EIGRP with MPLS VPN

Unanswered Question
Oct 16th, 2008

Hi Friends,

I need yoour valuable inputs on the following -

I have a customer having 12 Branches connecting to HQ. At HQ they have 7206VXR Router and in the Branches it is 2811 Router.

The customer want to have an IP/VPN connection from branches to HQ for accessing the centrally located resources and for Internet also. Telco provider is using MPLS BGP at WAN.

Internally i will be using EIGRP for Routing. I need your kind help to know about

how we can setup this solution?

how EIGRP can work with MPLS?

what are the configuration Task on this?

I have a SA-VAM2+ card also in the Router how can i make use of that?

regards

Jacob

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
Loading.
Giuseppe Larosa Thu, 10/16/2008 - 01:39

Hello Jacob,

with L3 MPLS VPN are the Provider PE nodes that allow routing between sites.

Each branch router and the HQ router peers with the PE router that is at the other end of the link.

Between CE-PE you can use:

PE-CE eBGP sessions

actually if the provider supports it it can make your CE routers to keep using only EIGRP but this depends on provider and can be priced more.

The second approach advantage is that CE routers don't need any important config change they still run only EIGRP and all the efforts are on the PE side that has to redistribute EIGRP routes in MP-BGP and rebuild EIGRP routes on remote sites PE nodes to send them to the CE router.

You may need to add a network command under router eigrp on all CE routers.

The first approach using eBGP sessions require a major change on CE side.

If branch offices have only one router the CE will run only BGP and will advertise connected networks and static routes.

Usually provider assigns a private AS number to all of your CE (the same for all)

let's suppose it is 65012

branch CE config

router bgp 65012

neigh PE:address remote-as Provider.ASN

redistribute connected

red static

no sync

no auto-summary

!

On the HQ router that needs to talk EIGRP with other routers in HQ.

router eigrp 100

! seed metric for red to be effective:

default-metric 10000 1000 255 1 1500

red bgp 65012

router bgp 65012

no sync

no auto-sum

red eigrp 100

neigh PE:address remote-as Provider.ASN

the VAM card is not needed in this setup unless you want to use CE to CE encryption over MPLS VPN

Hope to help

Giuseppe

Jacob Samuel Thu, 10/16/2008 - 01:51

Dear Giuseppe

Thanks for the reply. At Branch offices there will be one router only.

May be we will use the VAM Card since the data needs security.

Do you have any usefull links or pdf's which can be more informative to me to know more on this topic? i really need it since all the customers are moving to MPLS VPN now.

Once again Thanks a lot for the reply

regards

Jacob

Giuseppe Larosa Thu, 10/16/2008 - 03:55

Hello Jacob,

a very good place to go:

www.cisco.com/go/srnd

and should be interesting:

MPLS VPN for enterprise

http://www.cisco.com/application/pdf/en/us/guest/netsol/ns432/c649/ccmigration_09186a00808ce6ad.pdf

DMVPN for ipsec can be a good choice to allow spoke-to-spoke encrypted traffic with HQ acting as hub

http://www.cisco.com/application/pdf/en/us/guest/netsol/ns171/c649/ccmigration_09186a008075ea98.pdf

Hope to help

Giuseppe

Actions

This Discussion