VPN MPLS best practices to use it

Unanswered Question
Jul 23rd, 2011

Hello,

My company have subscribe a VPN MPLS to interconnect two sites. The ISP I have choose install one router on each side and set QoS on this link (70% VoIP, 20% Data and 10% access). On each side I have a DSL link for classic Internet access. I'm a newbie in VPN so I have some questions to integrate this link in my network.

1. I suppose this link is like an L2 and transport VLAN on each side ?

2. Is this possible/a good practice to centralize service like DHCP/DNS/AD on the central site ? I use Microsoft DHCP.

3. What is the settings I need to use for the VoIP part ?

If you have conf or example to help me, thanks.

Jerome

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
sakun.cisco Sat, 07/23/2011 - 05:25

Hi,

VPN MPLS can be implement on either Layer 2 and Layer 3. If Serial link or phone link is used then Layer 3 VPN MPLS is implemented or if Ethernet cable used then Layer 2.

In case of VPN MPLS your end routers at both sites which connect to ISP routers are knows as Customer Edge (CE) routers and ISP routers are known as Provider Edge (PE) routers.

For your network, PE routers will be invisible and direct relationship will be formed between your both CE routers. PE's will simply encapsulate your packet in MPLS packet and forward to other end's PE which will de-encapsulate MPLS packet and send to your CE router at that site.

In case of AD / DNS and DHCP its better you have servers at each site and syncronize those servers with each other over your VPN link, because it will not only require more bandwidth requirement also delay will be increased as compared to local network.

In case of VoIP firstly you need to enable CDP (if disabled) to discover phone on switch to which IP phone will be attached, also you need to configure Voice VLAN and QoS with trust boundries as per your requirement.

--

Regards

Sakun Sharma

prasad.gsmc Sat, 07/23/2011 - 05:57

Campus Design Wise, All applications are now centralized and ofcource AD, DHCP and DNS could fall in this category.

Voip you need to get the marking information from the service provider and inform then the QoS marking which you have ddone for VoiP. Normally ISP classify using their rules, hence they will prefer you to mark traffic in accordance with their policy.

Enabling CDP and trust boundary should be there and on top of that at WAN edge, ensure to have proper classification and marking in line with ISP..

regards

Prasad K

jquintard@actis... Tue, 07/26/2011 - 12:04

Hi,

I have find a document to implement a CE-PE-PE-CE :

https://learningnetwork.cisco.com/docs/DOC-3225

In my head (like your post sakun) and if I'm right :

  • The first CE is my first office router
  • The first PE is the ISP router on my first office using an SDSL line
  • The second PE is the ISP router on my second office using an SDSL line
  • The second CE is my second office router

I have trying to implement with GNS the configuration explained in the document below. But this configuration use BGP to distribute network topology on all routers. In my case it seem my network configuration is transparent for my ISP so I think this configuration is not suitable for me.

Do you kwow where I can find a configuration that matches my case without an EGP/IGP or just with an IGP like RIPv2 or OSPF ? Or just the name I must use to search...

Jerome

sakun.cisco Tue, 07/26/2011 - 19:40

Hi Jerome,

Yes you are right on this:

"In my head (like your post sakun) and if I'm right :

  • The first CE is my first office router
  • The first PE is the ISP router on my first office using an SDSL line
  • The second PE is the ISP router on my second office using an SDSL line
  • The second CE is my second office router

"

You can implement MPLS with EIGRP and RIP also, below are two basic configurations with example,

How to Setup MPLS Basic VPN on Customer Side using EIGRP and RIP:-

MPLS VPN support for EIGRP between Provider Edge (PE) and Customer Edge (CE) -

http://www.cisco.com/en/US/docs/ios/12_2t/12_2t15/feature/guide/fteipece.html

Configuring MPLS Basic VPN with RIP on Customer Side -

http://www.cisco.com/en/US/tech/tk436/tk428/technologies_configuration_example09186a008009445c.shtml

Hope you find both documents useful.

--

Regards

Sakun Sharma

Actions

Login or Register to take actions

This Discussion

Posted July 23, 2011 at 4:04 AM
Stats:
Replies:5 Avg. Rating:
Views:1104 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard