Redundant Routes, BGP with MPLS provider

William Herrin bill at
Fri Aug 31 15:49:52 UTC 2012

On Thu, Aug 30, 2012 at 2:17 PM, Tribble, Wesley
<WTribble at> wrote:
> What is the best method to Instruct the provider's
>network to prefer the Primary Data Center routes
>over the DR site?  Keep in mind that I am only
>peering with the provider over BGP and I have no
>visibility to the underlying MPLS architecture or

Hi Wesley,

For an Internet-based system, here's how you would do it. The private
MPLS-based network you describe won't be quite the same but it'll be

* Announce with a AS path length from the DR site that has at least 3
prepends. Get your own RIR-assigned AS number for this; you can use
private AS numbers but this will eventually confuse someone debugging
a connectivity problem.

* Local pref the accepted routes to prefer the primary site.

* At least two ISPs at the primary site.

* At the DR site, the usually single ISP should be the same as one of
the ISPs at the primary site. That way when there's trouble talking to
the two sites there's only one vendor to blame and it's the one you
pay directly. It also means the GRE tunnel traffic between sites tends
to stay on a single carrier.

* GRE tunnels between the sites running IBGP. One GRE tunnel for each
pair of Internet connections. Despite your best efforts you'll get a
trickle of traffic into the DR site during normal operation of the
primary. You'll want to send it back to the primary site and that
should all happen outside the firewall.

* In addition to your BGP announced addresses, get a small bank of IP
addresses from each ISP for each Internet connection at each site. I
usually ask for a /28 but a /29 is normally adequate. You'll need
these to anchor your GRE tunnels and management functions.

Bill Herrin

William D. Herrin ................ herrin at  bill at
3005 Crane Dr. ...................... Web: <>
Falls Church, VA 22042-3004

More information about the NANOG mailing list