11-23-2007 01:05 AM
Dear all,
Our head-office are currently have 1 Cisco CPE 3825 router with 2 WAN connections to our branches. We are now using static routing protocol in our network infrastructure, we consider how to implement the redundancy for networks by the redundant circuits connection to 2 MPLS providers, only when the primary connection to the primary MPLS L3 provider fail, the backup link to the second MPLS Layer 2 provider automatically active. Anybody knows where can I find information, tips or examples, how we'd handle the routing for that?
We are now have:
1 G0/1 interface connect to primary MPLS L3 Provider (the 2nd G0/2 interface is a leased-line connection to our partner, and we not consider here)
1 HWIC (layer 2) card, with 4 ports, which has interface F0/2/3 connected to the backup MPLS Layer 2 provider.
Thanks in advance.
PS: Current configuration : 3727 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Router
!
boot-start-marker
boot system flash c3825-entservicesk9-mz.123-11.T7.bin
boot-end-marker
!
logging buffered 4096 debugging
logging monitor xml
!
no aaa new-model
ip subnet-zero
ip cef
!
!
!
!
no ftp-server write-enable
!
!
no spanning-tree vlan 4
no spanning-tree vlan 5
interface GigabitEthernet0/1
description connect to VDC MPLS$ETH-WAN$
mtu 1480
ip address 222.x.x.66 255.255.255.252
ip flow ingress
ip flow egress
service-policy output SDM-QoS-Policy-1
ip route-cache flow
duplex auto
speed auto
media-type rj45
fair-queue 64 256 256
no cdp enable
interface FastEthernet0/2/0
switchport access vlan 2
no cdp enable
!
!
interface FastEthernet0/2/3
description ToTBToverFPT
switchport access vlan 5
no cdp enable
interface Vlan2
description CONNECT TO MPLS_VDC
ip address 192.168.201.9 255.255.248.0
!
interface Vlan5
description Connect to HoChiMinhCity
ip address 172.16.1.5 255.255.255.252
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 172.16.244.0 255.255.255.0 222.255.33.65
ip route 192.168.0.0 255.255.248.0 222.255.33.65
ip route 192.168.24.0 255.255.254.0 222.255.33.65
ip route 192.168.30.0 255.255.254.0 222.255.33.65
ip route 192.168.32.0 255.255.254.0 222.255.33.65
ip route 222.x.x.68 255.255.255.252 222.255.33.65
ip route 222.255.33.72 255.255.255.252 222.255.33.65
ip route 222.x.x.196 255.255.255.252 222.255.33.65
ip route 222.x.x.200 255.255.255.252 222.255.33.65
!
!
ip http server
ip http authentication local
no ip http secure-server
ip http max-connections 3
control-plane
!
!
line con 0
logging synchronous
stopbits 1
line aux 0
stopbits 1
line vty 0 4
password
login
transport input telnet
line vty 5 14
privilege level 15
password
login
transport input telnet
line vty 15
privilege level 15
password
login
transport input telnet
parser view SDM_Monitor
!
scheduler allocate 20000 1000
!
end
11-23-2007 04:18 AM
Hi,
If you have multiple MPLS ISP connected to your network best practice is to use BGO as PE-CE protocol. You can use weight attribute to instruct the traffic the primary path and secondr path. The path with more weight will be the primary and once it is down secondry will take place. hen primary will come up, it will again considered as primary dur to higher weight.
Regards
Vikas Sharma
11-24-2007 11:02 PM
Simplest way is to continue use static routes with next hop pointing to L3 MPLS ISP and use float static routes with next hops pointing to L3 vlan IPs in remote sites. Running routing protocols with L3 MPLS SP and over L2 circuit should work also by manipulating adminstrative distance and link cost etc.
11-26-2007 08:07 PM
Hi Mr jianqu,
Because of our customer now has 2 main central offices, and all other sub branches are now connected to each of these main central office via one primary full-meshed MPLS VPN of 1st Service Provider, so If I use the float static routes, and when there is a failure at one link at a CENTRAL CE Router to primary link to primary MPLS VPN Service Provider, but still there is no failure at the other site from a router CE sub branch with the the PE of the primary full-meshed MPLS VPN Layer 3 Service Provider,so It cannot cause a failover to a second redundant link of the 2nd Service Provider?
So with our system, do we only have one solution like this:
-Configure BGP as the routing protocol between the CE and the PE routers.
-Use local preference and Multi Exit Discriminator (MED) when running BGP inside a our customer VPN to select the primary and backup links.
-Use AS-override feature to support overlapping AS numbers between customer sites
11-26-2007 11:53 PM
Regarding static routes, if central CE router's link to primary MPLS would fail, how did you manage to work with static routes in the first place? You are absolutely right that using static routes would not detect the failure in your scenario in most cases.
You mentioned that each sites has two MPLS services one is L3 and the other is L2, in that case you can simply run BGP between CE-PE for L3 MPLS-VPN link, and run OSPF between sites over L2 MPLS-VPN link, BGP routes will be preferred because of lower administrative distance. You can also run OSPF between CE-PE and make L3 VPN the preferred path by manipulating link cost or OSPF area configuration.
Just wondering how does 2nd SP provide full-mesh L2 service, VPLS?
11-26-2007 08:11 PM
Hi Mr jianqu,
Because of our customer now has 2 main central offices, and all other sub branches are now connected to each of these main central office via one primary full-meshed MPLS VPN of 1st Service Provider, so If I use the float static routes, and when there is a failure at one link at a CENTRAL CE Router to primary link to primary MPLS VPN Service Provider, but still there is no failure at the other site from a router CE sub branch with the the PE of the primary full-meshed MPLS VPN Layer 3 Service Provider,so It cannot cause a failover to a second redundant link of the 2nd Service Provider?
So with our system, do we only have one solution like this:
-Configure BGP as the routing protocol between the CE and the PE routers.
-Use local preference and Multi Exit Discriminator (MED) when running BGP inside a our customer VPN to select the primary and backup links.
-Use AS-override feature to support overlapping AS numbers between customer sites
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide