I have a question about MPLS. We currently have 3 sites internationally, with the main site in NY. Both sites are connected to NY with a private line (a T1 and a Layer 2 Ethernet connection). All three sites have their own internet connection, so there is a firewall on each site for internet. In NY we have two internet providers and we run BGP between the two, both behind the same firewall.
We want to upgrade the T1 link to something higher, and our provider is proposing MPLS to replace the T1 link and one of our internet connections in NY (and possibly the other site)...maybe eventually will add the third site to the MPLS network. My question is...since MPLS is a single link, how would I manage network traffic between sites (considering the handoff would be behind the firewalls)? It would be easy if we just had the MPLS handoff plug into one of our routers directly into our network, but if it's behind a firewall we'll have all sorts of NAT issues between sites....and since this provides a connection to the internet also, we would probably want to keep it behind the firewall.
How do you guys generally handle MPLS deployments and how would you design it in this case?