Primary MPLS/BGP and secondary Internet site to site vpn

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Primary MPLS/BGP and secondary Internet site to site vpn

L1 Bithead

I recently started a new job and they have their firewalls setup with two circuit connections. 

Primary is MPLS running BGP and secondary is internet with a Site to Site VPN and static routes pointing to this tunnel. 

I'm not aware of what has been set/configured to make the traffic choose the MPLS/BGP interface vs the Site to Site interface, in my mind since the tunnel has static routes pointing to it in the VR it would have precedence. I'm mainly curious for when I need to setup a new site, how to make sure it chooses the MPLS/BGP interface connection over the Site to Site tunnel interface. Thanks in advance.    

1 accepted solution

Accepted Solutions

Cyber Elite
Cyber Elite

Hello @C.Rowe724515

 

thanks for posting.

 

There are two things that come to my mind. Either BGP learned routes have smaller prefixes compared to what is configured with static routes or static routes are configured with higher administrative distance.

 

Could you go to: Network > Virtual Router > [VR name] > More Runtime Stats > Routing > Forwarding Table. Refer to destination column, then check subnet masks of routes from remote sites. If these routes have more specific subnet mask to what is configured in static routes, then BGP learned routes will take a precedence.

Regarding administrative distance, could you go to: Network > Virtual Router > [VR name] > Router Settings, then refer to Administrative Distances. If all prefixes have the same length, then a tie breaker will be the Administrative Distance (Lower value is preferred). In your case if BGP routes are in forwarding table, then static routes should have higher Administrative Distance value than BGP.

 

Kind Regards

Pavel

Help the community: Like helpful comments and mark solutions.

View solution in original post

2 REPLIES 2

Cyber Elite
Cyber Elite

Hello @C.Rowe724515

 

thanks for posting.

 

There are two things that come to my mind. Either BGP learned routes have smaller prefixes compared to what is configured with static routes or static routes are configured with higher administrative distance.

 

Could you go to: Network > Virtual Router > [VR name] > More Runtime Stats > Routing > Forwarding Table. Refer to destination column, then check subnet masks of routes from remote sites. If these routes have more specific subnet mask to what is configured in static routes, then BGP learned routes will take a precedence.

Regarding administrative distance, could you go to: Network > Virtual Router > [VR name] > Router Settings, then refer to Administrative Distances. If all prefixes have the same length, then a tie breaker will be the Administrative Distance (Lower value is preferred). In your case if BGP routes are in forwarding table, then static routes should have higher Administrative Distance value than BGP.

 

Kind Regards

Pavel

Help the community: Like helpful comments and mark solutions.

Thank you, after checking I do see that the routes in the forwarding table are more specific than the static routes which are all /16's. 

  • 1 accepted solution
  • 1622 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!