01-18-2010 08:13 AM - edited 03-04-2019 07:14 AM
Hello!
At my customer, can I replace one infrastructure in MPLS provided by the carrier, with an infrastructure in DMVPN Spoke-to-Spoke over the Internet? Most of the traffic is from remote offices to headquarters.
What are the benefits? What are the disadvantages?
What do you think?
Thank you,
01-18-2010 09:10 AM
Personally I prefer MPLS. The internet is less stable than carrier networks.Also carriers can provide QoS for VoIP, VC, mission critical apps. If encryption is necessary you can still encrypt quite easily over MPLS. I suggest to my clients to avoid the internet for WAN links at all costs. It's too unreliable for businesses. Using the internet is cheaper, but is it worth it when (not if) you have outages during the business production?
Hope it helps.
01-21-2010 12:22 AM
Hi Collin!
What solution do you think can replace MPLS?
MPLS infrastructure costs a lot of money and not allow me to configure the CE routers, as they are owned by the carrier.
Do you have any other ideas?
Thank you,
01-18-2010 09:52 AM
Hello Paolo,
I agree with Collin.
With MPLS you have also a greater scalability either in terms of number sites and on possible traffic volumes involved.
BW needs of branch offices may be moderate now.
Also QoS implementation is easier and results more predictable.
Specially if VOIP is involved it becomes difficult to comply with SLA.
You can however, have an ipsec access to MPLS VPN that is you can have a DMVPN mapped in a VRF to collect traffic from small branches
DMVPN can be a fit for small offices
Hope to help
Giuseppe
01-20-2010 03:16 AM
Hello Giuseppe!
giuslar wrote:
DMVPN can be a fit for small offices
What do you mean, when you talk about "small office"?
How many people are in your "small office"?
Thank you,
01-21-2010 12:52 AM
Hello Paolo,
I prefer to think in terms of bandwidth.
If a site requires 10 Mbps of more as access link, it becomes more difficult to satisfy these requirements over time (likely to increase).
That is 10 Mbps of traffic encapsulated in GRE and proteced by IPSEC with 3DES or AES are an heavy load on routers even if they have an hardware VPN module.
You may be interested in some scalability tests that have been published in SRND for DMVPN
http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/DMVPN_4_Phase2.html
also there is an MPLS L3 VPN for enteprise guide
http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/L3VPNCon.html
Note:
some providers may offer managed CE devices as part of their service package, but this is not a technical necessity in MPLS VPN.
The same providers or other providers may accept that customer provides and manages CE devices.
You may want also to consider the use of a L2 MPLS VPN service that can be cheaper.
With a L2 MPLS VPN you are responsible for routing between your sites.
The problem with a VPLS service is that if the number of sites connected is high you start to have problems with routing protocols.
Using 802.1Q vlan based point-to-point services allows to replicate a typical Hub and spoke topology as done on FR networks.
Hope to help
Giuseppe
01-18-2010 07:06 PM
i think from redundancy respective DMVPN is a very good solution to make it a redundant/backup path as its dynamic and utilize dynamic routing protocols which make it easier to configure as back path but requires local Internet link on each site
example:
https://supportforums.cisco.com/docs/DOC-8356
thank you
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: