EIGRP with MPLS VPN

Unanswered Question
Oct 16th, 2008
User Badges:

Hi Friends,

I need yoour valuable inputs on the following -


I have a customer having 12 Branches connecting to HQ. At HQ they have 7206VXR Router and in the Branches it is 2811 Router.


The customer want to have an IP/VPN connection from branches to HQ for accessing the centrally located resources and for Internet also. Telco provider is using MPLS BGP at WAN.


Internally i will be using EIGRP for Routing. I need your kind help to know about


how we can setup this solution?


how EIGRP can work with MPLS?


what are the configuration Task on this?


I have a SA-VAM2+ card also in the Router how can i make use of that?


regards


Jacob

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
Loading.
Giuseppe Larosa Thu, 10/16/2008 - 01:39
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Jacob,

with L3 MPLS VPN are the Provider PE nodes that allow routing between sites.

Each branch router and the HQ router peers with the PE router that is at the other end of the link.

Between CE-PE you can use:

PE-CE eBGP sessions


actually if the provider supports it it can make your CE routers to keep using only EIGRP but this depends on provider and can be priced more.

The second approach advantage is that CE routers don't need any important config change they still run only EIGRP and all the efforts are on the PE side that has to redistribute EIGRP routes in MP-BGP and rebuild EIGRP routes on remote sites PE nodes to send them to the CE router.

You may need to add a network command under router eigrp on all CE routers.


The first approach using eBGP sessions require a major change on CE side.


If branch offices have only one router the CE will run only BGP and will advertise connected networks and static routes.

Usually provider assigns a private AS number to all of your CE (the same for all)

let's suppose it is 65012


branch CE config


router bgp 65012

neigh PE:address remote-as Provider.ASN

redistribute connected

red static

no sync

no auto-summary

!

On the HQ router that needs to talk EIGRP with other routers in HQ.


router eigrp 100

! seed metric for red to be effective:

default-metric 10000 1000 255 1 1500

red bgp 65012


router bgp 65012

no sync

no auto-sum

red eigrp 100

neigh PE:address remote-as Provider.ASN


the VAM card is not needed in this setup unless you want to use CE to CE encryption over MPLS VPN


Hope to help

Giuseppe


Jacob Samuel Thu, 10/16/2008 - 01:51
User Badges:

Dear Giuseppe


Thanks for the reply. At Branch offices there will be one router only.


May be we will use the VAM Card since the data needs security.


Do you have any usefull links or pdf's which can be more informative to me to know more on this topic? i really need it since all the customers are moving to MPLS VPN now.


Once again Thanks a lot for the reply


regards

Jacob

Giuseppe Larosa Thu, 10/16/2008 - 03:55
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Jacob,

a very good place to go:


www.cisco.com/go/srnd


and should be interesting:


MPLS VPN for enterprise


http://www.cisco.com/application/pdf/en/us/guest/netsol/ns432/c649/ccmigration_09186a00808ce6ad.pdf


DMVPN for ipsec can be a good choice to allow spoke-to-spoke encrypted traffic with HQ acting as hub


http://www.cisco.com/application/pdf/en/us/guest/netsol/ns171/c649/ccmigration_09186a008075ea98.pdf


Hope to help

Giuseppe


Jacob Samuel Thu, 10/16/2008 - 10:47
User Badges:

Dear Giuseppe,


Thanks a lot for the Link and for PDF's.

Regards

Jacob

Actions

This Discussion