Like any routing protocol, BGP can be used over a GRE tunnel to bypass BGP peering or full mesh across multiple routers. In the image below there are 10 routers and they’re all running OSPF in area 0 except for R10 to R8 and R7 to R9. OSPF is simply used for reachability.

R10, R8, R9 and R7 are all running BGP in different ASNs. The goal is to create a tunnel from R8 to R7, then use BGP to create connectivity from R9 to R10.

R9 = ASN 900
R7 = ASN 100
R8 = ASN 100
R10 = ASN 1000


Connectivity has already been established across the OSPF domain. First part is creating the tunnel.

The tunnel source is the local loopback and tunnel destination is the remote loopback on R7. The same configuration but opposite source destination will be setup on R7. After entered we should see tunnel 0 come up and each end of the tunnel should be reachable – ie., 8.

Next we’re going to create BGP peerings. Below are the completed peerings:

R8/ASN100 — R10/ASN1000 – EBGP
R8/ASN100 — R7/ASN100 – iBGP
R7/ASN100 — R9/ASN900

The BGP peering between R7 and R8 is not going through the tunnel. That is routable over the OSPF domain that’s setup for reachability. Below is R8’s BGP configuration:

Now we’re going to setup a route-map that changes the next hop of advertisements between R8 and R7.

We’re setting up a route map that modifies the next hop to be the local GRE tunnel interface IP, and then advertising that via a route-map to our iBGP peer. The reason we’re doing this is for reachability between R9 and R10. Without this our local next-hop would be advertised which is not setup in the OSPF domain. As it shouldn’t, typically that would be out of our domain space. Or it is in our domain but we’re trying to minimize BGP peering. The opposite of the route map and BGP change is completed on R7’s side as well. The result is below: (R9’s loopback) is now actually added into the RIB of R8 with a next hop of, the tunnel interface of R7.


  • MPLS is this same logic as GRE, but more flexible.
    • Arbitrary transport
    • Arbitrary payload
    • Extensible applications

Example Case:

  • Form MPLS tunnel from ingress to egress.
    • Typically IGP + LDP is used for this.
    • Could be BGP or RSVP (MPLS TE)
  • Peer BGP from ingress to egress
  • Recurse BGP next-hop to MPLS label.
  • What is the core’s data plane result?
    • Core label switches ingress PE to egress PE
    • Core does not need end-to-end information.

On the image above now we’re going to enable MPLS. First we’re removing the GRE tunnel though between R8 and R9 with ‘no int tunnel0’. After we’re going into the OSPF process on every router and enabling MPLS autoconfig with LDP.

After entered on all of the routers you can start to see these messages in the console that LDP neighbors are forming. The LDP neighbors will be the exact neighbors we already have in OSPF.

Now on our BGP configurations for R8 and R7, we’ll need to remove the route-map for next hop and do a normal ‘next-hop-self‘ on the neighbor statement like below.

There is now reachability again between R10 and R9’s loopbacks.

On R8 we can see in the MPLS forwarding table that it has reachability to R7


  • MPLS is advantageous because it allows us to not run BGP over all transit routers.
  • The BGP table is too large, this minimizes the table size.
  • Another form of tunneling, easier than doing VPN or GRE everywhere.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s