One of my CCDE bootcamp students asked a question about next hop in MPLS VPN network. So, I would be very pleased to explain the BGP next hop behaviour both in IP and MPLS network in this post.
I am explaining this topic in deep detail in my “BGP Zero to Hero” course. Click here for our Special Offer.
Let’s start with this IP network shown below (Figure-1).
Figure-1 IBGP Next Hop handling in IP networks
In Figure-1, there is no MPLS service in the network. What’s more, R1 and R2 is running IBGP with R3.
And R3 is running EBGP with upstream provider.
When R3 sends the BGP prefix to R1 and R2, BGP next hop is unchanged. The link between R3 and the Internet is set as BGP next hop. In other words, if you examine the BGP routing table of R1 and R2, the next hop of the BGP prefixes coming from the Internet is R3-Internet link.
Further, routers need to find IGP (OSPF, IS-IS, EIGRP) next hop in order to send the packets to the destination. The link between R3 and Internet (External link) , is not known by the IGP protocol.
That link can be redistributed to IGP or it can be set as IGP passive interface. If you don’t want to see external routes in your IGP, then BGP next hop can be set to router’s loopback, an internal route.
In order to set the next hop to router’s loopback, you can create a route map on R3 to set the next hop as its loopback interface, or you can set BGP next hop independently and create IBGP session between Router’s loopbacks. BGP sources interface in this case are R1, R2, and R3’s loopback.
As you can see, if there is no MPLS VPN service, the prefixes – which are received from EBGP – are advertised to IBGP neighbor without changing the next hop. If the external link is not wanted in the network, manual operation is required on the edge router to set the next hop to it.
Important to know that, if external link is not set as next-hop, in case that link failure, traffic is black holed. (Dropped at that router) until BGP control plane is converged.BGP PIC Edge solves this problem by installing an alternate route in the forwarding table.
Let’s take a look at MPLS VPN network and see how BGP next-hop operation is done.
Figure -2 MPLS Network
Figure 2 shows the MPLS component, so let’s examine MPLS Layer 3 VPN service. MPLS Layer 3 VPN requires PE router to be the neighbor of Layer 3 with the CE routers. It can be static route, RIP, EIGRP, OSPF, IS-IS, or BGP.
IP prefixes are received from the CE routers and PE appends RD (Route Distinguisher) to the IP prefixes. And a completely new VPN prefixes are created. (IPv4+RD=VPNv4)
PE routers re-originate all the customer prefixes regardless of its origin, static redistribution, and PE-CE OSPF/IS-IS/EIGRP/BGP as well advertising all MP-IBGP peers by setting the BGP next-hop to it. As for the IP network, you don’t need to do the manual operation.
MP-BGP neighborship between the PE routers should be created between their loopbacks. And in that case, loopback is set as next hop without configuring BGP next-hop automatically.
It is already an automated process in MPLS VPN, but you don’t want to advertise external interfaces (PE – CE) to IGP for scalability and stability reason. Scalability would be affected because many customer interfaces would be advertised on IGP, and IGP wouldn’t be scaled. And it affects stability because whenever interface flaps, it would cause SPF or DUAL algorithm run.
You may ask how SP can monitor those interface in MPLS VPN. Those interfaces are placed in Network Management VRF and carried to the Network Management System through MP-BGP.