BGP‎ > ‎

PE-CE Link Protection

In the give depicted picture, BGP is configured as PE-CE routing protocol and to serve redundancy, CE is connected with another PE. PE1 and PE3 is configured as  pure provider edge router and PE3 is configured as route reflector and provider edge router. A vrf TEST is configured on RR/PE3 and a loopback is part of it. CE1 is also part of same VPN TEST and a loopback is configured on it. Testing is shown by pinging from RR/PE2 with source vrf ip address  

Figure 1

Problems arises in the topology
When the primary link between PE-CE fails, almost 180 seconds required to shift the traffic to secondary PE. The jitter and time specific application cannot hold themselves for such a long time consequences all transations will be failed during that time interval. This happens because of BGP best path algorithm. To learn why it takes so long to converge, click here.

Figure 2

As shown in the Figure 2, the primary link fails. To shift the whole traffic on traffic, see the ping response from RR/PE3.

Figure 3

Before the link failure, the route was seen as external primary and after link failure, the route is selected as internal.

Figure 4

How to overcome the problem?
1.To reduce the BGP PE-CE timers.
2.Use the protection local-prefixes a new feature added in 12.2 (33) SRC ios. This feature helps the egree traffic to forward on secondary link, rather than dropping and the whole convergence won't take more than 2 ping drops.

Figure 5

Configuration Required For Link Protection
ip vrf TEST
protection local-prefixes

IOS Used For Testing

Shivlu Jain