How configure BGP between Cross connect in Dual CPE setup

When Direct Internet Access (DIA) is configured in an active–active high-availability (HA) deployment, the cross-connect logical interfaces between the transport VRs of CPE-1 and CPE-2 provide connectivity but do not inherently protect against an internet WAN link failure on one of the CPE devices.

Specifically, if the internet WAN link on CPE-1 fails, the cross-connect interface alone cannot detect or propagate this failure. As a result, traffic may continue to be forwarded toward CPE-1, leading to a local internet black-hole condition.

To prevent this scenario, additional routing intelligence must be introduced across the cross-connect interface. This can be achieved by configuring dynamic routing (BGP) between the transport VRs of both CPE devices. Dynamic routing allows the propagation of reachability information, including the default route, between the transport VRs so that link failures are detected and routes are withdrawn appropriately.

In this design:

CPE-1 uses INET1-Transport-VR

CPE-2 uses INET2-Transport-VR

BGP is configured between the transport VRs over the cross-connect interface. With this configuration, if INET1-Transport-VR loses its internet connectivity, the default route is automatically withdrawn and propagated to the peer transport VR. This ensures that both CPE devices make correct forwarding decisions and prevents local black-hole conditions during internet WAN failures.

This document describes the procedure to configure BGP between the cross-connect transport VRs to achieve this behavior.

On CPE1:

Create a BGP Group and configure BGP peering with CPE2 cross connect link.

On CPE2:

Remove the Default STATIC route create by WF towards CPE1(172.16.255.1)

The Default route will be learned over BGP.

Configure BGP towards CPE1 cross connect link .

Once the BGP configured on both the CEPs you will receive the Default route from CPE1 over BGP and the same will advertise to LAN side.

You can fine tune the BGP configuration as per your requirement like peer-group policy.

Verification.

Once you shutdown the INET1-Transport-VR on CPE1 the route will withdrawn from CPE1 and CPE2's LAN-VR.

CPE1:

cli> show route routing-instance provider-LAN-VR

Prot   Type  Dest Address/Mask   Next-hop        Age      Interface name     Nexthop name

----   ----  -----------------   --------        ---      --------------    ---------------

BGP    N/A  +0.0.0.0/0           169.254.0.12    00:00:05 tvi-0/613.0

CPE2:

cli> show route routing-instance provider-LAN-VR

Prot   Type  Dest Address/Mask   Next-hop        Age      Interface name     Nexthop name

----   ----  -----------------   --------        ---      --------------    ---------------

BGP    N/A  +0.0.0.0/0           169.254.0.12    00:00:09 tvi-0/613.0

Once CPE1 -INET1-Transport-VR  restore the default will install towards INET1-Transport-VR.

cli> show route routing-instance provider-LAN-VR

Prot   Type  Dest Address/Mask   Next-hop        Age      Interface name     Nexthop name

----   ----  -----------------   --------        ---      --------------    ---------------

BGP    N/A  +0.0.0.0/0           169.254.0.10    00:00:03 tvi-0/611.0

You can follow the same steps for INET2-Transport-VR.