We have a Network on MPLS backbone with dual service provider.
There are 50 spoke location.
DC and DR location
Topology is hub and spoke with all sites accessing data hosted at primary DC.
ALso in case of disaster all the spoke sites will connect to DR site.
Servers at DR site are on unique IP and failover from DC to DR is taken care by BGP routing intelligence.
Aim is to give controlled internet access to all the spoke sites from DC and incase of failure internet should be available from DR site.
As per our design architecture we are planning to upgrade the last mile bandwidth and MPLS port of all spoke sites and central site MPLS port bandwidth to give integrated access on the same last mile for all the locations.
Both types of traffic private and public will ride on the same MPLS bancbone and come to the primary DC site CE router.
At CE router we will segreggate the traffic meant for datacentre and internet cloud.
We will also deploy firewall and separate internet router and proxy server for the proposed internet connectivity to control the spoke sites traffic.
Is this a good design.
Pls suggest with configuration on how are we going to achiecve this
Also currently we are using BGP between CE-PE --- it should take care of the global routing meant for Internet traffic by flooding default route across all the spoke sites
As per your post you are looking for the solution to route internet via DC and on failure via DR.
To do this you can inject default routes from both DC and DR. in doing this all the PE's in SP1 and SP2 will have 2 defaults in the VRF table for you. But only 1 would be installed based on regular BGP path selection process.
To manipulate and select default from DC you can change any BGP path attribute and make the DC default favourable over DR default.
I did not understand where you are doing PBR, but anyway PBR will work in sync with CEF without putting any load on you CPU since IOS 12.0. So you can run PBR whereever you are running it.
To answer is this a good design or not, more inputs would be required as the current diagram is insufficient with legends, and the logic behind the creation of 3 vlans in the diagram is not explained in the post.
Its not clear which site are you designating as spoke site, as the remote sites box has dual routers and dual connections.
Since a good design of a network is more of what your data flow and business needs are and then based upon it, the technical design should meet the requirements put forth and scale as well at the same time. Here if you agree we dont have any of those inputs as well.
With XR 4.2.0 the ASR9000 is releasing a new line of hardware models. This amongst others is the RSP440, the next generation RSP with faster switch fabric along with Typhoon based Linecards, the next generation network processor.
The Cisco EPN system incorporates a network architecture designed to consolidate multiples services on a single Multiprotocol Label Switching (MPLS) transport network. This network is designed primarily based on...
Internet security is important with the increasing attacks that are happening every day. Many internet and browsing security solutions exist, but some are not very easy to use or maybe the question is how can I enable them?