Routing between CEs will be directly controlled by the CE. Any of the CE can be treated as Hub, rest as spokes. Tunnel endpoints should be reachable using the direct path via physical intterace (not via tunnel). LAN subnets across each CE should be routed via tunnel.
IF you are specifically interested for ONLY PE-CE encrypted tunnel, you can use static P2P IPSEC tunnels between PE-CE. Traffic across the MPLS core will be unencrypted in this case. You'll need multiple encrypted tunnels per PE-CE connection. This configuration is rarely used and needed.
For end-to-end encrypted solution, you can look for GETVPN solution as well, it has more advntages and recommened in these type of private MPLS scenarios.
1. Introduction Internet security is important with the increasing
attacks that are happening every day. Many internet and browsing
security solutions exist, but some are not very easy to use or maybe the
question is how can I enable them? In this referen...
Cisco Software Manager Server API Guide This document describes the
programmatic interfaces, RESTful APIs, which are supported by Cisco
Software Manager Server (CSM Server). Overview CSM Server supports a set
of finite RESTful APIs. The first step to use ...
If you are using Cisco's new linux-based Cisco Software Manager server,
then you probably want to make sure there is a startup service for
it.I'll assume that you've already installed the CSM server on a
systemd-based linux system. The commands given belo...