MPLS and Internet

Unanswered Question
Dec 1st, 2009
User Badges:

I am working on a scenerio where I have four sites connected to MPLS Network.


Hub 1:  CE router connected to MPLS Clould:          BGP AS 65228, BGP AS for PE router 13984

Hub 1:  DMVPN Router connected to Internet Cloud:   BGP AS 10918


Hub 2:  CE Router connected to MPLS Cloud:         BGP AS 29837,  BGP AS for PE Router 13984

Hub 2:  DMVPN router connected to Internet Cloud     BGP AS 10918



Branch 1:  CE Router connected to MPLS Cloud:         BGP  AS  65178, BGP AS for PE Router 13984

Branch 1:  DMVPN Router connected to Internet Cloud:   BGP AS  10918


According to configuration,  both (Router representing Internet Clould and DMVPN routers representing Hub1, Hub2, and Branch 1) are in the same AS.  Is this how is supposed to be.  I thought that BGP peering between Internet Cloud and DMVPN routers should have an external BGP peering instead of IBGP or it doesn't matter.


The goal is to apply DMVPN Server configurations on Hub1 and Hub2 and DMVPN Client configuration on Branch 1 to see if Branch 1 is able to reach both Hub1 and Hub2 after I manually shutdown Branch Primary MPLS Link.


Rightnow, both MPLS and Internet Cloud have full functionality to each other via BGP Routing and it doesn't matter if I bring the MPLS link down since Internet Cloud is also running full BGP and the ping test will be successful.


The lab is confusing me, and need some feedback how to test DMVPN.  I don't think that I shoud run BGP between DMVPN and Internet Cloud.


Can someone shed some light how to design and test this scenerio.


Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Laurent Aubert Tue, 12/01/2009 - 20:05
User Badges:
  • Cisco Employee,

Hi,


The simplest way to simulate the Internet is to connect your DMVPN routers to a third router (which represent the Internet) and which knows only its connected subnets. Every IPSec routers will use its "public interface" as source address and will need a default route pointing to this third router.


What you want to test is a routing policy which will use your DMVPN network as a backup path so you don't need to focus how the DMVPN public IP addresses used for IPSec are announced to the Internet. You assume the DMVPN network is UP & Running.


What you are doing should be fine even if it's not what you will find in real networks.


HTH


Laurent.

abbas.ali Tue, 12/01/2009 - 23:00
User Badges:

Hi Laurent,


Thanks for the explanation.  Am I correct to say that I don't need to run BGP on my DMVPN router that connects to Internet Router.  I can just run IGP such as EIGRP between DMVPN router and my Internal Core Router connected via Fast Ethernet and default route pointed to the IP Address of Internet Router.  Note:  There will be no dynamic routing protocol will be running between my DMVPN (WAN Interface) connected to the  Internet Router.


I will then forcefully bring the MPLS (Primary) interface down on my branch router and it will force DMVPN tunnel to be established between my Branch and Hub Site.  One questions how will my internal networks running on EIGRP between Hub and Branch will converge.


Thanks!

Laurent Aubert Wed, 12/02/2009 - 09:19
User Badges:
  • Cisco Employee,

Hi,


"


Thanks for the explanation.  Am I correct to say that I don't need to run BGP on my DMVPN router that connects to Internet Router.  I can just run IGP such as EIGRP between DMVPN router and my Internal Core Router connected via Fast Ethernet and default route pointed to the IP Address of Internet Router.  Note:  There will be no dynamic routing protocol will be running between my DMVPN (WAN Interface) connected to the  Internet Router.

"

Correct. Your internal Core Router needs the default route only if it needs to reach Internet as well.


"

I will then forcefully bring the MPLS (Primary) interface down on my branch router and it will force DMVPN tunnel to be established between my Branch and Hub Site.  One questions how will my internal networks running on EIGRP between Hub and Branch will converge.

"

Because EIGRP is running inside your tunnels, they will already be established due to the EIGRP traffic. You need to make sure your internal routers learned remote subnets from both the MPLS and the DMVPN clouds. Then you need to be sure BGP  routes will always be preferred over the EIGRP ones

. If it's eBGP, everything will be fine by default as eBGP has an Adminsitrative Distance of 20 vs 90 for EIGRP.


HTH


Laurent.

Actions

This Discussion