Design validation for Internet over MPLS backbone

Unanswered Question
May 29th, 2007
User Badges:

We have a Network on MPLS backbone with dual service provider.

There are 50 spoke location.

DC and DR location

Topology is hub and spoke with all sites accessing data hosted at primary DC.

ALso in case of disaster all the spoke sites will connect to DR site.

Servers at DR site are on unique IP and failover from DC to DR is taken care by BGP routing intelligence.

Aim is to give controlled internet access to all the spoke sites from DC and incase of failure internet should be available from DR site.

As per our design architecture we are planning to upgrade the last mile bandwidth and MPLS port of all spoke sites and central site MPLS port bandwidth to give integrated access on the same last mile for all the locations.

Both types of traffic private and public will ride on the same MPLS bancbone and come to the primary DC site CE router.

At CE router we will segreggate the traffic meant for datacentre and internet cloud.

We will also deploy firewall and separate internet router and proxy server for the proposed internet connectivity to control the spoke sites traffic.

Is this a good design.

Pls suggest with configuration on how are we going to achiecve this

Also currently we are using BGP between CE-PE --- it should take care of the global routing meant for Internet traffic by flooding default route across all the spoke sites

Pls fins the existing architecute attahced.


Any inputs on the same will be appreciated.


Regards





  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
luqmankondeth Tue, 05/29/2007 - 01:11
User Badges:

Your diagram doesnt show your Internet uplinks. I assume your MPLS Service providers donot provide you Internet access as well.


There are multiple issues to look here. Lets start by discussing the first point. The topology.

There is a lot of redundancy built into it from a physical point of view. I dont see any problems by looking at it for the past 5 minutes...


Moving on, Routing..

Where are you planning on originating the default?

I realize that lot of DR centers do manual work to reroute, and I assume that since you are using different IP addresses at DC & DR, you will be manually tweaking something at each spoke or somewhere else. (did i get this wrong?)


As an alternative to using different IP addresses why not use the same IP addresses and use a combination of

hold-up routes, floating statics , OSPF & BGP to reroute in the event of a failure.

luqmankondeth Tue, 05/29/2007 - 01:16
User Badges:

To illustrate:

You would have IP range 172.16.0.0/16 at both data centers. Your L3 distribution switch at DC would have statics redistributed in OSPF. OSPF runs between all routers. BGP runs between the CE routers at both DC & DR. They are all in one AS. Your DR l3 switch would have floating static s which would kick in only when DC goes boom (say AD=210). There will be a redistribute static under the OSPF config of this L3 switch in the DR. This will ensure that in case the DC is broken, DR would start receiving packets. Network commands under bgp would be present on all CE routers. These will be advertised by bgp only when the corresponding route is advertised by OSPF from the layer 3 switches (via the redistribute command...I forgot, keep the 172.16.0.0/16 static in DC and as a floating static in DR)..

Do you think this will work?


Actions

This Discussion