I wonder how can we advertise same subnet from two different locations. Those two locations are connected to MPLS cloud and have back to back connection with each other running EIGRP. What are best practices? Using MED? and priotizing one of the locations..or by lowering the mask on one of them?What about /32 addresses.
Do you want to do Anycast IP or do you want the same subnet being reachable from two different location by the remote sites ?
I want same subnet to be reachable from two different locations by remote sites-yes. Some subnets or hosts exist on one site and same are on other site.Right now we advertise them with same route-map from two sites. After migration to MPLS I want advertise more specifics from one site and less specific from the other and vice versa for routes that exisit on the other side. I have problems with dividing them..like we advertise now several /24 subnets..how to make remote sites go to one location..lowering the subnet on backup site to /23? or using MED in BGP..what are best practices ?
Is it for backup purposes ? I mean do you want all your remote sites to reach the subnet based in location A and then re-route to location B if A is not available ?
If you are using L3VPN services, just tell your SP what you want to do and it should be able to support such routing policy. Only the remote PE will take the decision to which location send the traffic not the remote CE. The SP will play with BGP attribute in his backbone and may ask you to send the prefix with some tags/attributes depending which routing protocols you are sharing.
that may work..for example I'll mark my routes with different communities and he will prioritize basaed on that. But I wanted to have more control. For example we have a new subnet coming on one location so I just add that on my router than on backup..and should somehow priotize..like using MED. I'm still not sure what to do with /32 bit addresses.
For sure if you announce a subnet only from one CE, it will be the only return path from the remote PE point of view so you have the control but no backup path.
If you want a backup path, the same subnet needs to be announce by two different CEs. If you manage the CE, you can try AS-PREPEND to influence the returning path.
If you don't control the CE, you need to seat down with your SP representative so he could tell you how they can do that.
I don't know if you can help me here, I'm currently involved in designing a layer two service to a CE, which is running Multi-VRF configuration, but I only have on sub-interface to assign multiple VRF's for connectivity back to our datacentre. I know that I can run MPLS on the this interface and the datacentre interface, but if I have dual connectivity back to the datacentre, how can I manipulate the routing to have a primary and back up service?
Are you sure it's not possible to have a sub-interface per VRF between the CE and the DC ?
It's not just a question of running MPLS, you need in this case to build all the layers of a MPLS-VPN backbone.
It is possible, but we have to build a L2VPN for each vrf, which has a cost about it, so I'm exploring other solutions to reduce the costs.
So from a design view, we have effectively 4 PE's, connected in a square, L2VPN between Primary ASR DC router and Customer PE (CE) and Secondary ASR DC router and Customer Secondary PE (CE). There is layer 2 connectivity at the DC between the ASR's and at the customer PE's (CE).
If there isn't a solution, then I know how to complete the L2VPN per vrf solution, but I thought I'd try another solution.
I think a drawing would help here. I'm still confused with your design. You talked about 4x PEs and then about ASR and PE which are CE...
Please find attached the drawing, sorry about the confusion, but it should explain what we're trying to achieve.
One EVC (Ethernet Virtual Connection) running MPLS, several vrf's running at the two sites, connectivity between the sites is MPLS, however I need to manipulate the metrics to have a primary and secoundary setup.
Thanks for looking at this for me.
From your drawing, I understand the 2811 and the ASR are your CE routers right ? PE routers are not represented.
Subnets on both sites are different so why don't you go with L3VPN instead ? It will be easy to implement a nominal/backup routing policy.
Yes we did it by advertising a /23 from the other site....a null route with higher AD was used to generate this route for bgp advertisement.
Internally both locations could talk over private network with combination of ospf & eigrp.
The actual location advertised a longer prefix /24 that was preferred in MPLS Cloud.
During failure /23 from other site took over.