Help on VPLS integration @ CE end

Unanswered Question
Feb 10th, 2009

Hi,

I have attched diagram for easy understand.

Service provider VPLS means think that point to point link full mesh between my locations.

option 1:

My communication should happen through HEADOFFICE only.

In future i may required comunication directly between Branchoffice also.

planning to run the EIGRP. pls provide the config for the same at all locations

Regards

sateesh

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Harold Ritter Tue, 02/10/2009 - 15:00

Sateesh,

VPLS a logical broadcast interface between all CEs. Did you mean that traffic between the branch sites need to go through the head office site or it doesn't really matter?

If you need to force all traffic through the head office then maybe point-to-point l2vpn between all the branches and the head office (hub and spoke design) would be a better fit.

Regards

sateeshk10 Tue, 02/10/2009 - 15:48

Hi,

I spoke to SP as per them they are going to connect all the offices on single broadcast domain that what i know.

My plan is very simple:

1) At each location I am going to assign the IP where the SP interface terminated.

HQ: 192.168.1.1

BO:192.168.2.1-5.1 for all branch off and run EIGRP on all the location.

1)All BO should contact HQ like hub & spoke

2) Sometimes i need to contact to from BO trgh HQ to another BO or direct to another BO.

flow diagram:

BO-HQ-AnotherBO

BO- antoher BO directly

Regards

sateesh

Harold Ritter Tue, 02/10/2009 - 19:16

Sateesh,

Why not just allowing traffic from one branch to the other directly, security?

You can't have all of the branch routers on different subnets and have them peer with yet another subnet at the hub site.

You could have several subnets configured on the hub site interface to the cloud and a different subnet at each spoke but that would still be an issue for eigrp but would work just fine with static.

The best approach would still be to have the same subnet everywhere and runn eigrp on top of it.

Regards

sateeshk10 Wed, 02/11/2009 - 05:26

Hi,

Thanks for your Immediate reply. I am ready to any config as per your suggestion

could pls let me know the sample oonfig at HQ and BO how it would be so, that i can start working one that.

regards

sateesh

Harold Ritter Thu, 02/12/2009 - 11:21

Sateesh,

You still haven't answer the question about why you need all the traffic from BO to go through HQ.

The simple approach would be to have all sites on the same subnet and to run eigrp between all of them as follow:

HQ:

int xxxx

ip address 192.168.1.1 255.255.255.0

router eigrp 1

netw 192.168.1.0

BO #1:

int xxxx

ip address 192.168.1.2 255.255.255.0

router eigrp 1

netw 192.168.1.0

BO #2:

int xxxx

ip address 192.168.1.3 255.255.255.0

router eigrp 1

netw 192.168.1.0

BO #3:

int xxxx

ip address 192.168.1.4 255.255.255.0

router eigrp 1

netw 192.168.1.0

BO #4:

int xxxx

ip address 192.168.1.5 255.255.255.0

router eigrp 1

netw 192.168.1.0

Regards

sateeshk10 Thu, 02/12/2009 - 11:39

Hi,

Thanks for your valuable reply.

You still haven't answer the question about why you need all the traffic from BO to go through HQ.

Ans: As my BO will always contact HQ.

If you any other solution i am ready to do as i am not getting exact idea on how to do at CE end.

On config you haven`t mentioned the any other EIGRP parameters.

On interfiace i will keep same IP as you provided.

IN EIGRP config can i gave diffrent subnets at each location or 192.168.1.0/21 and at each location one subnet like 192.168.1.0,2.0,3.0 so on.. Is it ok.

If you have any other solution pls let me know.

Regards

sateesh

Harold Ritter Thu, 02/12/2009 - 19:56

Sateesh,

Thanks for the additional information. I understand now that BO to BO traffic going through HQ is not an absolute must. The configs I provided will do the job then.

Since VPLS creates a virtual broadcast media, the core facing interfaces at HQ and all BOs need to be the same subnet (192.168.1.0/24 for instance in my example). As far the other interfaces, you ca use anything you want.

Regards

sateeshk10 Sat, 02/14/2009 - 15:24

Hi,

Now I got some idea..But still i have some concerns about config, as per your config seems to be plain config. But I need all shold communicate to HQ.

But as per your config Each location will have all the locations routes its seems to be..

Ex:

1) A,B,C,D locations connected to SP VPLs (full mesh)

2) A,B,C,D will have full routes of each location ryt

3) suppose if i want to communicate from B. It may go via C to A location(best path) like B-C-A.

4) If any body want to communicate to A he shld contact directly to A. not like B-C-A as "C" is not having enough BW for trasit.

Thanks in advance.

Regards

sateesh

Harold Ritter Sun, 02/15/2009 - 08:27

Sateesh,

In the configuration I proposed, all locations will be able to access all other locations directly. The best path will always be the direct path. Is that what you meant? Is that what you want?

Regards

sateeshk10 Sun, 02/15/2009 - 16:07

Hi,

1)All the locaction should not communitcate.

2) All the locations should communicate HQ only directly.

