10-16-2008 12:39 AM - edited 03-03-2019 11:56 PM
Hi Friends,
I need yoour valuable inputs on the following -
I have a customer having 12 Branches connecting to HQ. At HQ they have 7206VXR Router and in the Branches it is 2811 Router.
The customer want to have an IP/VPN connection from branches to HQ for accessing the centrally located resources and for Internet also. Telco provider is using MPLS BGP at WAN.
Internally i will be using EIGRP for Routing. I need your kind help to know about
how we can setup this solution?
how EIGRP can work with MPLS?
what are the configuration Task on this?
I have a SA-VAM2+ card also in the Router how can i make use of that?
regards
Jacob
10-16-2008 01:39 AM
Hello Jacob,
with L3 MPLS VPN are the Provider PE nodes that allow routing between sites.
Each branch router and the HQ router peers with the PE router that is at the other end of the link.
Between CE-PE you can use:
PE-CE eBGP sessions
actually if the provider supports it it can make your CE routers to keep using only EIGRP but this depends on provider and can be priced more.
The second approach advantage is that CE routers don't need any important config change they still run only EIGRP and all the efforts are on the PE side that has to redistribute EIGRP routes in MP-BGP and rebuild EIGRP routes on remote sites PE nodes to send them to the CE router.
You may need to add a network command under router eigrp on all CE routers.
The first approach using eBGP sessions require a major change on CE side.
If branch offices have only one router the CE will run only BGP and will advertise connected networks and static routes.
Usually provider assigns a private AS number to all of your CE (the same for all)
let's suppose it is 65012
branch CE config
router bgp 65012
neigh PE:address remote-as Provider.ASN
redistribute connected
red static
no sync
no auto-summary
!
On the HQ router that needs to talk EIGRP with other routers in HQ.
router eigrp 100
! seed metric for red to be effective:
default-metric 10000 1000 255 1 1500
red bgp 65012
router bgp 65012
no sync
no auto-sum
red eigrp 100
neigh PE:address remote-as Provider.ASN
the VAM card is not needed in this setup unless you want to use CE to CE encryption over MPLS VPN
Hope to help
Giuseppe
10-16-2008 01:51 AM
Dear Giuseppe
Thanks for the reply. At Branch offices there will be one router only.
May be we will use the VAM Card since the data needs security.
Do you have any usefull links or pdf's which can be more informative to me to know more on this topic? i really need it since all the customers are moving to MPLS VPN now.
Once again Thanks a lot for the reply
regards
Jacob
10-16-2008 03:55 AM
Hello Jacob,
a very good place to go:
and should be interesting:
MPLS VPN for enterprise
http://www.cisco.com/application/pdf/en/us/guest/netsol/ns432/c649/ccmigration_09186a00808ce6ad.pdf
DMVPN for ipsec can be a good choice to allow spoke-to-spoke encrypted traffic with HQ acting as hub
http://www.cisco.com/application/pdf/en/us/guest/netsol/ns171/c649/ccmigration_09186a008075ea98.pdf
Hope to help
Giuseppe
10-16-2008 10:47 AM
Dear Giuseppe,
Thanks a lot for the Link and for PDF's.
Regards
Jacob
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: