MPLS VPN design with GETVPN and DMVPN.

Unanswered Question
Aug 17th, 2008

Hi all,

I wanted to have some feedback on deciding how to create a PRIVATE mpls VPN for our enterprise client with more than 1000s branches.

Initially We wanted to have application based separation.Our applications are both layer 2 and layer3 based and we also want to implement VOIP and Video conferencing for our enterprise in future.

Now the topology is very simple, multiple branches connect redundantly to our distribution routers which connect redundantly to the core routers ( a typical theoretical scenario)

The links for this above mentioned connectivity are purchased from local SP which might be layer 2 links or layer3 links depending on the availability.

The question is that where should the PE routers reside (The Distribution or the Branch routers?).

Since the branch router will be connected redundantly to the distribution, how will the distribution router able to classify the different branch applications (in MPLS VPNs) from the branch routers--if we implement PE at the Distribution.

This means that do we have to make our branch routers PEs and distribution routers P routers? Or any other method like VRF-lite would help?

Also I wanted to implement GET-VPN and DMVPN in this network to provide secure branch to branch and low latency communication (VOIP).

I hope i am clear.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
sadbulali Fri, 08/22/2008 - 10:14

DMVPN provides two key advantages for extending MPLS VPNs to the branches, bulk encryption and, more importantly, a scalable overlay model. Since the assumption here is that the branches in this deployment are connected to the hub through a Layer 3 SP service, a tunneled model using GRE is needed to extend MPLS to the branches. Coupled with the fact that there is large number of existing DMVPN deployments, this solution becomes an attractive deployment option.


This Discussion