Multihomed network on MPLS cloud

Unanswered Question
Jun 7th, 2007

Hi,

We have a Hub and Spoke MPLS network with SAP and Email application hosted in IDC.

At remote site we have dual links from different service provider.

Aim is to access the SAP traffic from one link with backup on the other link in case of primary link failure.

Also Email should run from other service provider with backup on the first service provider in case second service provider fails.

How can we achieve this using BGP between CE-PE.

Secondly at few locations we have only few network users approx -10 Nos and we want some users to go out from service provider 1 and the rest on the other service provider with backup on service provider available on given point of time in case either service provider link fails at the remote site.

Pls suggest.

Rgds

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
swaroop.potdar Thu, 06/07/2007 - 15:05

You can try as below:

1) Populate all the end routes(servers,workstation) into both the SP's (1 and 2), so at any given point in time both have forwarding path to the end points.

2) Run VRRP dual groups on the remote site routers, and make the router connected to SP1 as primary for users wanting to go via SP1 and make router connected to SP2 as primary for users wanting to go through SP2. On failure it will fall back on the other SP.

3) For the email part as well you can use VRRP single group as designate the router connecting to SP1 as the primary.

HTH-Cheers,

Swaroop

swaroop.potdar Thu, 06/07/2007 - 21:31

Deepak, you are running VRRP only on your LAN between the 2 local CE routers to help forward some vlan traffic to SP1 and some to SP2 between PE and the CE you can run any protocol, BGP as well.

The PE-CE protocol wont limit this function of primary and secondary on VRRP.

HTH-Cheers,

Swaroop

deepakbihari Fri, 06/08/2007 - 01:23

Hi Swaroop,

With VRRP one router will remain in standby mode.

We want both the routers in actvie-active mode.

Regards

swaroop.potdar Fri, 06/08/2007 - 05:16

Deepak, with two groups, one for each vlan both routers will be in active mode for each vlan. As per your post at any given point in time, if one router fails other will take over.

The above solution is for your Vlan loadbalancing between 2 SP's.

As mentioned in my previous reply for your earlier post for internet, you can manipulate BGP attribute like local pref to achieve the primary/secondary for any other centralized service SAP/EMAIL as well.

HTH-Cheers,

Swaroop

divyapratap.singh Fri, 06/08/2007 - 04:08

Hi,

You can achieve this by carrying out the following configuration:

ROUTER 1

router bgp XXX

neighbor A.A.A.A remote-as AAA --> EBGP with SP1

neighbor A.A.A.A route-map SAP in

neoghbor X.X.X.X remote-as XXX --> IBGP

route-map SAP permit 10

match ip address 1 ----> SAP servers

set local-preference 150

route-map SAP permit 20

ROUTER 2

router bgp xxx

neighbor B.B.B.B remote-as BBB --> EBGP with SP2

neighbor B.B.B.B route-map Email in

network X.X.X.X remote-as XXX ---> IBGP

route-map Email permit 10

match ip address 2 ---> Email servers

set local-preference 150

route-map Email permit 20

Hope this will help you,in second case PBR may help you do not change BGP attribute.

deepakbihari Sat, 06/09/2007 - 01:19

Hi Divyapratap,

Thanx...

This config will ensure my outbound traffic from spoke site to hub site prefers one service provider over other based on application (SAP/Email).

Few more clarifications are required from you.

1) How will we ensure that the return traffic from hub site prefers the same path as it took for forwading from spoke to hub site. (BGP attribute As Path Prepend will help or ? pls post config for achieving the same.

2)At places where there are single router with dual service provider links what would be the config PBR + BGP or ? condition to be met is half user should go thru one ISP and rest hasl thru other ISP with fallback on each other.

3)For location with Dual router but layer 2 switch what feature should be implemented for achieving load sharing (HSRP or GLBP + BGP)

lastly

For application load sharing is it required to have different IP subnet for SAP and Email server at Hub and Spoke site.

Would appreaciate if you revert with how can we handle configuration for the above mentioned scenarios.

Regards

divyapratap.singh Sat, 06/09/2007 - 23:23

1. on your switch carry out the following configuration (I have assumed you have routers which are directly connected to your L3 switch):

int vlan 2---> vlan for SAP

ip policy route-map SAP

int vlan 3---> vlan for Email

ip policy rout-map Email

route-map SAP deny 10

match ip address 1 ----> IP ranges of all networks which are used in HUB location for them PBR will not be done and normal routing will be carried out by L3 switch.

route-map SAP permit 20

set ip next-hop x.x.x.x ---> Ip address of your router which connects to SP1 --> traffic for all other location from SAP vlan will be moved to SP1

route-map EMAIL deny 10

match ip address 1 ----> IP ranges of all networks which are used in HUB location for them PBR will not be done and normal routing will be carried out by L3 switch.

route-map EMAIL permit 20

set ip next-hop y.y.y.y ---> Ip address of your router which connects to SP1 --> traffic for all other location from EMAIL vlan will be moved to SP2

2. Any specific reason for allowing half of the users to use SP1 and half of them to use SP2, you are already moving your SAP application on one link and Email application on another one, try to carry out same routing policy at all locations. BGP can take decisions on its own on the basis of attributes for destinations. If you have something in mind please elabroate if possible i can provide you with some config.

3. You can go ahead with GLBP + BGP.

4. It is not required to have different IP subnet, by doing this you are just making your configuration simple.

deepakbihari Sun, 06/10/2007 - 01:26

Hi Divyapratap,

How are we going to handle the listed situation:-

Location where there is only layer 2 switch and single broadcast domain or VLAN no inter vlan routing is happening , at these locations how are we going to handle the application level load sharing between different service provider.

Regards

divyapratap.singh Sun, 06/10/2007 - 02:23

Deepak,

In these kind of locations (spoke locations) you can do load sharing on the basis of BGP attribute local preference in which you can define that the traffic for SAP should use SP1 and traffic for Email should use SP2.

And in Hub locations it is done by configuring PBR on L3 switch. Thus your incoming and outgoing traffic is symmetrical.

Hope this helps you,i have already discussed the configuration for Spoke and Hub location.

Please let me know if have understood your requirement correctly.

Regards,

Divyapratap

Actions

This Discussion