Multiple Customer Default Routes over MPLS Cloud

melcara · ‎06-21-2009

I have a customer with a Core network connected together over VPLS, and runnng EIGRP as the IGP. For the branch offices the are using MPLS, and SP requires us to use BGP when sending routes to them.

We have the core site, A, B, C. Site A&B have an internet connection. I want to have 1/2 the branches going to Site A and 1/2 going to Site B, and the SiteA orB and Site C as a backup. there is a single VRF. The SP will not make any changes for us...so I have been told. So I need to find out if there is a way to do this without SP involvement. I have tried Communities (CE side) with no Luck unless I make changes in the P/PE Net.

Attached is a drawing of the high level network.

Any Ideas....

melcara · ‎06-21-2009

Some addtional informtion

Handling Multiple Default Routes with BGP as PE-CE Protocol

http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/L3VPNCon.html#wp321066

Layer 3 MPLS VPN Enterprise Consumer Guide Version 2

This section tells almost what I want to do. But I want the left side of the diagram to go left...and the right side to go right.

shivlu jain · ‎06-21-2009

The best way to load share the traffic is to use BGP. In BGP, define the reomte subnets with appropriate weight.

regards

shivlu jain

melcara · ‎06-22-2009

That is a great idea, however the problem is not the return traffic to branch, but but the outbound traffic from the branch. The Site A and Site B internet Gateways have Firewall at each location with seperate NAT/PAT. So each location must go out the same site each time, unless the firewall goes down.

so what I need to do is advertise both site A and Site B, then allow the branch to choose, or have the PE router that branch in connected too, filter routes accordingly.

Laurent Aubert · ‎06-23-2009

Hi,

If Site A and B are connected to the same PE and share the same VRF, you can't do it as the PE will select only one default router as best. Even if it installs both, it will load-balance your traffic

To have full control, you need GRE tunnels between your CE if your SP is not ready to help you.

HTH

Laurent.

melcara · ‎06-23-2009

That is what I am thinking...but I might do the NHRP multipoint GRE tunnel..Just tring to see if there is an option with out useing GRE's

jcozzupoli · ‎06-23-2009

You could try DMVPN with EIGRP. You could then have multiple Tunnels on site router and set different EIGRP metrics accordingly.

melcara · ‎06-24-2009

That is our backup plan. The problem with that is VoIP is going over this, and while I know that you can run VoIP over DMVPN, I would prefer not too.

jcozzupoli · ‎06-24-2009

yeah I hear your concerns, maybe have some wan accelerators installed, I know its more cost, but to get this solution working it may be the best solution.

I have worked with many customers who run VoIP over DMVPN in a large enterprise network of 200+ nodes easy. It can be done and its mainly transparent to the SP core, so its more in your own control.

Laurent Aubert · ‎06-25-2009

Hi,

mGRE is interesting on the hub if you have enough remote sites to make the solution not manageable with pt-2-pt tunnels.

If you don't want VoIP traffic inside the tunnel, just be sure the prefixes are learned outside of the tunnel ;-)

HTH

Laurent.