We have a Network on MPLS backbone with dual service provider.
There are 50 spoke location.
DC and DR location
Topology is hub and spoke with all sites accessing data hosted at primary DC.
ALso in case of disaster all the spoke sites will connect to DR site.
Servers at DR site are on unique IP and failover from DC to DR is taken care by BGP routing intelligence.
Aim is to give controlled internet access to all the spoke sites from DC and incase of failure internet should be available from DR site.
As per our design architecture we are planning to upgrade the last mile bandwidth and MPLS port of all spoke sites and central site MPLS port bandwidth to give integrated access on the same last mile for all the locations.
Both types of traffic private and public will ride on the same MPLS bancbone and come to the primary DC site CE router.
At CE router we will segreggate the traffic meant for datacentre and internet cloud.
We will also deploy firewall and separate internet router and proxy server for the proposed internet connectivity to control the spoke sites traffic.
Is this a good design.
Pls suggest with configuration on how are we going to achiecve this
Also currently we are using BGP between CE-PE --- it should take care of the global routing meant for Internet traffic by flooding default route across all the spoke sites
As per your post you are looking for the solution to route internet via DC and on failure via DR.
If you are looking for something specific please do elaborate the same.
To do this you can inject default routes from both DC and DR. in doing this all the PE's in SP1 and SP2 will have 2 defaults in the VRF table for you. But only 1 would be installed based on regular BGP path selection process.
To manipulate and select default from DC you can change any BGP path attribute and make the DC default favourable over DR default.
Deepak, since you want to decentralize internet access and centralize it via DC/DR the same solution mentioned i:e; injecting default from both your DC and DR within both MPLS VRF's provided by the 2 SP's. And you can increase the local preference of the DC so that it is installed in each PE in place of the DR default. When DC default is withdrawn, the traffic will switch on to the DR.
And its viable to serve internet and data on the last mile (i believe the last mile referred to is the PE-CE link) by having the default injected into the VRF.
This is somewhat similar to the way a SP provides internet access and intra VPN communication to end customers. Only difference is the default for the internet in your case is being injected by you rather than going for the SP internet service.
The Cisco EPN system incorporates a network architecture designed to consolidate multiples services on a single Multiprotocol Label Switching (MPLS) transport network. This network is designed primarily based on Application Engineered...
Internet security is important with the increasing attacks that are happening every day. Many internet and browsing security solutions exist, but some are not very easy to use or maybe the question is how can I enable them?
Cisco Software Manager Server
This document describes the programmatic interfaces, RESTful APIs, which are supported by Cisco Software Manager Server (CSM Server).
CSM Server supports a set of finite RESTful APIs. The fir...