Need provider suggestions - BGP transit over GRE tunnel

William Herrin bill at
Fri Jan 28 11:05:09 CST 2011

On Fri, Jan 28, 2011 at 11:10 AM, Robert Johnson
<fasterfourier at> wrote:
> My organization is planning to become multihomed in the near future.
> Currently we have redundant (router and physical path) links to a
> single AS where we get our transit, and speak BGP to them using a
> private ASN. This configuration has not been meeting our reliability
> requirements, so we will be getting our own ASN from ARIN, and moving
> from PA to PI IP space.
> Our new provider will be used for backup purposes only. We would like
> to minimize the monthly cost of this connection; to do this, we are
> planning to use a VZ business FIOS connection with symmetrical
> bandwidth to establish a GRE tunnel to a datacenter somewhere, and
> bring up a BGP session over that tunnel. I'd like to know if there are
> providers that offer such a service on a regular basis, and if so, if
> anyone is doing this and has words of wisdom.

Hi Robert,

I use a similar technique myself and it works reasonably well. was willing to do it for me and gave me a quote as
well. Three pitfalls to watch out for:

1. A small portion of your traffic is going to wander in via the data
center link and down the GRE tunnel during normal operations. You can
tweak the announcement so that it isn't much, but it won't be zero

2. Make sure you originate the network announcement from your physical
location, not from the data center. In other words, no "network mask" in the "router bgp" section at the data
center. If the data center becomes disconnected from you, it should
drop the announcement.

3. You'll need a small block (/29) of PA addresses at the data center
to anchor the tunnel.

Bill Herrin

William D. Herrin ................ herrin at  bill at
3005 Crane Dr. ...................... Web: <>
Falls Church, VA 22042-3004

More information about the NANOG mailing list