cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1931
Views
0
Helpful
5
Replies

VPN MPLS best practices to use it

jquintard
Level 1
Level 1

Hello,

My company have subscribe a VPN MPLS to interconnect two sites. The ISP I have choose install one router on each side and set QoS on this link (70% VoIP, 20% Data and 10% access). On each side I have a DSL link for classic Internet access. I'm a newbie in VPN so I have some questions to integrate this link in my network.

1. I suppose this link is like an L2 and transport VLAN on each side ?

2. Is this possible/a good practice to centralize service like DHCP/DNS/AD on the central site ? I use Microsoft DHCP.

3. What is the settings I need to use for the VoIP part ?

If you have conf or example to help me, thanks.

Jerome

5 Replies 5

Sakun Sharma
Level 1
Level 1

Hi,

VPN MPLS can be implement on either Layer 2 and Layer 3. If Serial link or phone link is used then Layer 3 VPN MPLS is implemented or if Ethernet cable used then Layer 2.

In case of VPN MPLS your end routers at both sites which connect to ISP routers are knows as Customer Edge (CE) routers and ISP routers are known as Provider Edge (PE) routers.

For your network, PE routers will be invisible and direct relationship will be formed between your both CE routers. PE's will simply encapsulate your packet in MPLS packet and forward to other end's PE which will de-encapsulate MPLS packet and send to your CE router at that site.

In case of AD / DNS and DHCP its better you have servers at each site and syncronize those servers with each other over your VPN link, because it will not only require more bandwidth requirement also delay will be increased as compared to local network.

In case of VoIP firstly you need to enable CDP (if disabled) to discover phone on switch to which IP phone will be attached, also you need to configure Voice VLAN and QoS with trust boundries as per your requirement.

--

Regards

Sakun Sharma

Campus Design Wise, All applications are now centralized and ofcource AD, DHCP and DNS could fall in this category.

Voip you need to get the marking information from the service provider and inform then the QoS marking which you have ddone for VoiP. Normally ISP classify using their rules, hence they will prefer you to mark traffic in accordance with their policy.

Enabling CDP and trust boundary should be there and on top of that at WAN edge, ensure to have proper classification and marking in line with ISP..

regards

Prasad K

Hi,

I have find a document to implement a CE-PE-PE-CE :

https://learningnetwork.cisco.com/docs/DOC-3225

In my head (like your post sakun) and if I'm right :

  • The first CE is my first office router
  • The first PE is the ISP router on my first office using an SDSL line
  • The second PE is the ISP router on my second office using an SDSL line
  • The second CE is my second office router

I have trying to implement with GNS the configuration explained in the document below. But this configuration use BGP to distribute network topology on all routers. In my case it seem my network configuration is transparent for my ISP so I think this configuration is not suitable for me.

Do you kwow where I can find a configuration that matches my case without an EGP/IGP or just with an IGP like RIPv2 or OSPF ? Or just the name I must use to search...

Jerome

I think I have find a correct configuration :

https://learningnetwork.cisco.com/servlet/JiveServlet/previewBody/4618-102-1-13556/L2MPLS%20Vpn.pdf

But I search an IOS with a "xconnect encapsulation mpls" support...

Hi Jerome,

Yes you are right on this:

"In my head (like your post sakun) and if I'm right :

  • The first CE is my first office router
  • The first PE is the ISP router on my first office using an SDSL line
  • The second PE is the ISP router on my second office using an SDSL line
  • The second CE is my second office router

"

You can implement MPLS with EIGRP and RIP also, below are two basic configurations with example,

How to Setup MPLS Basic VPN on Customer Side using EIGRP and RIP:-

MPLS VPN support for EIGRP between Provider Edge (PE) and Customer Edge (CE) -

http://www.cisco.com/en/US/docs/ios/12_2t/12_2t15/feature/guide/fteipece.html

Configuring MPLS Basic VPN with RIP on Customer Side -

http://www.cisco.com/en/US/tech/tk436/tk428/technologies_configuration_example09186a008009445c.shtml

Hope you find both documents useful.

--

Regards

Sakun Sharma

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco