BGP L3VPN and Backdoor

JoseBejarano

Hi all,

You are providing L3VPN Services and PE-CE protocol is BGP. CE are using private AS number and as-override is configured. Customer is using some backdor p-t-p links. How to be sure no routing loop is formed without using communities ( i.e. soo ) ?

Thanks,
Jose

JoseBejarano

Ok, solved using Site of Origin communities, it didnt work at the begining but configuring within VRF like
Route Origin for VPNs - JUNOS 9.5 VPNs Configuration Guide

Cheers anyway,
Jose

IOS2JUNOS

JoseBejarano wrote: »

Ok, solved using Site of Origin communities, it didnt work at the begining but configuring within VRF like
Route Origin for VPNs - JUNOS 9.5 VPNs Configuration Guide

Cheers anyway,
Jose

is there any other way to do this without using BGP communities?

JoseBejarano

Hi,

Just using extended community Site of Origin should work. Other solution may be tagging prefixes and using export/import policy under BGP protocol routing-instances. I didnt lab up this option...

Jose

IOS2JUNOS

I get the solution using SOO but unclear on the scenarios. Will the customer be using the backdoor link as the primary path between two CEs and if the backdoor links goes down then use VPN link? If you filter these routes on the PE, what happens if the backdoor link is down...how would the CEs learn these routes..

Sett

I think you can achieve same result if you configure higher local-preference on PE-1 for the prefixes that belong to CE-2 and are learned vie PE-2. You should mirror it on PE-2 as well. Then the PEs will advertise the routes to CEs which will have two paths for the remote prefixes (via the MPLS cloud and via the direct peering), you can setup higher preference for the PE neighbour and they will follow this route while keeping the backup routes in their BGP tables.
Solution with communities is better though