Change the preferd site fo a service


Works fine with IOS-XE and IOS-XR (but we hitting a Bug in 6.2.2. / 6.2.3 - it's solved with TAC in the meantime)




Content for Community-Ad