3) it should not touch to BO Ex: ppl want to communicate to HQ he should communicate directly to HQ only. he shld not come via another BO to HQ.

BO- HQ directly, Not B0-B0-HQ

AS per your it seems to be it may tocuh another B0 to HQ as depends on best path. sometimes best path might be B0-B0-HQ like this.

As per the config how we will now its direct path?

Best path should be direct to HQ only..this is the requirement.

Regards

sateesh

Harold Ritter Wed, 02/18/2009 - 13:47

Sateesh,

May I ask you again why you do not want traffic to go from one BO to the other directly? Are you going to perform any type of filtering at the HQ router?

Regards

sateeshk10 Wed, 02/18/2009 - 14:05

Hi,

why you do not want traffic to go from one BO to the other directly?

option1:

1)If my traffic is going trgh BO, I need to loose some BW at BO during transtion

2)B0 should not have any contact to other BO.

3) all the BO souhl communicate to HQ only there is no contact between BO`s

option2:

If I enable communication between B0`s as per our previous config. How can restrict some access..

Regrds

sateesh

Harold Ritter Wed, 02/18/2009 - 16:45

Sateesh,

Also bear in mind that even if you force traffic through the HQ, you will still need to implement ACL to prevent one BOs to talk to one another.

Regards

sateeshk10 Wed, 02/18/2009 - 18:53

Hi,

Is there any chance of looping as B0 will send routing to another BO again from another BO may send route..like that any looping chances are there..

what ever you have provided config is fine ryt as I am going to get the VPLS links soon..I need to prepare config for all the branches..

pl.let me know if you have any fine tuning EIGRP commands for this setup..

Thanks

sateesh

Harold Ritter Wed, 02/18/2009 - 19:08

Sateesh,

No chance of looping. These routers are on the same logical subnet, so the direct path is always the shortest.

I don't think any fine tuning is required. The config I provided should just work.

Regards

sateeshk10 Thu, 02/19/2009 - 07:45

Hi,

Thanks for all your info., I really appreciate your answers..

All the WAN inter face is in single subnet ryt

All inside LAN will diffrent at each location 192.168.2.20,3.0,4.0.

My question is same routes will avail at all the locations. Other BO`s alos will send the route again..it may cause looping?

One more thing which i did n`t get ans:

As i told you that idont have enough BW at BO. So, i anybody wants to communite to HQ they may come via another BO where i dont have enought BW. Due to this i am asking i want my all B0 should contact directly to HQ...

Regard

sateesh

Harold Ritter Thu, 02/19/2009 - 14:14

Sateesh,

> My question is same routes will avail at all the locations. Other BO`s alos will send the route again..it may cause looping?

As I told you, Eigrp will prevent that from happening. This is called split-horizon and prevents a router from advertising a route

through an interface that the router itself is using to reach the

destination.

> As i told you that idont have enough BW at BO. So, i anybody wants to communite to HQ they may come via another BO where i dont have enought BW. Due to this i am asking i want my all B0 should contact directly to HQ...

This will simply not happen because of split-horizon. Traffic will go from BO to BO or from HQ to BO as needed.

Regards

sateeshk10 Fri, 02/27/2009 - 13:37

Hi,

In cont.,

I am going install 5505 FW at Each BO and I am going get two connections from Service provider(VPLS) one z for inter office communication and other one z Internet. Both the links are terminating on ASA 5505.

So i ineed to configure EIGRP for interoffice communication?

default route for internet is ryt?

WILL THIS WORK.

Regards

sateesh

sateeshk10 Mon, 03/02/2009 - 08:25

Hi,

Still i am awaiting for update.

Thanks in advance.

Regards

sateesh

Mohamed Sobair Fri, 02/13/2009 - 03:38

Ok, For your purpose, u dont have to configure VPLS at one of ur premises.

The provider has to to control ur routing adjacency through VPLS. This could be accomplished by the following:

1- The PE facing the Headquarter has to be configured to establish Eigrp adjacency with all branches as follows:

L2 VFI (Name)

xconnect neighbor (1) router-id encapsulation mpls.

All interfaces facing the Branch offices side has to be configured with a single (xconnect neighbor router-id enc mpls) towards the Head quatrter.

The router-id represent the ID of the neigboring router which is normally the peering address.

Hope this helps,

Mohamed

Harold Ritter Fri, 02/13/2009 - 06:29

Mohamed,

This would not help in the case you wanted to configure a hub and spoke for security purposes, as traffic would not be forced through the HQ CE but would rather be forwarded from one spoke to the other by the PE connected to the HQ site.

BTW, for the suggestion you made to work, the SP would also need to turn split horizon off at the PE connected to the HQ site.

Regards

Mohamed Sobair Fri, 02/13/2009 - 07:49

Hi Harold,

My point is how he can control traffic From the Spokes to the HQ Only and from the HQ to all Spokes in his case if the Service provider providing VPLS Service.

Offcourse you know better than me with regard to a Security issues and the best recommended approach.

HTH

Mohamed

Actions

This Discussion